Every CVE whose affected-product data names Synology Drive Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2024-50630 — CVSS 7.5 (high): Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699…
CVE-2024-50631 — CVSS 7.5 (high): Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in the system syncing daemon in Synology…
CVE-2018-8910 — CVSS 6.5 (medium): Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to…
CVE-2018-8921 — CVSS 6.5 (medium): Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated…
CVE-2018-8922 — CVSS 6.5 (medium): Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or…
CVE-2018-13297 — CVSS 5.3 (medium): Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain…