VYPR
Vendor

Aria

Products
1
CVEs
9
Across products
9
Status
Private

Products

1

Recent CVEs

9
  • CVE-2026-8367MedMay 13, 2026
    risk 0.31cvss 4.8epss 0.00

    aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.

  • CVE-2008-0332Jan 17, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in arias/help/effect.php in aria 0.99-6 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.

  • CVE-2022-24237Mar 21, 2022
    risk 0.02cvss epss 0.25

    The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands.

  • CVE-2022-24235Mar 21, 2022
    risk 0.00cvss epss 0.01

    A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors.

  • CVE-2022-24236Mar 21, 2022
    risk 0.00cvss epss 0.01

    An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users' accounts.

  • CVE-2010-1512May 17, 2010
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in aria2 before 1.9.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.

  • CVE-2009-3617Oct 20, 2009
    risk 0.00cvss epss 0.05

    Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a…

  • CVE-2009-3575Oct 7, 2009
    risk 0.00cvss epss 0.06

    Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2.0, and other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.

  • CVE-2006-1435Apr 3, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in genmessage.php in Accounting Receiving and Inventory Administration (ARIA) 0.99-6 allows remote attackers to inject arbitrary web script or HTML via the Message Field (message parameter).