Total CVEs

141,272

Critical Severity

3,795

High Severity

13,729

Last 7 Days

1,898
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 9,661 - 9,680 of 37,677 CVEs
CVE-2025-14713 HIGH - 7.5

An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server.

Vendor: Synology
Product: C2 Identity Edge Server
Published: May 27, 2026
Source: NVD
CVE-2025-13593 MEDIUM - 6.1

Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation.

Vendor: Synology
Product: ActiveProtect Agent
Published: May 27, 2026
Source: NVD
CVE-2025-13392 HIGH - 8.1

Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote attackers to bypass authentication with prior knowledge of the distinguished name (DN).

Vendor: Synology
Product: DiskStation Manager (DSM)
Published: May 27, 2026
Source: NVD
CVE-2025-13167 MEDIUM - 5.4

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vector...

Vendor: Synology
Product: Synology Contacts
Published: May 27, 2026
Source: NVD
CVE-2025-12686 CRITICAL - 9.8

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation Manager (BSM) before 1.3.2-65648 and Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors.

Vendor: Synology
Product: BeeStation Manager (BSM), BeeStation OS
Published: May 27, 2026
Source: NVD
CVE-2025-10466 MEDIUM - 5.9

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information o...

Vendor: Synology
Product: Safe Access
Published: May 27, 2026
Source: NVD

Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors.

Vendor: Synology
Product: Surveillance Station
Published: May 27, 2026
Source: NVD
CVE-2024-47271 MEDIUM - 4.9

Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors.

Vendor: Synology
Product: Surveillance Station
Published: May 27, 2026
Source: NVD

Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors.

Vendor: Synology
Product: Surveillance Station
Published: May 27, 2026
Source: NVD
CVE-2024-47269 MEDIUM - 4.9

Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors.

Vendor: Synology
Product: Surveillance Station
Published: May 27, 2026
Source: NVD
CVE-2024-47268 MEDIUM - 4.9

Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors.

Vendor: Synology
Product: Surveillance Station
Published: May 27, 2026
Source: NVD

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecif...

Vendor: Synology
Product: Surveillance Station
Published: May 27, 2026
Source: NVD
CVE-2024-11399 MEDIUM - 6.8

Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to conduct denial-of-service attacks via unspecified vectors.

Vendor: Synology
Product: BeeDrive for desktop
Published: May 27, 2026
Source: NVD
CVE-2023-52945 HIGH - 7.8

Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors.

Vendor: Synology
Product: BeeDrive for desktop
Published: May 27, 2026
Source: NVD
CVE-2026-8942 MEDIUM - 4.3

The MetaMagic SEO Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the metamagic_update_options function. This makes it possible for unauthenticated attackers to modify the plugi...

Published: May 27, 2026
Source: NVD
CVE-2026-8906 MEDIUM - 6.1

The WP Promoter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via...

Published: May 27, 2026
Source: NVD
CVE-2026-8832 HIGH - 8.8

The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code Manager plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.3.5 This is due to the 'wpcode' custom post type being registered without a custom capability_type or capa...

Published: May 27, 2026
Source: NVD
CVE-2026-8143 HIGH - 7.2

The HBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hb_country_iso', 'hb_usa_state_iso', and 'hb_canada_province_iso' parameters in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This...

Published: May 27, 2026
Source: NVD
CVE-2026-8042 MEDIUM - 6.4

The Github Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'repo' shortcode attribute in the 'github' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for aut...

Published: May 27, 2026
Source: NVD
CVE-2026-7618 MEDIUM - 4.9

The EnvĂ­aloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on th...

Published: May 27, 2026
Source: NVD