CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

RedhatCVE•added 2026/06/05 7:32 p.m.•6 views

CVE-2026-6810

The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the dexbccfadminintcalendarlist.inc.php file due to missing validation on a user controlled key. This makes it possible for authenticated...

5.3CVSS5.5AI score0.0033EPSS

Exploits0References1

Cvelist•added 2026/06/01 4:52 p.m.•29 views

CVE-2026-45281 Nextcloud: Cross-Account Calendar Takeover via Unauthorized Group-Member-Set Update

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge of other users’ principal URL an attacker could possibly send a request to gain full access to their calendar. Therefore, the...

8.1CVSS0.00284EPSS

Exploits0References3

Vulnrichment•added 2026/06/01 4:52 p.m.•10 views

CVE-2026-45281 Nextcloud: Cross-Account Calendar Takeover via Unauthorized Group-Member-Set Update

8.1CVSS5.7AI score0.00284EPSS

Exploits0References3

Nextcloud•added 2026/05/12 9:4 a.m.•9 views

Cross-Account Calendar Takeover via Unauthorized Group-Member-Set Update

None...

8.1CVSS5.8AI score0.00284EPSS

Exploits0References2Affected Software1

CVE•added 2026/04/24 5:29 a.m.•6 views

CVE-2026-6810

The Booking Calendar Contact Form WordPress plugin (versions

5.3CVSS5.7AI score0.0033EPSS

Exploits0References8

Cvelist•added 2026/04/24 5:29 a.m.•23 views

CVE-2026-6810 Booking Calendar Contact Form <= 1.2.63 - Authenticated (Subscriber+) Insecure Direct Object Reference to Calendar Takeover

5.3CVSS0.0033EPSS

Exploits0References8

ATTACKERKB•added 2026/04/24 5:29 a.m.•3 views

CVE-2026-6810

5.3CVSS5.7AI score0.0033EPSS

Exploits0References9

Vulnrichment•added 2026/04/24 5:29 a.m.•2 views

CVE-2026-6810 Booking Calendar Contact Form <= 1.2.63 - Authenticated (Subscriber+) Insecure Direct Object Reference to Calendar Takeover

5.3CVSS5.3AI score0.0033EPSS

Exploits0References8

Patchstack•added 2026/04/23 4:30 p.m.•6 views

WordPress Booking Calendar Contact Form plugin <= 1.2.63 - Authenticated (Subscriber+) Insecure Direct Object Reference to Calendar Takeover vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Calendar Takeover vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Booking Calendar Contact Form versions = 1.2.63...

5.3CVSS5.8AI score0.0033EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by