CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/01/10 3:5 a.m.•2 views

CVE-2025-65090 XWiki Full Calendar Macro vulnerable to data leak through Calendar.JSONService

XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.6, users with the rights to view the Calendar.JSONService page including guest users can exploit the data leak vulnerability by accessing database info, with the exception of passwords. This issue has...

5.3CVSS6.6AI score0.00034EPSS

Exploits0References5

EUVD•added 2026/01/10 3:5 a.m.•2 views

EUVD-2026-1700

5.3CVSS6.2AI score0.00034EPSS

OSV•added 2026/01/09 6:41 p.m.•2 views

GHSA-2G22-WG49-FGV5 XWiki Full Calendar Macro vulnerable to SQL injection through Calendar.JSONService

Impact Anyone who has view rights on the Calendar.JSONService page, including guest users can exploit this vulnerability by accessing database info or starting a DoS attack. Workarounds Remove the Calendar.JSONService page. This will however break some functionalities. References Jira issue:...

10CVSS7.9AI score0.00159EPSS

Github Security Blog•added 2026/01/09 6:41 p.m.•9 views

XWiki Full Calendar Macro vulnerable to SQL injection through Calendar.JSONService

10CVSS8AI score0.00159EPSS

Exploits0References4Affected Software1

vulnersOsv•added 2025/09/17 12:31 a.m.•2 views

com.liferay:com.liferay.calendar.service (>=2.2.0 <=2.5.7), com.liferay:com.liferay.document.library.service (>=1.0.0 <=2.0.6) +10 more potentially affected by CVE-2025-43804 via com.liferay:com.liferay.portal.search (>=1.0.0 <=8.0.113)

com.liferay:com.liferay.portal.search MAVEN version =1.0.0, =2.2.0, =1.0.0, =1.1.29, =1.1.0, =1.0.0, =1.0.10, =3.4.9, =1.0.0, =2.0.5, =1.0.0, =1.2.2, =2.1.2, =2.1.11 Source cves: CVE-2025-43804 Source advisory: OSV:GHSA-CCRC-5VP5-VP5J...

6.1CVSS5.8AI score0.00045EPSS

Exploits0

Tenable Nessus•added 2025/09/03 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2024-33996

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have...

6.2CVSS5.5AI score0.00175EPSS

Snyk•added 2025/08/19 9:30 p.m.•3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the calendar implementation. An attacker can obtain access to other users' calendars and their names by sending crafted requests, which may enable further targeted attacks such as phishing. Remediation Upgrade...

5.3CVSS6.9AI score0.00081EPSS

Snyk•added 2025/08/19 3:31 p.m.•1 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the calendar portlet. An attacker can alter the content of emails sent to other users by leveraging authenticated access, potentially enabling the distribution of deceptive messages within the same organization...

5.3CVSS6.8AI score0.00093EPSS

vulnersOsv•added 2025/08/19 3:31 p.m.•2 views

com.liferay:com.liferay.calendar.web (>=1.0.0 <=1.0.53), com.liferay:com.liferay.calevent.importer (>=1.0.0 <=1.0.11) potentially affected by CVE-2025-43739 via com.liferay:com.liferay.calendar.service (>=1.0.0 <=2.4.0)

com.liferay:com.liferay.calendar.service MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.11 Source cves: CVE-2025-43739 Source advisory: OSV:GHSA-7MXQ-H2R7-H449...

5.3CVSS5.8AI score0.00093EPSS

Exploits0

OSV•added 2025/08/18 8:14 a.m.•2 views

BIT-SUITECRM-2025-54786 SuiteCRM: Legacy iCal service allows unauthenticated access to meeting data

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 7.14.6 and 8.8.0, the broken authentication in the legacy iCal service allows unauthenticated access to meeting data. An unauthenticated actor can view any user's meeting calendar...

5.3CVSS7.3AI score0.0018EPSS

Exploits0References3

RedhatCVE•added 2025/08/08 11:33 p.m.•3 views

CVE-2025-54786

5.3CVSS7AI score0.0018EPSS

OSV•added 2025/08/06 11:23 p.m.•2 views

CVE-2025-54786 SuiteCRM: Legacy iCal service allows unauthenticated access to meeting data

5.3CVSS7AI score0.0018EPSS

UbuntuCve•added 2024/05/31 8:15 p.m.•15 views

CVE-2024-33996

Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to...

6.2CVSS5.9AI score0.00175EPSS

CNNVD•added 2021/11/16 12:0 a.m.•1 views

Moodle 权限许可和访问控制问题漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. moodle has a permission permission and access control issue vulnerability that stems from insufficient detection of functionality in t...

5.3CVSS5.6AI score0.00158EPSS

NVD•added 2018/03/27 9:29 a.m.•14 views

CVE-2017-12310

A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attac...

7.5CVSS7.4AI score0.00273EPSS

Vulnrichment•added 2018/03/27 9:0 a.m.•10 views

CVE-2017-12310

6.5AI score0.00273EPSS

CNVD•added 2017/10/30 12:0 a.m.•3 views

Cisco Spark Hybrid Calendar Service Information Disclosure Vulnerability

The Cisco Spark Hybrid Calendar Service connects the local Microsoft Exchange calendar to the Cisco Spark cloud for installing meeting times. Cisco Spark Hybrid Calendar Service Information Disclosure Vulnerability. An unauthenticated, remote attacker views the unencrypted header information of a...

7.5CVSS7.1AI score0.00273EPSS