126 matches found
CVE-2026-59234
Authorization Bypass Through User-Controlled Key CWE-639 in CalendarDeleteEventController app/Http/Controllers/Calendar/CalendarDeleteEventController.php, exposed at GET /calendar/event/delete/id, in Prospero Flow CRM before 5.5.3 allows a remote, authenticated attacker to delete arbitrary calend...
CVE-2026-59234
This CVE affects Prospero Flow CRM prior to version 5.5.3. The vulnerability lies in the CalendarDeleteEventController (app/Http/Controllers/Calendar/CalendarDeleteEventController.php), exposed at the GET endpoint /calendar/event/delete/{id} . The delete logic uses Calendar::find($id)->delete(...
PT-2026-55537
Name of the Vulnerable Software and Affected Versions Prospero Flow CRM versions prior to 5.5.3 Description An authorization bypass exists in the CalendarDeleteEventController app/Http/Controllers/Calendar/CalendarDeleteEventController.php via the GET '/calendar/event/delete/id' endpoint. A remot...
CVE-2026-54006
Open WebUI prior to version 0.9.6 is vulnerable to an IDOR in the calendar events update endpoint. The vulnerability arises because POST /api/v1/calendars/events/{event_id}/update validates write access to the source calendar but does not validate the destination calendar_id in the request body, ...
CVE-2026-8205
Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since actiongetevents does not check canView on the calendar which results in restricted event details being disclosed. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...
WWBN AVideo 注入漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained an injection vulnerability. This vulnerability stemmed from the improper escaping of CRLF characters in the plugin/Scheduler/downloadICS.php file, which could allo...
CVE-2026-40308
My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mcajaxmcjsaction AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parsestr without validation, allowing injection of arbitrary parameters including a site...
CVE-2026-40308
My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mcajaxmcjsaction AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parsestr without validation, allowing injection of arbitrary parameters including a site...
WordPress plugin My Calendar 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2021-47857
A flaw was found in Moodle. A remote attacker with privileges to create calendar events could exploit a persistent cross-site scripting XSS vulnerability in the calendar event subtitle field. By injecting malicious JavaScript into the subtitle track label of a crafted calendar event, the attacker...
CVE-2025-68979
Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Calendar Events: from n/a through = 3.5.9...
EUVD-2025-205756
Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Calendar Events: from n/a through = 3.5.9...
CVE-2025-68979
Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Calendar Events: from n/a through = 3.5.9...
CVE-2025-68979
CVE-2025-68979 relates to the Simple Calendar – Google Calendar Plugin (WordPress). The vulnerability is described as an authorization bypass via a user-controlled key that could enable access to Google Calendar events through an unauthenticated path. Wordfence’s vulnerability digest lists CVE-20...
CVE-2025-68979 WordPress Google Calendar Events plugin <= 3.5.9 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Calendar Events: from n/a through = 3.5.9...
CVE-2025-68979 WordPress Google Calendar Events plugin <= 3.5.9 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Calendar Events: from n/a through = 3.5.9...
WordPress plugin Google Calendar Events 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-53869
Name of the Vulnerable Software and Affected Versions SimpleCalendar versions through 3.5.9 Description An authorization bypass exists due to user-controlled key vulnerability in Google Calendar Events. This allows exploitation of incorrectly configured access control security levels...
WordPress Google Calendar Events plugin <= 3.5.9 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Doan Dinh Van in WordPress Plugin Google Calendar Events versions = 3.5.9...
Linux Distros Unpatched Vulnerability : CVE-2025-62400
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or...