CVE-2026-45281

A flaw was found in Nextcloud Server. An authenticated user, with knowledge of another user's principal URL, could exploit improper authorization controls to gain full access to that user's calendar. This allows the attacker to view and modify the victim's calendar, leading to unauthorized...

CVE-2026-45281

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge of other users’ principal URL an attacker could possibly send a request to gain full access to their calendar. Therefore, the...

CVE-2021-41112

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could...

EUVD-1999-1153

Malware in sbrugna...

EUVD-2021-28247

Malicious code in bioql PyPI...

EUVD-2023-30275

Malicious code in bioql PyPI...

EUVD-2024-0523

Malicious code in bioql PyPI...

CVE-2023-26455

RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require...

CVE-2023-26455

RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require...

Privilege Escalation

rundeck-authz-core is vulnerable to privilege escalation. An attacker can modify or delete system or project-level calendars by sending a malicious request without having proper authorization...

CVE-2021-41112

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could...

CVE-2021-41112 Missing Authorization in Rundeck

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could...

Rundeck 安全漏洞

Rundeck is an open source automation service with a web console, command line tools, and webAPI from Rundeck, Inc. in the United States, which is primarily used to run automation tasks. A security vulnerability in versions of Rundeck prior to 3.4.5 allows authenticated users to make requests to...

Security Bulletin: Security Bypass Vulnerability Addressed in Asset and Service Management (CVE-2014-3084)

Summary IBM Maximo Asset Management allows an authenticated attacker to modify calendar entries that they do not have access to by bypassing security restrictions. Vulnerability Details DESCRIPTION: Customers who have Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry...

CVE-1999-1172

By design, Maximizer Enterprise 4 calendar and address book program allows arbitrary users to modify the calendar of other users when the calendar is being shared...