CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 120 of 307 results
«« First « Prev Page 1 / 16 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2024-47273 An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users to write specific files via unspecified vectors. 4.3 0.28% 2026-06-03 2026-06-17
CVE-2024-47263 An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users with administrator privileges to write specific files containing non-sensitive information via unspecified vectors. 4.1 0.30% 2026-06-03 2026-06-17
CVE-2023-52951 A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential. 5.9 0.13% 2026-06-03 2026-06-17
CVE-2022-49042 An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via unspecified vectors. 7.8 0.12% 2026-06-03 2026-06-17
CVE-2022-49036 An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors. 7.8 0.12% 2026-06-03 2026-06-17
CVE-2026-2237 A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local users on Windows to obtain sensitive information. 6.2 0.09% 2026-05-27 2026-06-17
CVE-2025-66593 An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation. 6.1 0.09% 2026-05-27 2026-06-17
CVE-2025-66592 An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation. 6.1 0.09% 2026-05-27 2026-06-17
CVE-2025-30028 A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files. 8.6 0.37% 2026-05-27 2026-06-17
CVE-2025-14713 An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server. 7.5 0.47% 2026-05-27 2026-06-17
CVE-2025-13593 Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation. 6.1 0.09% 2026-05-27 2026-06-17
CVE-2025-13392 Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote attackers to bypass authentication with prior knowledge of the distinguished name (DN). 8.1 0.52% 2026-05-27 2026-06-17
CVE-2025-13167 Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors. 5.4 0.25% 2026-05-27 2026-06-17
CVE-2025-12686 Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors. 9.8 2.76% 2026-05-27 2026-06-17
CVE-2025-10466 Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information or conduct limited denial-of-service in SRM. 5.9 0.27% 2026-05-27 2026-06-17
CVE-2024-47272 Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors. 2.7 0.25% 2026-05-27 2026-06-17
CVE-2024-47271 Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors. 4.9 0.34% 2026-05-27 2026-06-17
CVE-2024-47270 Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors. 2.7 0.25% 2026-05-27 2026-06-17
CVE-2024-47269 Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors. 4.9 0.23% 2026-05-27 2026-06-17
CVE-2024-47268 Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors. 4.9 0.34% 2026-05-27 2026-06-17
«« First « Prev Page 1 / 16 Next »
cvelogic Threat Intelligence