Synology Carddav Server — known CVE vulnerabilities
Every CVE whose affected-product data names Synology Carddav Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2017-15887 — CVSS 9.8 (critical): An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085…
CVE-2022-27613 — CVSS 8.3 (high): Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV…
CVE-2018-8928 — CVSS 6.5 (medium): Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated…