Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.0 HIGH
CVE-2026-40828 — Authenticated SQLi in DeleteSysLogEntry function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE comma…

Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.0 HIGH
CVE-2026-40827 — Authenticated SQLi in _RemoveRequest function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command …

Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
6.2 MEDIUM
CVE-2026-2237 — Synology Storage Manager Sensitive Information Disclosure

A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local attackers to obtain sensitive informatio…

| Information Disclosure
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
6.1 MEDIUM
CVE-2025-66593 — Synology Assistant Origin Validation Error File Write Vulnerability

An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content during installation.

| Misconfiguration
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
6.1 MEDIUM
CVE-2025-66592 — Synology Active Backup for Business Agent Local File Write Vulnerability

An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content during installation.

| Misconfiguration
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.1 HIGH
CVE-2025-52747 — WordPress Themebox - Digital Products Ecommerce theme <= 1.4.2 - Cross Site Scripting (XS…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jthemes Themebox - Digital Products Ecommerce allows Reflected XSS. This issue affects Themebox …

Remote | Cross-Site Scripting
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
8.6 HIGH
CVE-2025-30028 — QNAP Active Backup for Business File Disclosure Vulnerability

A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files.

Remote | Path Traversal
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.1 HIGH
CVE-2025-22741 — WordPress Felan Framework plugin <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerab…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RiceTheme Felan Framework allows Reflected XSS. This issue affects Felan Framework: from n/a thr…

Remote | Cross-Site Scripting
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.5 HIGH
CVE-2025-14713 — "Synology C2 Identity Edge Server Exposed Credentials Remote Vulnerability"

An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server.

Remote | Information Disclosure
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
6.1 MEDIUM
CVE-2025-13593 — Synology ActiveProtect Agent File Write Vulnerability

Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content when installing.

| Misconfiguration
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
8.1 HIGH
CVE-2025-13392 — Synology DiskStation Manager (DSM) Distinguished Name Authentication Bypass

Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote atta…

Remote | Authentication
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
5.4 MEDIUM
CVE-2025-13167 — Synology Contacts Cross-site Scripting Vulnerability

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users …

Remote | Cross-Site Scripting
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
9.8 CRITICAL
CVE-2025-12686 — Synology BeeStation Manager AdminCenter Buffer Overflow Vulnerability

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation Manager (BSM) before 1.3.2-65648 and Synology BeeStation OS before 1.3.2-656…

Remote | Memory Corruption
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
5.9 MEDIUM
CVE-2025-10466 — Synology Safe Access Cross-site Scripting Vulnerability

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with admi…

Remote | Cross-Site Scripting
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
2.7 LOW
CVE-2024-47272 — Synology Surveillance Station Authorization Bypass

Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to …

Remote | Authorization
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
4.9 MEDIUM
CVE-2024-47271 — Synology Surveillance Station Credentials Exposure Vulnerability

Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privi…

Remote | Information Disclosure
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
2.7 LOW
CVE-2024-47270 — Synology Surveillance Station Permission Preservation Vulnerability

Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administra…

Remote | Authorization
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
4.9 MEDIUM
CVE-2024-47269 — Synology Surveillance Station Sensitive Information Disclosure

Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with adm…

Remote | Cryptography
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
4.9 MEDIUM
CVE-2024-47268 — Synology Surveillance Station Missing Authorization Vulnerability

Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtai…

Remote | Authorization
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
2.7 LOW
CVE-2024-47267 — Synology Surveillance Station Path Traversal

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows …

Remote | Path Traversal
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
Showing 20 of 6184 Results