Skip to main content

Download Station

12 CVEs product

Monthly

CVE-2025-58465 LOW Monitor

A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Download Station
NVD
CVSS 4.0
2.2
EPSS
0.1%
CVE-2025-58463 LOW Monitor

A relative path traversal vulnerability has been reported to affect Download Station. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Download Station
NVD
CVSS 4.0
2.3
EPSS
0.1%
CVE-2024-38640 HIGH This Week

A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Download Station
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2024-0354 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in unknown-o download-station up to 1.1.8.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Download Station
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2021-34811 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology SSRF Download Station
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-34810 HIGH This Week

Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology RCE Privilege Escalation Download Station
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-34809 HIGH This Week

Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology RCE Command Injection Download Station
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-33184 HIGH This Week

Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology SSRF Download Station
NVD
CVSS 3.1
7.7
EPSS
1.0%
CVE-2017-11156 HIGH This Week

Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Synology Privilege Escalation Download Station
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2017-11149 MEDIUM This Month

Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Synology Download Station
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2015-6913 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the "Create download task via URL" feature in Synology Download Station before 3.5-2967 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Synology Download Station
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-6909 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the "Create download task via file upload" feature in Synology Download Station before 3.5-2962 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Synology File Upload Download Station
NVD
CVSS 2.0
4.3
EPSS
0.5%
EPSS 0% CVSS 2.2
LOW Monitor

A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Download Station
NVD
EPSS 0% CVSS 2.3
LOW Monitor

A relative path traversal vulnerability has been reported to affect Download Station. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Download Station
NVD
EPSS 0% CVSS 7.0
HIGH This Week

A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Download Station
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability, which was classified as critical, has been found in unknown-o download-station up to 1.1.8.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Download Station
NVD VulDB
EPSS 1% CVSS 4.3
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology SSRF Download Station
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology RCE Privilege Escalation +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology RCE Command Injection +1
NVD
EPSS 1% CVSS 7.7
HIGH This Week

Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology SSRF Download Station
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Synology Privilege Escalation +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Synology Download Station
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the "Create download task via URL" feature in Synology Download Station before 3.5-2967 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Synology Download Station
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the "Create download task via file upload" feature in Synology Download Station before 3.5-2962 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Synology File Upload +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy