Synology: >> Diskstation Manager >> 7.2 Security Vulnerabilities
A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files.
CVSS Score
8.6
EPSS Score
0.004
Published
2026-05-27
Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors.
CVSS Score
2.7
EPSS Score
0.002
Published
2026-05-27
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors.
CVSS Score
2.7
EPSS Score
0.003
Published
2026-05-27
Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors.
CVSS Score
4.9
EPSS Score
0.003
Published
2026-05-27
Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors.
CVSS Score
4.9
EPSS Score
0.002
Published
2026-05-27
Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors.
CVSS Score
2.7
EPSS Score
0.002
Published
2026-05-27
Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors.
CVSS Score
4.9
EPSS Score
0.003
Published
2026-05-27
A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions.
CVSS Score
6.3
EPSS Score
0.004
Published
2025-12-04
Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to read limited files via unspecified vectors.
CVSS Score
5.3
EPSS Score
0.212
Published
2025-03-19
Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors.
CVSS Score
10.0
EPSS Score
0.013
Published
2025-03-19
Page 1