cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-34810,https://securityvulnerability.io/vulnerability/CVE-2021-34810,,Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.,Synology,Download Station,9.9,CRITICAL,0.0006799999973736703,false,,false,false,false,,,false,false,,2021-06-18T03:15:00.000Z,0
CVE-2021-34811,https://securityvulnerability.io/vulnerability/CVE-2021-34811,,Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors.,Synology,Download Station,5,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-06-18T03:15:00.000Z,0
CVE-2021-34809,https://securityvulnerability.io/vulnerability/CVE-2021-34809,,Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.,Synology,Download Station,9.9,CRITICAL,0.0006799999973736703,false,,false,false,false,,,false,false,,2021-06-18T03:15:00.000Z,0
CVE-2021-33184,https://securityvulnerability.io/vulnerability/CVE-2021-33184,,Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors.,Synology,Synology Download Station,7.7,HIGH,0.000590000010561198,false,,false,false,false,,,false,false,,2021-06-01T14:15:00.000Z,0
CVE-2017-11149,https://securityvulnerability.io/vulnerability/CVE-2017-11149,,Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI.,Synology,Synology Download Station,6.5,MEDIUM,0.0005499999970197678,false,,false,false,false,,,false,false,,2017-08-14T19:29:00.000Z,0
CVE-2017-11156,https://securityvulnerability.io/vulnerability/CVE-2017-11156,,"Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.",Synology,Synology Download Station,7.8,HIGH,0.005169999785721302,false,,false,false,false,,,false,false,,2017-08-14T19:29:00.000Z,0
CVE-2015-6909,https://securityvulnerability.io/vulnerability/CVE-2015-6909,,"Cross-site scripting (XSS) vulnerability in the ""Create download task via file upload"" feature in Synology Download Station before 3.5-2962 allows remote attackers to inject arbitrary web script or HTML via the name element in the Info dictionary in a torrent file.",Synology,Download Station,,,0.0036700000055134296,false,,false,false,false,,,false,false,,2015-09-11T16:00:00.000Z,0
CVE-2015-6913,https://securityvulnerability.io/vulnerability/CVE-2015-6913,,"Cross-site scripting (XSS) vulnerability in the ""Create download task via URL"" feature in Synology Download Station before 3.5-2967 allows remote attackers to inject arbitrary web script or HTML via the urls parameter in an add_url_task action to dlm/downloadman.cgi.",Synology,Download Station,,,0.003800000064074993,false,,false,false,false,,,false,false,,2015-09-11T16:00:00.000Z,0