Lucene search
K

14 matches found

Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40839

Name of the Vulnerable Software and Affected Versions Date iCal versions 0.0.0 through 4.0.14 Description A missing authorization issue in the Date iCal module, which exports entity date fields as iCal feeds, allows forceful browsing. The module fails to sufficiently check entity or field access...

9.8CVSS5.8AI score0.00369EPSS
Exploits0References6
Drupal
Drupal
added 2026/05/13 12:0 a.m.17 views

Date iCal - Critical - Information disclosure - SA-CONTRIB-2026-037

This module enables you to export entity date fields as iCal feeds. The module doesn't sufficiently check entity or field access or sanitize user inputs when generating iCal feeds. This vulnerability is not mitigated by any permission, the routes are accessible to all anonymous users with no...

9.8CVSS5.8AI score0.00369EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.5 views

CVE-2026-4801

The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via external iCal feed data in all versions up to, and including, 3.1.16 due to insufficient output escaping of event titles, descriptions, and locations fetched from external iCal feeds...

6.4CVSS5.9AI score0.00406EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.14 views

PT-2026-33588

Name of the Vulnerable Software and Affected Versions CoBlocks versions prior to 3.1.17 Description The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient output escaping of event titles, descriptions, and...

6.4CVSS6AI score0.00406EPSS
Exploits0References17
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-7122

Malware in sbrugna...

4.3CVSS4.6AI score0.014EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/08/06 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2016-6189

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the 1...

4.3CVSS5.8AI score0.014EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:2 a.m.6 views

CVE-2023-1977

The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network...

8.8CVSS6.8AI score0.00823EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/05/29 12:0 a.m.5 views

PT-2023-19706 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions prior to 7.10.6-rev37 Description: The issue concerns the lack of HTTP header length checks when downloading data, such as iCal feeds. This could potentially allow a crafted feed to provide an excessive amount of header...

4.3CVSS7.2AI score0.00673EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:59 a.m.5 views

SUSE CVE-2016-6189

Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the 1 ics or 2 XML calendar feeds...

4.3CVSS6.5AI score0.014EPSS
Exploits1References3
OSV
OSV
added 2017/02/17 5:59 p.m.4 views

DEBIAN-CVE-2016-6189

Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the 1 ics or 2 XML calendar feeds...

4.3CVSS5AI score0.014EPSS
Exploits1References1
NVD
NVD
added 2017/02/17 5:59 p.m.18 views

CVE-2016-6189

Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the 1 ics or 2 XML calendar feeds...

4.3CVSS4.2AI score0.014EPSS
Exploits1References4
OSV
OSV
added 2017/02/17 5:59 p.m.13 views

CVE-2016-6189

Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the 1 ics or 2 XML calendar feeds...

4.3CVSS6.1AI score
Exploits0References4
OSV
OSV
added 2017/02/17 5:59 p.m.5 views

UBUNTU-CVE-2016-6189

Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the 1 ics or 2 XML calendar feeds...

4.3CVSS5.8AI score0.014EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2017/02/17 12:0 a.m.3 views

PT-2017-8927 · Inverse · Sogo

Name of the Vulnerable Software and Affected Versions: SOGo versions prior to 2.3.12 SOGo versions 3.x prior to 3.1.1 Description: The issue allows remote authenticated users to obtain sensitive information by reading specific fields in calendar feeds. This is due to an incomplete blacklist...

4.3CVSS4.2AI score0.014EPSS
Exploits1References10
Rows per page
Query Builder