cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-27617,https://securityvulnerability.io/vulnerability/CVE-2022-27617,Path Traversal Vulnerability in Synology Calendar Application,"A path traversal vulnerability exists in the webapi component of Synology Calendar prior to version 2.3.4-0631, enabling authenticated users to access and download arbitrary files from the server. This misconfiguration allows potential exploitation through unspecified vectors, posing significant risks to sensitive data integrity and privacy.",Synology,Synology Calendar,4.3,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-08-03T03:15:00.000Z,0
CVE-2022-22686,https://securityvulnerability.io/vulnerability/CVE-2022-22686,Cross-Site Request Forgery in Synology Calendar,"A Cross-Site Request Forgery (CSRF) vulnerability exists in the webapi component of Synology Calendar prior to version 2.3.4-0631. This flaw allows remote authenticated users to potentially hijack the authentication of administrators through unspecified methods, compromising the administration of the calendar service.",Synology,Synology Calendar,6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2022-07-26T02:15:00.000Z,0
CVE-2022-22682,https://securityvulnerability.io/vulnerability/CVE-2022-22682,Cross-site Scripting Vulnerability in Synology Calendar,"An input validation flaw in Synology Calendar versions prior to 2.4.5-10930 permits remote authenticated users to exploit the web application. By injecting arbitrary web scripts or HTML through specific vectors, attackers could potentially manipulate user sessions or steal sensitive information, compromising the integrity of user data.",Synology,Synology Calendar,6.5,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-07-12T07:15:00.000Z,0
CVE-2021-34812,https://securityvulnerability.io/vulnerability/CVE-2021-34812,,Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.,Synology,Synology Calendar,5.8,MEDIUM,0.0013200000394135714,false,,false,false,false,,,false,false,,2021-06-18T03:15:00.000Z,0
CVE-2019-11825,https://securityvulnerability.io/vulnerability/CVE-2019-11825,,Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter.,Synology,Calendar,6.5,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-06-30T00:00:00.000Z,0
CVE-2019-11829,https://securityvulnerability.io/vulnerability/CVE-2019-11829,,OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header.,Synology,Calendar,7.3,HIGH,0.0011699999449774623,false,,false,false,false,,,false,false,,2019-06-30T00:00:00.000Z,0
CVE-2019-11820,https://securityvulnerability.io/vulnerability/CVE-2019-11820,,Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline.,Synology,Calendar,5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-05-09T00:00:00.000Z,0
CVE-2018-13299,https://securityvulnerability.io/vulnerability/CVE-2018-13299,,Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.,Synology,Calendar,4.3,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2019-04-01T15:29:00.000Z,0
CVE-2018-8927,https://securityvulnerability.io/vulnerability/CVE-2018-8927,,Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.,Synology,Calendar,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2018-06-14T00:00:00.000Z,0
CVE-2018-8915,https://securityvulnerability.io/vulnerability/CVE-2018-8915,,Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.,Synology,Calendar,6.5,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2018-05-10T00:00:00.000Z,0
CVE-2017-15891,https://securityvulnerability.io/vulnerability/CVE-2017-15891,,Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.,Synology,Synology Calendar,6.5,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2017-12-08T16:29:00.000Z,0