cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-27617,https://securityvulnerability.io/vulnerability/CVE-2022-27617,Path Traversal Vulnerability in Synology Calendar Application,"A path traversal vulnerability exists in the webapi component of Synology Calendar prior to version 2.3.4-0631, enabling authenticated users to access and download arbitrary files from the server. This misconfiguration allows potential exploitation through unspecified vectors, posing significant risks to sensitive data integrity and privacy.",Synology,Synology Calendar,4.3,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-08-03T03:15:00.000Z,0
CVE-2022-22686,https://securityvulnerability.io/vulnerability/CVE-2022-22686,Cross-Site Request Forgery in Synology Calendar,"A Cross-Site Request Forgery (CSRF) vulnerability exists in the webapi component of Synology Calendar prior to version 2.3.4-0631. This flaw allows remote authenticated users to potentially hijack the authentication of administrators through unspecified methods, compromising the administration of the calendar service.",Synology,Synology Calendar,6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2022-07-26T02:15:00.000Z,0
CVE-2022-22682,https://securityvulnerability.io/vulnerability/CVE-2022-22682,Cross-site Scripting Vulnerability in Synology Calendar,"An input validation flaw in Synology Calendar versions prior to 2.4.5-10930 permits remote authenticated users to exploit the web application. By injecting arbitrary web scripts or HTML through specific vectors, attackers could potentially manipulate user sessions or steal sensitive information, compromising the integrity of user data.",Synology,Synology Calendar,6.5,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-07-12T07:15:00.000Z,0
CVE-2021-34812,https://securityvulnerability.io/vulnerability/CVE-2021-34812,,Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.,Synology,Synology Calendar,5.8,MEDIUM,0.0013200000394135714,false,,false,false,false,,,false,false,,2021-06-18T03:15:00.000Z,0
CVE-2017-15891,https://securityvulnerability.io/vulnerability/CVE-2017-15891,,Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.,Synology,Synology Calendar,6.5,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2017-12-08T16:29:00.000Z,0