EUVD-2026-22776

The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event description in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-2396

The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event description in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress List View Google Calendar plugin <= 7.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via Event Description vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Event Description vulnerability discovered by Pattama Tangpoonponwiwat Kwan - - in WordPress Plugin List View Google Calendar versions = 7.4.3...

WordPress plugin List View Google Calendar 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2026-27465

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources...

GO-2026-4560 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users in github.com/fleetdm/fleet

Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users in github.com/fleetdm/fleet...

GHSA-2V6M-6XW3-6467 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users

Summary A vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources associated with the service account. Impact Fleet returns configuration da...

Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users

Summary A vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources associated with the service account. Impact Fleet returns configuration da...

EUVD-2026-8829

Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the Google Calendar integration configuration response in the app config endpoint. An attacker can retrieve the service account’s API key JSON including private key material by...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the Google Calendar integration configuration response in the app config endpoint. An attacker can retrieve the service account’s API key JSON including private key material by...

CVE-2026-27465 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources...

CVE-2026-27465

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources...

CVE-2026-27465 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources...

CVE-2026-27465

Summary: CVE-2026-27465 affects Fleet before v4.80.1, where the configuration API could expose Google Calendar service account credentials to authenticated users with the lowest-privilege role (Observer). The credentials were not properly obfuscated, potentially allowing unauthorized access to Go...

CVE-2026-27465 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources...

PT-2026-22117

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.80.1 Description Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources...

Fleet 安全漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Versions of Fleet prior to 4.80.1 contained security...

Malicious Google Calendar invites could expose private data

Researchers found a way to weaponize calendar invites. They uncovered a vulnerability that allowed them to bypass Google Calendar’s privacy controls using a dormant payload hidden inside an otherwise standard calendar invite. Image courtesy of Miggo An attacker creates a Google Calendar event and...

CVE-2023-49151

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Simple Calendar Simple Calendar – Google Calendar Plugin allows Stored XSS.This issue affects Simple Calendar – Google Calendar Plugin: from n/a through 3.2.6...