Synology has released a security advisory addressing two important vulnerabilities in its SSL VPN Client that could allow remote attackers to access sensitive files and expose locally stored PINs. Both flaws require user interaction—specifically, visiting a crafted web page while the vulnerable client is running—but their consequences range from quietly reading configuration files and certificates to enabling interception of VPN