CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

54 matches found

CVE-2026-45286 Nextcloud: Calendar app leaked user identifiers via attendee suggestion endpoint

Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance by using the Calendar app's endpoint for suggesting attendees. The sharing restrictions, applied t...

4.3CVSS0.00029EPSS

Exploits1References4

CVE•added 3 days ago•4 views

CVE-2026-45286

CVE-2026-45286 affects Nextcloud Open Source Content Collaboration Platform. An authenticated user could enumerate other users on the same instance by abusing the Calendar app’s endpoint for suggesting attendees; standard sharing restrictions did not apply to that endpoint. Impacted versions are ...

4.3CVSS5.8AI score0.00029EPSS

Exploits1References4Affected Software1

Nextcloud•added 2026/05/12 9:17 a.m.•4 views

Calendar app leaked user identifiers via attendee suggestion endpoint

None...

4.3CVSS5.8AI score0.00029EPSS

Exploits1References3Affected Software1

Redos•added 2026/01/29 12:0 a.m.•5 views

ROS-20260129-73-0048

Vulnerability in nextcloud-app-calendar related to improper handling of an unexpected data type. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

5.7CVSS5.9AI score0.00024EPSS

Exploits0

Cvelist•added 2025/12/05 4:42 p.m.•18 views

CVE-2025-66511 Nextcloud Calendar app used predictable proposal participant tokens

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...

4.8CVSS0.00023EPSS

Exploits0References4

Nextcloud•added 2025/12/05 8:0 a.m.•6 views

Calendar app allowed booking appointments without the generated token

None...

3.3CVSS5.2AI score0.00009EPSS

Exploits0References2Affected Software1

Nextcloud•added 2025/12/05 7:57 a.m.•10 views

Calendar attachments of local files are offered to downloaded

None...

5.7CVSS5.2AI score0.00024EPSS

Exploits0References2Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-52368

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00269EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-57171

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.0002EPSS

Exploits0References2

OSV•added 2025/08/14 6:52 p.m.•2 views

MAL-2025-13993 Malicious code in acerta-calendar-gui (npm)

The package acerta-calendar-gui was found to contain malicious code...

7.2AI score

Exploits0

RedhatCVE•added 2025/05/23 4:56 a.m.•6 views

CVE-2023-33183

Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3...

4.3CVSS6.9AI score0.00084EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 4:42 a.m.•7 views

CVE-2023-48308

Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3...

6.5CVSS7AI score0.00269EPSS

Exploits0

NVD•added 2024/06/14 4:15 p.m.•20 views

CVE-2024-37316

Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is recommended that the Nextcloud Calendar App is upgraded to 4.6.8 or 4.7.2...

4.6CVSS0.00426EPSS

Exploits0References3

OSV•added 2024/06/14 3:23 p.m.•11 views

CVE-2024-37316 Nextcloud Calendar's event create can create attachments that link to other websites

4.6CVSS4.7AI score0.00426EPSS

Exploits0References5

Nextcloud•added 2024/06/14 2:30 p.m.•23 views

Event create can create attachments that link to other websites

None...

4.6CVSS4.9AI score0.00426EPSS

Exploits0References2Affected Software1

CNVD•added 2024/04/11 12:0 a.m.•0 views

Huawei HarmonyOS and EMUI Stray Permissions Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI are vulnerable to a stray...

7.5CVSS6.8AI score0.00054EPSS

Exploits0References1

CNVD•added 2024/04/11 12:0 a.m.•1 views

Huawei HarmonyOS and EMUI Authentication Bypass Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. An authentication bypass vulnerability exists in Huawei...

7.5CVSS7AI score0.0002EPSS

Exploits0References1

NVD•added 2024/04/08 9:15 a.m.•16 views

CVE-2023-52545

Vulnerability of undefined permissions in the Calendar app. Impact: Successful exploitation of this vulnerability will affect availability...

7.5CVSS6.5AI score0.00054EPSS

Exploits0References2

NVD•added 2024/04/08 9:15 a.m.•13 views

CVE-2023-52546

Vulnerability of package name verification being bypassed in the Calendar app. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

7.5CVSS6.5AI score0.0002EPSS

Exploits0References2

OSV•added 2024/04/08 9:15 a.m.•0 views

CVE-2023-52545

Vulnerability of undefined permissions in the Calendar app. Impact: Successful exploitation of this vulnerability will affect availability...

7.5CVSS5.8AI score

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by