cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-27613,https://securityvulnerability.io/vulnerability/CVE-2022-27613,SQL Injection Vulnerability in Synology CardDAV Server,"The webapi component of Synology CardDAV Server prior to version 6.0.10-0153 has a vulnerability that allows remote authenticated users to execute malicious SQL commands through improper handling of special elements in SQL statements. This flaw poses a serious risk as it can lead to unauthorized data access and manipulation, thereby compromising the integrity and confidentiality of the underlying database.",Synology,Carddav Server,8.3,HIGH,0.0006799999973736703,false,,false,false,false,,,false,false,,2022-07-28T07:15:00.000Z,0
CVE-2018-8928,https://securityvulnerability.io/vulnerability/CVE-2018-8928,,"Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name parameter.",Synology,Carddav Server,6.5,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2018-07-05T00:00:00.000Z,0
CVE-2017-15887,https://securityvulnerability.io/vulnerability/CVE-2017-15887,,An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack.,Synology,Synology Carddav Server,9.8,CRITICAL,0.0011099999537691474,false,,false,false,false,,,false,false,,2017-11-07T15:29:00.000Z,0