Lucene search
K

126 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-59234

Authorization Bypass Through User-Controlled Key CWE-639 in CalendarDeleteEventController app/Http/Controllers/Calendar/CalendarDeleteEventController.php, exposed at GET /calendar/event/delete/id, in Prospero Flow CRM before 5.5.3 allows a remote, authenticated attacker to delete arbitrary calend...

6.9CVSS0.00403EPSS
Exploits0References3
CVE
CVE
added 4 days ago11 views

CVE-2026-59234

This CVE affects Prospero Flow CRM prior to version 5.5.3. The vulnerability lies in the CalendarDeleteEventController (app/Http/Controllers/Calendar/CalendarDeleteEventController.php), exposed at the GET endpoint /calendar/event/delete/{id} . The delete logic uses Calendar::find($id)->delete(...

6.9CVSS6AI score0.00403EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-55537

Name of the Vulnerable Software and Affected Versions Prospero Flow CRM versions prior to 5.5.3 Description An authorization bypass exists in the CalendarDeleteEventController app/Http/Controllers/Calendar/CalendarDeleteEventController.php via the GET '/calendar/event/delete/id' endpoint. A remot...

6.9CVSS6AI score0.00403EPSS
Exploits0References7
CVE
CVE
added 2026/06/23 4:50 p.m.13 views

CVE-2026-54006

Open WebUI prior to version 0.9.6 is vulnerable to an IDOR in the calendar events update endpoint. The vulnerability arises because POST /api/v1/calendars/events/{event_id}/update validates write access to the source calendar but does not validate the destination calendar_id in the request body, ...

4.3CVSS5.9AI score0.00179EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.10 views

CVE-2026-8205

Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since actiongetevents does not check canView on the calendar which results in restricted event details being disclosed. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...

6.3CVSS5.5AI score0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

WWBN AVideo 注入漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained an injection vulnerability. This vulnerability stemmed from the improper escaping of CRLF characters in the plugin/Scheduler/downloadICS.php file, which could allo...

4.3CVSS5.8AI score0.0018EPSS
Exploits0References2
NVD
NVD
added 2026/04/16 10:16 p.m.6 views

CVE-2026-40308

My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mcajaxmcjsaction AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parsestr without validation, allowing injection of arbitrary parameters including a site...

8.8CVSS0.00932EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/16 9:30 p.m.3 views

CVE-2026-40308

My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mcajaxmcjsaction AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parsestr without validation, allowing injection of arbitrary parameters including a site...

8.8CVSS5.8AI score0.00932EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.8 views

WordPress plugin My Calendar 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.8CVSS5.8AI score0.00932EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/21 7:50 p.m.4 views

CVE-2021-47857

A flaw was found in Moodle. A remote attacker with privileges to create calendar events could exploit a persistent cross-site scripting XSS vulnerability in the calendar event subtitle field. By injecting malicious JavaScript into the subtitle track label of a crafted calendar event, the attacker...

7.2CVSS5.6AI score0.00309EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/12/31 11:5 a.m.4 views

CVE-2025-68979

Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Calendar Events: from n/a through = 3.5.9...

5.3CVSS7AI score0.00247EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/30 12:30 p.m.2 views

EUVD-2025-205756

Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Calendar Events: from n/a through = 3.5.9...

8.1CVSS6.5AI score0.00247EPSS
Exploits0References2
NVD
NVD
added 2025/12/30 11:15 a.m.3 views

CVE-2025-68979

Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Calendar Events: from n/a through = 3.5.9...

5.3CVSS0.00247EPSS
Exploits0References1
CVE
CVE
added 2025/12/30 10:47 a.m.8 views

CVE-2025-68979

CVE-2025-68979 relates to the Simple Calendar – Google Calendar Plugin (WordPress). The vulnerability is described as an authorization bypass via a user-controlled key that could enable access to Google Calendar events through an unauthenticated path. Wordfence’s vulnerability digest lists CVE-20...

5.3CVSS6.6AI score0.00247EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/30 10:47 a.m.24 views

CVE-2025-68979 WordPress Google Calendar Events plugin <= 3.5.9 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Calendar Events: from n/a through = 3.5.9...

5.3CVSS0.00247EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/30 10:47 a.m.4 views

CVE-2025-68979 WordPress Google Calendar Events plugin <= 3.5.9 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Calendar Events: from n/a through = 3.5.9...

5.3CVSS6.6AI score0.00247EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.3 views

WordPress plugin Google Calendar Events 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS5.8AI score0.00247EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.4 views

PT-2025-53869

Name of the Vulnerable Software and Affected Versions SimpleCalendar versions through 3.5.9 Description An authorization bypass exists due to user-controlled key vulnerability in Google Calendar Events. This allows exploitation of incorrectly configured access control security levels...

8.1CVSS6.5AI score0.00247EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/12/18 8:10 a.m.7 views

WordPress Google Calendar Events plugin <= 3.5.9 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Doan Dinh Van in WordPress Plugin Google Calendar Events versions = 3.5.9...

8.1CVSS7AI score0.00247EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-62400

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or...

6.5CVSS6AI score0.00246EPSS
Exploits0References2
Rows per page
Query Builder