cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-27611,https://securityvulnerability.io/vulnerability/CVE-2022-27611,Path Traversal Vulnerability in Synology Audio Station,"A path traversal vulnerability in the webapi component of Synology Audio Station versions prior to 6.5.4-3367 permits remote authenticated users to delete arbitrary files. This flaw arises from improper restrictions on pathname handling that could be exploited by attackers to manipulate file paths, leading to unauthorized file access and deletions. Effective measures need to be implemented to mitigate risks associated with this vulnerability.",Synology,Audio Station,5.4,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2022-07-28T08:15:00.000Z,0
CVE-2022-27612,https://securityvulnerability.io/vulnerability/CVE-2022-27612,Buffer Overflow Vulnerability in Synology Audio Station,"A buffer overflow vulnerability exists in the CGI component of Synology Audio Station prior to version 6.5.4-3367. This flaw can be exploited by remote attackers to execute arbitrary commands by leveraging unspecified vectors, posing significant security risks to affected systems.",Synology,Audio Station,7.3,HIGH,0.0010900000343099236,false,,false,false,false,,,false,false,,2022-07-28T07:15:00.000Z,0
CVE-2017-15888,https://securityvulnerability.io/vulnerability/CVE-2017-15888,,Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter.,Synology,Synology Audio Station,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2017-10-30T00:00:00.000Z,0
CVE-2015-9104,https://securityvulnerability.io/vulnerability/CVE-2015-9104,,Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title.,Synology,Audio Station,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2017-06-30T13:29:00.000Z,0