An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with…

A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in…

Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users…

Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to…

Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users…

Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified…

Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users…

Improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows…