Security Vulnerabilities
IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-05-27
A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers (URIs), a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks this link, the client application might incorrectly prioritize attacker-controlled information over legitimate data. This vulnerability, known as HTTP parameter pollution, could allow an attacker to bypass security measures or gain unauthorized access to resources.
CVSS Score
4.2
EPSS Score
0.001
Published
2026-05-27
The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites.
CVSS Score
9.3
EPSS Score
0.001
Published
2026-05-27
A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files.
CVSS Score
8.6
EPSS Score
0.001
Published
2026-05-27
An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-05-27
An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-05-27
A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local users on Windows to obtain sensitive information.
CVSS Score
6.2
EPSS Score
0.0
Published
2026-05-27
Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors.
CVSS Score
2.7
EPSS Score
0.0
Published
2026-05-27
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information or conduct limited denial-of-service in SRM.
CVSS Score
5.9
EPSS Score
0.0
Published
2026-05-27
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.003
Published
2026-05-27