EUVD-2026-30134

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

CVE-2026-43882

WWBN AVideo is an open source video platform. In versions up to and including 29.0, the unauthenticated plugin/Scheduler/downloadICS.php endpoint passes attacker-controlled title, description, and joinURL parameters into Scheduler::downloadICS, which builds an ICS calendar file via the ICS helper...

CVE-2026-43882

WWBN AVideo is an open source video platform. In versions up to and including 29.0, the unauthenticated plugin/Scheduler/downloadICS.php endpoint passes attacker-controlled title, description, and joinURL parameters into Scheduler::downloadICS, which builds an ICS calendar file via the ICS helper...

CVE-2026-43882 WWBN AVideo: Unauthenticated CRLF/ICS Injection in Scheduler downloadICS.php Allows Calendar Event Spoofing

WWBN AVideo is an open source video platform. In versions up to and including 29.0, the unauthenticated plugin/Scheduler/downloadICS.php endpoint passes attacker-controlled title, description, and joinURL parameters into Scheduler::downloadICS, which builds an ICS calendar file via the ICS helper...

GHSA-MWGH-92M2-WVHV AVideo: Unauthenticated CRLF/ICS Injection in Scheduler downloadICS.php Allows Calendar Event Spoofing

Summary The unauthenticated plugin/Scheduler/downloadICS.php endpoint passes attacker-controlled title, description, and joinURL parameters into Scheduler::downloadICS, which builds an ICS calendar file via the ICS helper class. ICS::escapestring objects/ICS.php:167-169 only escapes , and ; and...

PT-2026-37298

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions prior to 29.0 Description The unauthenticated 'plugin/Scheduler/downloadICS.php' endpoint passes attacker-controlled title, description, and joinURL parameters into the Scheduler::downloadICS function, which utilizes the I...

CampCodes Online Learning Management System 安全漏洞

CampCodes Online Learning Management System is an online learning management system from CampCodes Philippines, Inc. A security vulnerability exists in CampCodes Online Learning Management System version 1.0, which stems from an incorrect manipulation of the parameter datestart in the file...

Linux Distros Unpatched Vulnerability : CVE-2022-32739

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number...

CVE-2025-7868

A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /intranet/educarcalendariodiamotivocad.php of the component Calendar Module. The manipulation of the argument Motivo/descricao results in cross site scripting. It is possible to...

ABB Cylon Aspect 3.08.01 calendarFileDelete.php Arbitrary File Deletion

ABB Cylon Aspect 3.08.01 calendarFileDelete.php Arbitrary File Deletion Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

SUSE CVE-2016-5824

libical 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file...

SUSE CVE-2016-5823

The icalpropertynewclone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file...

SUSE CVE-2016-9584

libical allows remote attackers to cause a denial of service use-after-free and possibly read heap memory via a crafted ics file...

SUSE CVE-2022-32739

When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number...

OTRS 安全漏洞

OTRS is an application from the German company OTRS. A service management software. A security vulnerability exists in OTRS versions 8.0.x through 8.0.23 and OTRS versions 7.0.x through 7.0.35, as well as OTRSCalendarResourcePlanning versions 8.0.x through 8.0.23 and 7.0.x through 7.0.31, which...

October 5, 2021, update for Outlook 2016 (KB5001998)

October 5, 2021, update for Outlook 2016 KB5001998 This article describes update 5001998 for Microsoft Outlook 2016 that was released on October 5, 2021.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply...

Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation

Title: Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation Date: 2020-04-21 Author: Marco Ivaldi Vendor: www.oracle.com CVE: CVE-2020-2944 / raptorsdtcmconv.c - CDE sdtcmconvert LPE for Solaris/Intel Copyright c 2019-2020 Marco Ivaldi A buffer overflow in the SanityCheck...

Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation Exploit

Title: Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation Author: Marco Ivaldi Vendor: www.oracle.com CVE: CVE-2020-2944 / raptorsdtcmconv.c - CDE sdtcmconvert LPE for Solaris/Intel Copyright c 2019-2020 Marco Ivaldi A buffer overflow in the SanityCheck function in the...

DEBIAN-CVE-2016-5824

libical 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file...

UBUNTU-CVE-2016-5824

libical 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file...