CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

61 matches found

NextCloud Calendar information leakage vulnerability

NextCloud Calendar is an open-source calendar application developed by NextCloud. There were information leakage vulnerabilities in versions 5.5.13 to 5.5.17 and 6.2.0 to 6.2.3 of NextCloud Calendar. These vulnerabilities stemmed from the lack of shared restrictions applied to the meeting...

4.3CVSS5.8AI score0.00029EPSS

Exploits1References4

Redos•added 2026/02/09 12:0 a.m.•4 views

ROS-20260209-73-0022

Vulnerability in nextcloud-app-calendar related to authorization bypass through the use of a user-controlled key. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

3.3CVSS5.7AI score0.00009EPSS

Exploits0

Redos•added 2026/01/29 12:0 a.m.•4 views

ROS-20260129-73-0049

Vulnerability in nextcloud-app-calendar related to the use of insufficiently randomized values. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

6.5CVSS5.9AI score0.00023EPSS

Exploits0

Redos•added 2026/01/29 12:0 a.m.•5 views

ROS-20260129-73-0048

Vulnerability in nextcloud-app-calendar related to improper handling of an unexpected data type. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

5.7CVSS5.9AI score0.00024EPSS

Exploits0

RedhatCVE•added 2026/01/09 9:27 a.m.•6 views

CVE-2023-45150

Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server busy and unresponsive. It is recommended th...

4.3CVSS6.8AI score0.00118EPSS

Exploits1References1

CNVD•added 2025/12/10 12:0 a.m.•1 views

Nextcloud Calendar Security Feature Issue Vulnerability

Nextcloud Calendar is a Nextcloud open source calendar application. Nextcloud Calendar suffers from a security signature issue vulnerability that stems from an insecure way of generating meeting proposal participant tokens, which can be exploited by an attacker to cause the tokens to be computed...

6.5CVSS6.8AI score0.00023EPSS

Exploits0References1

RedhatCVE•added 2025/12/09 8:27 a.m.•2 views

CVE-2025-66550

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This...

5.7CVSS6.6AI score0.00024EPSS

Exploits0References1

RedhatCVE•added 2025/12/09 8:27 a.m.•1 views

CVE-2025-66511

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...

6.5CVSS6.7AI score0.00023EPSS

Exploits0References1

RedhatCVE•added 2025/12/09 8:27 a.m.•1 views

CVE-2025-66546

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

3.3CVSS6.7AI score0.00009EPSS

Exploits0References1

NVD•added 2025/12/05 5:16 p.m.•4 views

CVE-2025-66546

3.3CVSS0.00009EPSS

Exploits0References4

NVD•added 2025/12/05 5:16 p.m.•4 views

CVE-2025-66550

5.7CVSS0.00024EPSS

Exploits0References4

NVD•added 2025/12/05 5:16 p.m.•2 views

CVE-2025-66511

6.5CVSS0.00023EPSS

Exploits0References4

OSV•added 2025/12/05 4:56 p.m.•2 views

CVE-2025-66550 Nextcloud Calendar attachments of local files are offered to downloaded

5.7CVSS6.5AI score0.00024EPSS

Exploits0References6

Cvelist•added 2025/12/05 4:56 p.m.•19 views

CVE-2025-66550 Nextcloud Calendar attachments of local files are offered to downloaded

5.7CVSS0.00024EPSS

Exploits0References4

Vulnrichment•added 2025/12/05 4:56 p.m.•1 views

CVE-2025-66550 Nextcloud Calendar attachments of local files are offered to downloaded

5.7CVSS6.2AI score0.00024EPSS

Exploits0References4

EUVD•added 2025/12/05 4:56 p.m.•3 views

EUVD-2025-201443

5.7CVSS6.1AI score0.00024EPSS

Exploits0References4

CVE•added 2025/12/05 4:56 p.m.•8 views

CVE-2025-66550

CVE-2025-66550 affects Nextcloud Calendar prior to versions 4.7.17 and 5.2.4. A malicious user could create a calendar event with an attachment that links to a download URL for a file on the same Nextcloud server, causing the file to be downloaded without user confirmation. The issue is resolved ...

5.7CVSS6.2AI score0.00024EPSS

Exploits0References4Affected Software1

CVE•added 2025/12/05 4:49 p.m.•6 views

CVE-2025-66546

Summary: CVE-2025-66546 affects Nextcloud Calendar. The vulnerability arises from the calendar’s handling of appointment IDs, allowing blind booking of appointments without knowledge of the appointment token. Affected software/versions (as documented): Nextcloud Calendar prior to 4.7.19, prior to...

3.3CVSS6.3AI score0.00009EPSS

Exploits0References4Affected Software1

Cvelist•added 2025/12/05 4:49 p.m.•14 views

CVE-2025-66546 Nextcloud Calendar app allowed booking appointments without the generated token

3.3CVSS0.00009EPSS

Exploits0References4

Vulnrichment•added 2025/12/05 4:49 p.m.•1 views

CVE-2025-66546 Nextcloud Calendar app allowed booking appointments without the generated token

3.3CVSS6.3AI score0.00009EPSS

Exploits0References4

Rows per page