15 matches found
EUVD-2026-42550
The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...
Malicious Google Calendar invites could expose private data
Researchers found a way to weaponize calendar invites. They uncovered a vulnerability that allowed them to bypass Google Calendar’s privacy controls using a dormant payload hidden inside an otherwise standard calendar invite. Image courtesy of Miggo An attacker creates a Google Calendar event and...
EUVD-2026-1882
OpenProject is an open-source, web-based project management software. OpenProject versions prior to version 16.6.3, allowed users with the View Meetings permission on any project, to access meeting details of meetings that belonged to projects, the user does not have access to. This issue has bee...
OpenProject 访问控制错误漏洞
OpenProject is a Web-based project management software from OpenProject Open Source. An Access Control Error vulnerability exists in versions prior to OpenProject 16.6.3, which stems from improper access control and could lead to unauthorized access to meeting details...
CVE-2020-8216
An information disclosure vulnerability in meeting of Pulse Connect Secure 9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID...
CVE-2020-8216
An information disclosure vulnerability in meeting of Pulse Connect Secure 9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID...
Information disclosure
An information disclosure vulnerability in meeting of Pulse Connect Secure 9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID...
CVE-2020-8216
An information disclosure vulnerability in meeting of Pulse Connect Secure 9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID...
CVE-2020-8216
CVE-2020-8216 describes an information-disclosure vulnerability in Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) prior to version 9.1R8, where an authenticated end-user can reveal meeting details if they know the Meeting ID. Public sources in the provided documents confirm the affected...
Pulse Secure Pulse Connect Secure and Pulse Policy Secure Information Disclosure Vulnerabilities
Pulse Secure Pulse Connect Secure a.k.a. PCS, formerly known as Juniper Junos Pulse and Pulse Policy Secure are both products of Pulse Secure, Inc.Pulse Connect Secure is an SSL VPN solution. Pulse Connect Secure is an SSL VPN solution. Pulse Policy Secure is a network access control solution. A...
CVE-2014-1664
The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file...
Authentication flaw
The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file...
CVE-2014-1664
The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file...
CVE-2014-1664
The CVE-2014-1664 entry concerns Citrix GoToMeeting for Android version 5.0.799.1238, which logs HTTP requests containing sensitive data. The underlying issue is information disclosure via logs read by other Android apps with system log access, enabling leakage of user IDs, meeting details, and a...
GoToMeeting Information Disclosure
ADVISORY INFORMATION ======================== Title: GoToMeeting Information Disclosure via Logging Output Android CVE: CVE-2014-1664 CVE Information: ASSIGNED Date published: PUBLIC Date of last update: 01/23/2014 Vendor Contacted: Citrix Release mode: Coordinated Release 2. VULNERABILITY...