CVE-2026-45281

CVE-2026-45281 affects Nextcloud Server versions 32.0.0–32.0.8 and 33.0.0–33.0.2. The issue stems from improper authorization in the calendar backend, requiring an authenticated attacker who knows another user’s principal URL. An authenticated user could potentially send a request to gain full ac...

EUVD-2025-204784

The Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eventdesc' parameter in all versions up to, and including, 1.3.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access a...

CVE-2025-67559

Missing Authorization vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a...

EUVD-2022-3594

Malicious code in bioql PyPI...

EUVD-2023-40581

Malicious code in bioql PyPI...

CVE-2025-26855

A SQL injection in Articles Calendar extension 1.0.0 - 1.0.1.0007 for Joomla allows attackers to execute arbitrary SQL commands...

CVE-2023-33563

In PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification when changing an email address and/or password on the Profile Page allows remote attackers to take over accounts...

Information disclosure

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16. A person with physical access to a device may be able to use Siri to access private calendar information...

VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call

The plugin lets any user execute arbitrary PHP functions on the site. https://example.com/wp-admin/admin-post.php?vrccmd=phpinfo...

Information disclosure

Information exposure in Calendar prior to version 12.3.05.10000 allows attacker to access calendar schedule without READCALENDAR permission...

crestedbuttearts.org XSS vulnerability

Open Bug Bounty ID: OBB-613590 Description| Value ---|--- Affected Website:| crestedbuttearts.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

PT-2017-10695 · Nextcloud · Nextcloud Server

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 11.0.3 Description: The issue is related to a logical error that leads to the disclosure of valid share tokens for public calendars. This could potentially allow an attacker to access publicly shared calenda...

Code injection

apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendarid parameter...

Ajax Availability Calendar 3.X.X Multiple Vulnerabilties

Exploit for php platform in category web applications Ajax Availability Calendar 3.X.X Multiple Vulnerabilties ============================================================== .:. Author : AtT4CKxT3rR0r1ST email protected .:. Script : http://www.ajaxavailabilitycalendar.com/ .:. Dork : intitle:"Aja...

SchoolCenter Web Tools 11.0.27 Cross Site Scripting

Exploit Title: SchoolCenter Web Tools Version 11.0.27 Cross Site Scripting Date: 11.04.2012 Author: Sony and Flexxpoint Software Link: www.thinqed.com Google Dorks: inurl:/education/components/calendar/ site:edu Web Browser : Mozilla Firefox Site : http://insecurity.ro PoC:...

Uiga Church Portal (year) Remote SQL Injection Vulnerability

No description provided by source. Viva IslaM Viva IslaM Remote SQL Injection Vulnerability index.php view Uiga Church Portal http://www.scriptdevelopers.net/products/ucp.html AuTh0r : Mr.SQL H0ME : WwW.55a.NeT Email : [email protected] -: Exploite :-...

phpcalendar.txt

GulfTech Security Research December 28th, 2004 Vendor : Sean Proctor URL : http://php-calendar.sourceforge.net/ Version : All Versions Risk : File Include Vulnerability Description: I was searching for a decent calendar which my group at school could use to keep track of events, etc. We were...

ASP Calendar Vulnerability &lt;www.ashiyane.com&gt;

www.ashiyane.com Release by AcTiOnSpIdEr [email protected] Advisory Name: ASP Calendar Vulnerability Release Date:13 December 2004 Platform:Any website using asp Calendar Severity:no password protected ! Overview : ---------- ASP Calendar is a tool written in aps to handle the administration...