CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

163 matches found

Github Security Blog•added 2026/06/17 2:9 p.m.•10 views

Open WebUI IDOR: Calendar event re-parenting allows writing events into another user's calendar

Summary POST /api/v1/calendars/events/eventid/update validates that the caller has write access to the calendar the event currently belongs to, but does not validate the destination calendarid supplied in the request body. The model layer then persists the new calendarid unconditionally. A regula...

4.3CVSS5.4AI score0.00179EPSS

Exploits1References2Affected Software1

RedhatCVE•added 2026/06/05 7:24 p.m.•7 views

CVE-2026-8204

Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot point to access private calendar data. The Concrete CMS security team gave this vulnerability a...

6.3CVSS5.4AI score0.00211EPSS

Exploits0References1

Github Security Blog•added 2026/05/21 9:30 p.m.•4 views

Concrete CMS is vulnerable to authorization bypass in the Calendar Event Frontend Dialog

6.3CVSS5.8AI score0.00211EPSS

Exploits0References3Affected Software1

OSV•added 2026/05/21 9:30 p.m.•2 views

GHSA-X2FP-HJ8C-MMXH Concrete CMS is vulnerable to authorization bypass in the Calendar Event Frontend Dialog

6.3CVSS5.8AI score0.00211EPSS

Exploits0References3

CVE•added 2026/05/21 8:56 p.m.•20 views

CVE-2026-8204

Concrete CMS 9.5.0 and earlier versions are vulnerable to an authorization bypass in the Calendar Event Frontend Dialog, enabling potential cross-calendar data disclosure. A public calendar block can be used as a pivot to access private calendar data. The CVSS v4.0 base score is 6.3 (AV:N/AC:L/AT...

6.3CVSS5.8AI score0.00211EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/05/21 12:0 a.m.•12 views

PT-2026-42544

6.3CVSS5.8AI score0.00211EPSS

Exploits0References2

CNNVD•added 2026/05/21 12:0 a.m.•7 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system designed for teams. Concrete CMS versions 9.5.0 and earlier have a security vulnerability that stems from an authorization bypass in the calendar event front-end dialog box. This vulnerability could lead to cross-calendar data leaks...

6.3CVSS5.8AI score0.00211EPSS

Exploits0References1

Cvelist•added 2026/01/21 5:27 p.m.•17 views

CVE-2021-47857 Moodle 3.10.3 - 'label' Persistent Cross Site Scripting

Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. Attackers can craft a calendar event with malicious JavaScript in the subtitle track label to execute arbitrary code when users view the...

7.2CVSS0.00309EPSS

Exploits1References3

Malwarebytes•added 2026/01/21 12:32 p.m.•7 views

Malicious Google Calendar invites could expose private data

Researchers found a way to weaponize calendar invites. They uncovered a vulnerability that allowed them to bypass Google Calendar’s privacy controls using a dormant payload hidden inside an otherwise standard calendar invite. Image courtesy of Miggo An attacker creates a Google Calendar event and...

5.7AI score

Exploits0

RedhatCVE•added 2026/01/09 10:49 a.m.•4 views

CVE-2022-37162

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS. An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event...

5.4CVSS7.1AI score0.00609EPSS

Exploits1References1

OSV•added 2025/10/23 12:31 p.m.•4 views

GHSA-422V-W6C5-VQ42 Moodle exposed the names of hidden groups to users

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information...

4.3CVSS6.7AI score0.00246EPSS

Exploits0References6

Snyk•added 2025/10/23 11:46 a.m.•4 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to the missing capability check in the calendar event creation flow. An attacker can access private or restricted group...

6.5CVSS6.6AI score0.00246EPSS

Exploits0References2

EUVD•added 2025/10/23 11:28 a.m.•4 views

EUVD-2025-35667

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information...

4.3CVSS6.2AI score0.00246EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2012-2354

Malware in sbrugna...

6.5CVSS6.1AI score0.01416EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2019-15033

Malware in sbrugna...

4.3CVSS4.8AI score0.00854EPSS

Exploits0References2