64 matches found
CVE-2025-66546 Nextcloud Calendar app allowed booking appointments without the generated token
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...
CVE-2025-66546 Nextcloud Calendar app allowed booking appointments without the generated token
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...
CVE-2025-66511 Nextcloud Calendar app used predictable proposal participant tokens
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...
EUVD-2025-201444
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...
CVE-2025-66511
The CVE-2025-66511 issue affects Nextcloud Calendar prior to version 6.0.3. It stems from insecure generation of meeting proposal participant tokens (not purely random; based on a hash function), which enables an attacker to compute valid tokens and abuse them to view details and submit dates in ...
CVE-2025-66511 Nextcloud Calendar app used predictable proposal participant tokens
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...
Calendar app allowed booking appointments without the generated token
None...
Nextcloud Calendar 安全特征问题漏洞
Nextcloud Calendar is a Nextcloud open source calendar application. Nextcloud Calendar suffers from a security signature issue vulnerability that stems from an insecure way of generating meeting proposal participant tokens, which can be exploited by an attacker to cause the tokens to be computed...
Nextcloud Calendar 安全漏洞
Nextcloud Calendar is an open source calendar application from Nextcloud. A security vulnerability exists in Nextcloud Calendar versions prior to 4.7.17 and prior to 5.2.4, which stems from a malicious user being able to create specially crafted attachments that could result in files being...
PT-2025-49290
Name of the Vulnerable Software and Affected Versions Nextcloud Calendar versions prior to 4.7.17 Nextcloud Calendar versions prior to 5.2.4 Description A malicious user could create a calendar event with a specially crafted attachment that links to a file on the same Nextcloud server. This actio...
Nextcloud Calendar 安全漏洞
Nextcloud Calendar is an open source calendar application from Nextcloud. A security vulnerability exists in Nextcloud Calendar versions prior to 4.7.19, prior to 5.5.6, and prior to 6.0.1, which stems from the calendar application allowing blind booking of meetings, which could lead to...
PT-2025-49266
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...
PT-2025-49289
Name of the Vulnerable Software and Affected Versions Nextcloud Calendar versions prior to 4.7.19 Nextcloud Calendar versions prior to 5.5.6 Nextcloud Calendar versions prior to 6.0.1 Description The Nextcloud Calendar application contained a flaw where appointments could be booked without knowin...
EUVD-2018-15569
Malware in sbrugna...
EUVD-2023-37366
Malicious code in bioql PyPI...
EUVD-2024-36574
Malicious code in bioql PyPI...
EUVD-2023-52368
Malicious code in bioql PyPI...
EUVD-2023-49457
Malicious code in bioql PyPI...
EUVD-2022-29623
Malicious code in bioql PyPI...
Nextcloud: Calendar app allowed booking appointments without the generated token
The calendar app was found to allow booking appointments without the necessary generated token, which could have led to unauthorized access...