VYPR

File Station

by Synology

CVEs (19)

  • CVE-2025-22484HigJun 6, 2025
    risk 0.46cvss epss 0.00

    An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type…

  • CVE-2018-8923MedJun 5, 2018
    risk 0.42cvss 6.5epss 0.01

    Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.

  • CVE-2017-15893MedDec 8, 2017
    risk 0.42cvss 6.5epss 0.02

    Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.

  • CVE-2025-62854Feb 11, 2026
    risk 0.00cvss epss 0.01

    An uncontrolled resource consumption vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following…

  • CVE-2025-62856Feb 11, 2026
    risk 0.00cvss epss 0.00

    A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the…

  • CVE-2025-53408Nov 7, 2025
    risk 0.00cvss epss 0.00

    A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version:…

  • CVE-2025-53413Nov 7, 2025
    risk 0.00cvss epss 0.00

    An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type…

  • CVE-2025-57706Nov 7, 2025
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the…

  • CVE-2025-29899Aug 29, 2025
    risk 0.00cvss epss 0.00

    An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type…

  • CVE-2025-29890Aug 29, 2025
    risk 0.00cvss epss 0.00

    An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type…

  • CVE-2025-29901Aug 26, 2025
    risk 0.00cvss epss 0.00

    A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version:…

  • CVE-2025-29885Jun 6, 2025
    risk 0.00cvss epss 0.00

    An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the…

  • CVE-2025-29883Jun 6, 2025
    risk 0.00cvss epss 0.00

    An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the…

  • CVE-2025-22486Jun 6, 2025
    risk 0.00cvss epss 0.00

    An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the…

  • CVE-2025-22490Jun 6, 2025
    risk 0.00cvss epss 0.00

    A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version:…

  • CVE-2020-2503Dec 24, 2020
    risk 0.00cvss epss 0.01

    If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.

  • CVE-2020-2496Dec 10, 2020
    risk 0.00cvss epss 0.01

    If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS…

  • CVE-2020-2495Dec 10, 2020
    risk 0.00cvss epss 0.01

    If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS…

  • CVE-2018-13288Apr 1, 2019
    risk 0.00cvss epss 0.01

    Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.