VYPR

Drive Server

by Synology

CVEs (2)

  • CVE-2024-50631Mar 19, 2025
    risk 0.00cvss epss 0.25

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in the system syncing daemon in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to inject SQL commands, limited to write…

  • CVE-2024-50630Mar 19, 2025
    risk 0.00cvss epss 0.23

    Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to obtain administrator credentials via unspecified vectors.