Lucene search
K

38 matches found

CVE
CVE
added 2026/05/27 8:37 a.m.17 views

CVE-2025-12686

CVE-2025-12686 is a stack-based buffer overflow in Synology BeeStation OS and BeeStation Manager’s AdminCenter/auth_info component prior to version 1.3.2-65648. The flaw arises from a buffer copy without proper input size checking, enabling remote code execution with high impact. Public sources (...

9.8CVSS7.8AI score0.02762EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:37 a.m.11 views

CVE-2025-12686

Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors...

9.8CVSS7.8AI score0.02762EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/27 8:37 a.m.10 views

CVE-2025-12686

Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors...

9.8CVSS7.8AI score0.02762EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 8:37 a.m.12 views

EUVD-2025-209957

Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in AdminCenter in Synology BeeStation Manager BSM before 1.3.2-65648 and Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors...

9.8CVSS7.8AI score0.02762EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 8:37 a.m.34 views

CVE-2025-12686

Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors...

9.8CVSS0.02762EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

Synology BeeStation OS 安全漏洞

Synology BeeStation OS is a private cloud storage and data management operating system developed by Synology, a Chinese company. Versions of Synology BeeStation OS prior to 1.3.2-65648 contained security vulnerabilities. These vulnerabilities were caused by a classic buffer overflow vulnerability...

9.8CVSS8AI score0.02762EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/12/19 12:0 a.m.5 views

Synology BeeStation (BSM) Multiple Vulnerabilities (Synology_SA_24_21) - Active Check

Synology BeeStation BSM is prone to multiple vulnerabilities in the Synology Drive Server. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...

7.5CVSS5.4AI score0.24866EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2025/12/18 12:0 a.m.38 views

Synology BeeStation (BSM) Multiple Vulnerabilities (Synology-SA-24:23) - Active Check

Synology BeeStation BSM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.8CVSS7.2AI score0.26952EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2025/11/27 12:0 a.m.4 views

Synology BeeStation / Synology BeeStation OS (BSM) Detection (HTTP)

HTTP based detection of Synology BeeStation and the underlying BeeStation OS BSM. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.5 views

PT-2025-46327

Name of the Vulnerable Software and Affected Versions Synology BeeStation OS versions prior to 1.3.2-65648 Description The Synology BeeStation OS contains a stack-based buffer overflow issue that allows for remote code execution. The flaw resides in the auth info component and can be exploited to...

10CVSS8.8AI score0.02762EPSS
Exploits0References25
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-54097

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.00352EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-54102

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.26952EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-54098

Malicious code in bioql PyPI...

9.8CVSS8.7AI score0.01146EPSS
Exploits1References2
Zero Day Initiative
Zero Day Initiative
added 2025/05/01 12:0 a.m.5 views

(Pwn2Own) Synology BeeStation BST150-4T Unnecessary Privileges Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of file commands. The specific flaw exists...

5.3CVSS4.7AI score0.00352EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/04/09 12:0 a.m.10 views

(Pwn2Own) Synology BeeStation BST150-4T Cleartext Transmission of Sensitive Information Vulnerability

This vulnerability allows network-adjacent attackers to spoof specific configuration values on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of configuration informatio...

4.3CVSS4.4AI score0.00352EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/04/09 12:0 a.m.4 views

(Pwn2Own) Synology BeeStation BST150-4T Improper Input Validation Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of tar archives. A crafted tar archive can...

7.5CVSS4.7AI score0.00352EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/04/09 12:0 a.m.29 views

(Pwn2Own) Synology BeeStation BST150-4T CRLF Injection Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of HTTP requests. The issue results...

6.5CVSS6.3AI score0.26952EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/04/09 12:0 a.m.2 views

(Pwn2Own) Synology BeeStation BST150-4T Improper Authentication Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the syncd authentication handler. The issue results from...

7.5CVSS6.7AI score0.22718EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/04/07 12:0 a.m.7 views

The vulnerability of the Synology BeeStation Manager (BSM), Synology DiskStation Manager (DSM), and Synology BeeStation OS lies in errors related to the certificate validation process. This allows attackers to create a limited number of arbitrary files.

The vulnerability of the Synology BeeStation Manager BSM, Synology DiskStation Manager DSM, and Synology BeeStation OS is related to errors in the certificate validation process. Exploiting this vulnerability allows a malicious actor to write a limited number of arbitrary files...

4.3CVSS6.2AI score0.00352EPSS
Exploits0References4Affected Software3
GithubExploit
GithubExploit
added 2025/04/01 8:27 a.m.367 views

Exploit for CVE-2024-10441

Improper Encoding or Escaping of Output CVE-2024-10441 O...

9.8CVSS8.4AI score0.01146EPSS
Exploits1
Rows per page
Query Builder