Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.12 views

CVE-2026-43882

WWBN AVideo is an open source video platform. In versions up to and including 29.0, the unauthenticated plugin/Scheduler/downloadICS.php endpoint passes attacker-controlled title, description, and joinURL parameters into Scheduler::downloadICS, which builds an ICS calendar file via the ICS helper...

4.3CVSS5.9AI score0.0018EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 10:22 p.m.10 views

CVE-2026-43882

WWBN AVideo is an open source video platform. In versions up to and including 29.0, the unauthenticated plugin/Scheduler/downloadICS.php endpoint passes attacker-controlled title, description, and joinURL parameters into Scheduler::downloadICS, which builds an ICS calendar file via the ICS helper...

4.3CVSS0.0018EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/11 8:40 p.m.31 views

CVE-2026-43882 WWBN AVideo: Unauthenticated CRLF/ICS Injection in Scheduler downloadICS.php Allows Calendar Event Spoofing

WWBN AVideo is an open source video platform. In versions up to and including 29.0, the unauthenticated plugin/Scheduler/downloadICS.php endpoint passes attacker-controlled title, description, and joinURL parameters into Scheduler::downloadICS, which builds an ICS calendar file via the ICS helper...

4.3CVSS0.0018EPSS
Exploits0References2
CVE
CVE
added 2026/05/11 8:40 p.m.10 views

CVE-2026-43882

CVE-2026-43882 affects WWBN AVideo up to v29.0 via an unauthenticated endpoint plugin/Scheduler/downloadICS.php that passes user-controlled title, date_start, description and joinURL into Scheduler::downloadICS(), building an ICS calendar. ICS::escape_string() only escapes comma and semicolon, no...

4.3CVSS5.9AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.9 views

PT-2026-37298

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions prior to 29.0 Description The unauthenticated 'plugin/Scheduler/downloadICS.php' endpoint passes attacker-controlled title, description, and joinURL parameters into the Scheduler::downloadICS function, which utilizes the I...

4.3CVSS5.9AI score0.0018EPSS
Exploits0References6
HackRead
HackRead
added 2024/12/19 1:40 p.m.6 views

Google Calendar Phishing Scam Targets Users with Malicious Invites

Protect yourself from sophisticated phishing attacks that leverage Google Calendar to steal your personal information...

7.2AI score
Exploits0
Rows per page
Query Builder