SafeAccess

CVEs (3)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-10466	Synology SafeAccess	Med	0.38	5.9	—	May 27, 2026	Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive…
CVE-2020-27660	Synology SafeAccess		0.00	—	0.02	Nov 30, 2020	SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
CVE-2020-27659	Synology SafeAccess		0.00	—	0.00	Nov 30, 2020	Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.

CVE-2025-10466MedMay 27, 2026
Synology
SafeAccess
risk 0.38cvss 5.9epss —
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive…
CVE-2020-27660Nov 30, 2020
Synology
SafeAccess
risk 0.00cvss —epss 0.02
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
CVE-2020-27659Nov 30, 2020
Synology
SafeAccess
risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.