Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Vulnrichment
Vulnrichmentadded yesterday3 views

CVE-2024-47263

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users with administrator privileges to write specific files containing non-sensitive informati...

4.1CVSS5.8AI score
Exploits0References1
OSV
OSVadded 2025/12/04 3:15 p.m.2 views

CVE-2024-5401

Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...

8.8CVSS5.9AI score0.00054EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/12/04 2:20 p.m.2 views

CVE-2024-5401

Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...

4.3CVSS6.6AI score0.00054EPSS
Exploits0References1
Veracode
Veracodeadded 2025/05/29 2:35 a.m.6 views

Prototype Pollution

Docarray is vulnerable to prototype pollution. The vulnerability is due to lack of input sanitization in the getitem function of torchdataset.py in the Web API component, allows an attacker to remotely manipulate object prototypes...

8.8CVSS6.6AI score0.00385EPSS
Exploits1References6Affected Software1
OpenVAS
OpenVASadded 2024/11/12 12:0 a.m.3 views

Synology DiskStation Manager (DSM) File Disclosure Vulnerability (Synology-SA-24:20) - Remote Known Vulnerable Versions Check

Synology DiskStation Manager DSM is prone to a file disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.3CVSS6.7AI score0.02935EPSS
Exploits0References3
OSV
OSVadded 2022/08/03 3:15 a.m.1 views

CVE-2022-27618

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors...

6.5CVSS5.9AI score
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2022/07/28 3:34 p.m.2 views

CVE-2022-27616

Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in webapi component in Synology DiskStation Manager DSM before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

7.2CVSS6.2AI score0.01623EPSS
Exploits0References2
CNNVD
CNNVDadded 2022/07/28 12:0 a.m.3 views

Synology CardDAV Server SQL注入漏洞

Synology CardDAV Server is a contact management package from Synology China. It allows you to synchronize and access the address book on Synology NAS. A SQL injection vulnerability exists in Synology CardDAV Server versions prior to 6.0.10-0153, which stems from improper elimination of special...

8.8CVSS8.2AI score0.00575EPSS
Exploits0References2
Rows per page
Query Builder