77 matches found
Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24046)
Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access calendar details using an unauthorized internal...
EUVD-2004-0740
Malware in sbrugna...
EUVD-2020-29143
Malware in sbrugna...
CometJacking: One Click Can Turn Perplexity's Comet AI Browser Into a Data Thief
Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity's agentic AI browser Comet by embedding malicious prompts within a seemingly innocuous link to siphon sensitive data, including from connected services, like email and calendar. The sneaky...
EUVD-2021-3106
Malicious code in bioql PyPI...
EUVD-2023-33064
Malicious code in bioql PyPI...
EUVD-2024-52629
Malicious code in bioql PyPI...
CVE-2024-31893
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174...
CVE-2024-54535
A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1, watchOS 11.1. An attacker with access to calendar data could also read reminders...
CVE-2023-40529
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17. A person with physical access to a device may be able to use VoiceOver to access private calendar information...
CVE-2021-0487
In onCreate of CalendarDebugActivity.java, there is a possible way to export calendar data to the sdcard without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...
CVE-2020-8275
Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute...
CVE-2024-54535
A path handling issue was addressed with improved logic. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An attacker with access to calendar data could also read reminders...
CVE-2024-54535
A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1, watchOS 11.1. An attacker with access to calendar data could also read reminders...
CVE-2024-54535
A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1, watchOS 11.1. An attacker with access to calendar data could also read reminders...
CVE-2024-54535
Affected product: Apple Vision Pro (calendar feature). Issue: a path handling vulnerability could allow an attacker with access to calendar data to read reminders. Root cause: path handling logic was reworked with improved validation. Affected OS updates and patches: watchOS 11.1, visionOS 2.1, i...
CVE-2024-54535
A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1, watchOS 11.1. An attacker with access to calendar data could also read reminders...
Apple iOS和Apple iPadOS 安全漏洞
Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS and Apple iPadOS prior to version 18.1, which originated when an attacker wit...
PT-2025-3045 · Apple · Visionos +4
Name of the Vulnerable Software and Affected Versions: watchOS versions prior to 11.1 visionOS versions prior to 2.1 iOS versions prior to 18.1 iPadOS versions prior to 18.1 Description: A path handling issue was addressed with improved logic. An attacker with access to calendar data could also...
The vulnerability of the Access Token Handler component in the software integration control panel for IBM App Connect Enterprise allows a malicious actor to obtain confidential calendar information using an access token with an expired validity period.
The vulnerability of the Access Token Handler component in the software integration control panel for IBM App Connect Enterprise is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to obtain confidential calendar information using ...