Synology Safe Access vulnerabilities
3 known vulnerabilities affecting synology/safe_access.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2020-27660P2CRITICALCVSS 9.8≥ unspecified, < 1.2.3-02342020-11-30
CVE-2020-27660 [CRITICAL] CWE-89 CVE-2020-27660: SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote at
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
nvd
CVE-2020-27659P4MEDIUMCVSS 4.8≥ unspecified, < 1.2.3-02342020-11-30
CVE-2020-27659 [MEDIUM] CWE-79 CVE-2020-27659: Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow r
Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.
nvd
CVE-2025-10466P4MEDIUMCVSS 5.9fixed in 1.3.1-0329≥ *, < 1.3.1-03292026-05-27
CVE-2025-10466 [MEDIUM] CWE-79 CVE-2025-10466: Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability i
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information or conduct limited denial-of-service in SRM.
nvd