Diskstation Manager CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (130 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-13167	1 Synology	3 Contacts, Diskstation Manager, Synology Contacts	2026-05-29	5.4 Medium
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors.
CVE-2024-47267	1 Synology	2 Diskstation Manager, Surveillance Station	2026-05-28	2.7 Low
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors.
CVE-2024-47268	1 Synology	2 Diskstation Manager, Surveillance Station	2026-05-28	4.9 Medium
Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors.
CVE-2024-47269	1 Synology	2 Diskstation Manager, Surveillance Station	2026-05-28	4.9 Medium
Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors.
CVE-2024-47270	1 Synology	2 Diskstation Manager, Surveillance Station	2026-05-28	2.7 Low
Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors.
CVE-2024-47271	1 Synology	2 Diskstation Manager, Surveillance Station	2026-05-28	4.9 Medium
Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors.
CVE-2024-47272	1 Synology	2 Diskstation Manager, Surveillance Station	2026-05-28	2.7 Low
Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors.
CVE-2017-5753	14 Arm, Canonical, Debian and 11 more	396 Cortex-a12, Cortex-a12 Firmware, Cortex-a15 and 393 more	2026-05-28	5.6 Medium
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2024-47264	1 Synology	3 Active Backup For Business, Active Backup For Business Agent, Diskstation Manager	2026-02-26	4.9 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in agent-related functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to delete arbitrary files via unspecified vectors.
CVE-2024-47265	1 Synology	3 Active Backup For Business, Active Backup For Business Agent, Diskstation Manager	2026-02-26	6.5 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users to write specific files via unspecified vectors.
CVE-2024-47266	1 Synology	3 Active Backup For Business, Active Backup For Business Agent, Diskstation Manager	2026-02-26	2.7 Low
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in share file list functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to read specific files containing non-sensitive information via unspecified vectors.
CVE-2018-1160	3 Debian, Netatalk, Synology	7 Debian Linux, Netatalk, Diskstation Manager and 4 more	2026-02-13	9.8 Critical
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
CVE-2025-2848	1 Synology	2 Diskstation Manager, Mail Server	2026-02-09	6.3 Medium
A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions.
CVE-2024-10442	2 Syncology, Synology	5 Replication Service, Diskstation Manager, Diskstation Manager Unified Controller and 2 more	2026-01-16	10 Critical
Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors.
CVE-2024-45538	1 Synology	2 Diskstation Manager, Diskstation Manager Unified Controller	2025-12-05	9.6 Critical
Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2024-45539	1 Synology	2 Diskstation Manager, Diskstation Manager Unified Controller	2025-12-05	7.5 High
Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors.
CVE-2024-5401	1 Synology	2 Diskstation Manager, Diskstation Manager Unified Controller	2025-12-05	4.3 Medium
Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager (DSM) before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote authenticated users to obtain privileges without consent via unspecified vectors.
CVE-2025-1021	1 Synology	1 Diskstation Manager	2025-11-17	7.5 High
Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2024-10441	1 Synology	2 Beestation Os, Diskstation Manager	2025-11-17	9.8 Critical
Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2024-10444	1 Synology	1 Diskstation Manager	2025-11-17	7.5 High
Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows man-in-the-middle attackers to hijack the authentication of administrators via unspecified vectors.

Page 1 of 7. next last »