18647 matches found
EUVD-2025-201176
A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files...
CVE-2025-29843
A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files...
CVE-2025-29843
CVE-2025-29843 describes a vulnerability in Synology FileStation thumb CGI within Synology Router Manager (SRM) that allows remote authenticated users to read and write image files. The affected component is FileStation thumb CGI; root cause details are not provided beyond the CGI exposure. Docum...
CVE-2024-5401
CVE-2024-5401 affects Synology DiskStation Manager (DSM) WebAPI and Synology Unified Controller (DSMUC). The vulnerability is described as an improper control of dynamically-managed code resources in the WebAPI component, allowing remote authenticated users to obtain privileges without consent vi...
CVE-2024-5401
Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...
Synology Router Manager 路径遍历漏洞
Synology Router Manager SRM is a software used to configure and manage Synology routers from China-based Synology. A path traversal vulnerability exists in Synology Router Manager SRM, which originates from the FileStation file cgi that allows remote authenticated users to read file metadata and...
Synology Router Manager 路径遍历漏洞
Synology Router Manager SRM is a software used to configure and manage Synology routers from China-based Synology. A path traversal vulnerability exists in Synology Router Manager SRM, which originates from a remote authenticated user being able to read .srt files...
Synology Router Manager 路径遍历漏洞
Synology Router Manager SRM is a software used to configure and manage Synology routers from China-based Synology. A path traversal vulnerability exists in Synology Router Manager SRM, which originates from a remote authenticated user being able to obtain the status of an installed package...
CVE-2025-59369
A SQL injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary SQL queries, leading to unauthorized data access. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security...
CVE-2025-59371
An authentication bypass vulnerability has been identified in the IFTTT integration feature. A remote, authenticated attacker could leverage this vulnerability to potentially gain unauthorized access to the device. This vulnerability does not affect Wi-Fi 7 series models. Refer to the 'Security...
CVE-2025-59370
A command injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary commands, leading to the device executing unintended instructions. Refer to the 'Security Update for ASUS Router Firmware' section on...
CVE-2025-36357
IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system...
CVE-2025-36357
IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system...
CVE-2025-36357
IBM Planning Analytics Local (Workspace) versions 2.1.0–2.1.14 are affected by a directory traversal vulnerability that allows a remote authenticated user to view, read, or write arbitrary files by sending crafted URLs containing absolute path sequences. The issue is caused by improper handling o...
CVE-2025-36357 IBM Planning Analytics Local Directory Traversal
IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system...
HP Integrated Lights-Out Information Disclosure (CVE-2013-4843)
Unspecified vulnerability in HP Integrated Lights-Out 4 iLO4 with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
HP Integrated Lights-Out Denial of Service (CVE-2015-5435)
Unspecified vulnerability in HP Integrated Lights-Out iLO firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
CVE-2025-53410
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...
CVE-2025-53410
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...
CVE-2025-47207
A NULL pointer dereference vulnerability has been reported to affect several product versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: File Statio...