Lucene search
+L

64 matches found

Vulnrichment
Vulnrichment
added 2025/12/05 4:49 p.m.6 views

CVE-2025-66546 Nextcloud Calendar app allowed booking appointments without the generated token

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

3.3CVSS6.3AI score0.0012EPSS
Exploits0References4
OSV
OSV
added 2025/12/05 4:49 p.m.7 views

CVE-2025-66546 Nextcloud Calendar app allowed booking appointments without the generated token

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

3.3CVSS6.6AI score0.0012EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/12/05 4:42 p.m.7 views

CVE-2025-66511 Nextcloud Calendar app used predictable proposal participant tokens

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...

4.8CVSS6.3AI score0.00255EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/05 4:42 p.m.5 views

EUVD-2025-201444

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...

4.8CVSS6.2AI score0.00255EPSS
Exploits0References4
CVE
CVE
added 2025/12/05 4:42 p.m.30 views

CVE-2025-66511

The CVE-2025-66511 issue affects Nextcloud Calendar prior to version 6.0.3. It stems from insecure generation of meeting proposal participant tokens (not purely random; based on a hash function), which enables an attacker to compute valid tokens and abuse them to view details and submit dates in ...

6.5CVSS6.3AI score0.00255EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/12/05 4:42 p.m.8 views

CVE-2025-66511 Nextcloud Calendar app used predictable proposal participant tokens

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...

4.8CVSS6.7AI score0.00255EPSS
Exploits0References6
Nextcloud
Nextcloud
added 2025/12/05 8:0 a.m.18 views

Calendar app allowed booking appointments without the generated token

None...

3.3CVSS5.2AI score0.0012EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.5 views

Nextcloud Calendar 安全特征问题漏洞

Nextcloud Calendar is a Nextcloud open source calendar application. Nextcloud Calendar suffers from a security signature issue vulnerability that stems from an insecure way of generating meeting proposal participant tokens, which can be exploited by an attacker to cause the tokens to be computed...

6.5CVSS6.4AI score0.00255EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.6 views

Nextcloud Calendar 安全漏洞

Nextcloud Calendar is an open source calendar application from Nextcloud. A security vulnerability exists in Nextcloud Calendar versions prior to 4.7.17 and prior to 5.2.4, which stems from a malicious user being able to create specially crafted attachments that could result in files being...

5.7CVSS6.4AI score0.00288EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.8 views

PT-2025-49290

Name of the Vulnerable Software and Affected Versions Nextcloud Calendar versions prior to 4.7.17 Nextcloud Calendar versions prior to 5.2.4 Description A malicious user could create a calendar event with a specially crafted attachment that links to a file on the same Nextcloud server. This actio...

5.7CVSS6.3AI score0.00288EPSS
Exploits0References12
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.5 views

Nextcloud Calendar 安全漏洞

Nextcloud Calendar is an open source calendar application from Nextcloud. A security vulnerability exists in Nextcloud Calendar versions prior to 4.7.19, prior to 5.5.6, and prior to 6.0.1, which stems from the calendar application allowing blind booking of meetings, which could lead to...

3.3CVSS6.3AI score0.0012EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.9 views

PT-2025-49266

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...

4.8CVSS6.7AI score0.00255EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.9 views

PT-2025-49289

Name of the Vulnerable Software and Affected Versions Nextcloud Calendar versions prior to 4.7.19 Nextcloud Calendar versions prior to 5.5.6 Nextcloud Calendar versions prior to 6.0.1 Description The Nextcloud Calendar application contained a flaw where appointments could be booked without knowin...

3.3CVSS6.4AI score0.0012EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-15569

Malware in sbrugna...

4.8CVSS5.2AI score0.00609EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-37366

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00438EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2024-36574

Malicious code in bioql PyPI...

4.6CVSS4.8AI score0.00362EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2023-52368

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00547EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-49457

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00386EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-29623

Malicious code in bioql PyPI...

9.8CVSS9AI score0.32348EPSS
Exploits0References3
Hacker One
Hacker One
added 2025/07/29 5:54 a.m.8 views

Nextcloud: Calendar app allowed booking appointments without the generated token

The calendar app was found to allow booking appointments without the necessary generated token, which could have led to unauthorized access...

3.3CVSS6.8AI score0.0012EPSS
Exploits0
Rows per page
Query Builder