CVE-2025-1021 – Synology DiskStation Manager (DSM) File Disclosure

April 23, 2025

CVE ID : CVE-2025-1021

Published : April 23, 2025, 3:15 a.m. | 3 hours, 40 minutes ago

Description : Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46216 – Apache HTTP Server HTTP Request Smuggling

Next Article CVE-2021-4455 – “WordPress Smart Product Review Plugin File Upload Vulnerability”

Highlights

CVE-2025-49583 – XWiki Cross-Site Notification Vulnerability

June 13, 2025

CVE ID : CVE-2025-49583

Published : June 13, 2025, 5:15 p.m. | 51 minutes ago

Description : XWiki is a generic wiki platform. When a user without script right creates a document with an `XWiki.Notifications.Code.NotificationEmailRendererClass` object, and later an admin edits and saves that document, the email templates in this object will be used for notifications. No malicious code can be executed, though, as while these templates allow Velocity code, the existing generic analyzer already warns admins before editing Velocity code. The main impact would thus be to send spam, e.g., with phishing links to other users or to hide notifications about other attacks. Note that warnings before editing documents with dangerous properties have only been introduced in XWiki 15.9, before that version, this was a known issue and the advice was simply to be careful. This has been patched in XWiki 16.10.2, 16.4.7 and 15.10.16 by adding an analysis for the respective XClass properties.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

CVE-2025-1021 – Synology DiskStation Manager (DSM) File Disclosure

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-7393 – Drupal Mail Login Authentication Bypass

MSI Claw owners need to grab this Intel Arc GPU driver update to fix an irritating audio bug on their Windows 11 handhelds

Low-Fidelity Design: The Unsung Hero of UX/UI Magic

How to Implement a Service Worker with WorkBox in a Progressive Web App

Apache Parquet Java Vulnerability CVE-2025-46762 Exposes Systems to Remote Code Execution Attacks

CVE-2025-49583 – XWiki Cross-Site Notification Vulnerability

SaaS product QuickHub

CVE-2025-47578 – Twitter Follow Button Cross-site Scripting Vulnerability

Razer’s Minecraft collaboration has produced the best looking keyboard I’ve ever laid eyes on

CVE-2025-1021 – Synology DiskStation Manager (DSM) File Disclosure

Related Posts