CVE-2025-13593

Same vendor

• CVE-2024-47273 — An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup Task functionality in Synology ... (4.3 MEDIUM)
• CVE-2024-47263 — An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup.Repository webapi component in ... (4.1 MEDIUM)
• CVE-2023-52951 — A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle... (5.9 MEDIUM)
• CVE-2022-49042 — An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before... (7.8 HIGH)
• CVE-2022-49036 — An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business... (7.8 HIGH)

Same CWE

• CVE-2026-12304 — Same-origin policy bypass in the Networking: Cookies component (9.1 CRITICAL)
• CVE-2026-47825 — Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios (8.6 HIGH)
• CVE-2026-9595 — Impact: When a user-configured proxy on webpack-dev-server has a broad context (e.g (5.3 MEDIUM)
• CVE-2026-11624 — The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent...
• CVE-2026-45173 — Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its...