GCVE - cpe:2.3:a:qnap_systems_inc.:download_station:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:qnap_systems_inc.:download_station:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Qnap Systems Inc. (`1f66ac1e-0889-51bf-b27f-24c7175e5920`)
Product	Download Station (`31681e8e-cef2-55fa-8c4b-79c415840477`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-58465`	vulnerable	2026-06-03 15:06:21.714877	Download Station A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: Download Station 5.10.0.305 ( 2025/09/16 ) and later Download Station 5.10.0.304 ( 2025/09/08 ) and later Published: 2025-11-07T15:09:31.301Z Updated: 2025-11-07T15:47:03.235Z Open on db.gcve.eu Reference links https://www.qnap.com/en/security-advisory/qsa-25-37	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-58463`	vulnerable	2026-06-03 15:06:21.707123	Download Station A relative path traversal vulnerability has been reported to affect Download Station. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: Download Station 5.10.0.305 ( 2025/09/16 ) and later Download Station 5.10.0.304 ( 2025/09/08 ) and later Published: 2025-11-07T15:10:42.856Z Updated: 2025-11-07T16:11:30.915Z Open on db.gcve.eu Reference links https://www.qnap.com/en/security-advisory/qsa-25-37	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-38640`	vulnerable	2026-06-03 14:56:19.181755	Download Station A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Download Station 5.8.6.283 ( 2024/06/21 ) and later Published: 2024-09-06T16:29:50.479Z Updated: 2024-09-06T16:57:49.449Z Open on db.gcve.eu Reference links https://www.qnap.com/en/security-advisory/qsa-24-35	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.