21 matches found
EUVD-2026-30134
A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...
CVE-2025-9158
The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an attacker to send a specifically crafted e-mail enabling JavaScript code execution by displaying th...
CVE-2025-9158 Stored XSS in Request Tracker
The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an attacker to send a specifically crafted e-mail enabling JavaScript code execution by displaying th...
CVE-2025-9158
CVE-2025-9158 affects Request Tracker: Stored XSS in the calendar invitation parsing feature that does not sanitize HTML, enabling JavaScript execution when a crafted invitation is displayed to a logged-in user. Affected versions: 5.0.4–5.0.8 and 6.0.0–6.0.1. Documented across multiple feeds (NVD...
EUVD-2020-25147
Malware in sbrugna...
EUVD-2023-31687
Malicious code in bioql PyPI...
CVE-2020-3882
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. Importing a maliciously crafted calendar invitation may exfiltrate user information...
CVE-2023-27961
Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, watchOS 9.4, macOS Big Sur 11.7.5. Importing a maliciously crafted calendar invitation may exfiltra...
Input validation
Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, watchOS 9.4, macOS Big Sur 11.7.5. Importing a maliciously crafted calendar invitation may exfiltra...
CVE-2023-27961
Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, watchOS 9.4, macOS Big Sur 11.7.5. Importing a maliciously crafted calendar invitation may exfiltra...
PT-2023-21454 · Apple · Macos Monterey +6
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.3 iOS versions prior to 16.4 iPadOS versions prior to 16.4 iOS versions prior to 15.7.4 iPadOS versions prior to 15.7.4 macOS Monterey versions prior to 12.6.4 watchOS versions prior to 9.4 macOS Big Sur versions...
About the security content of watchOS 9.4
About the security content of watchOS 9.4 This document describes the security content of watchOS 9.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
CVE-2020-3882
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. Importing a maliciously crafted calendar invitation may exfiltrate user information...
CVE-2020-3882
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. Importing a maliciously crafted calendar invitation may exfiltrate user information...
Information disclosure
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. Importing a maliciously crafted calendar invitation may exfiltrate user information...
CVE-2020-3882
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. Importing a maliciously crafted calendar invitation may exfiltrate user information...
Lotus Domino SMTP router, EMAIL server and client DoS
No description provided by source. Exploit Title: Lotus Domino SMTP router, EMAIL server and client DoS - all 3 may crash Date: July 16, 2011 Author: None - looks like a malformed Kerio generated calendar invitation was the reason this was discovered...
Lotus Domino Denial Of Service
Exploit Title: Lotus Domino SMTP router, EMAIL server and client DoS - all 3 may crash Date: July 16, 2011 Author: None - looks like a malformed Kerio generated calendar invitation was the reason this was discovered -http://forums.kerio.com/index.php?t=msg&th=19863&start=0 Software Link: none -...
Lotus Domino SMTP Router & Email Server and Client - Denial of Service
Exploit Title: Lotus Domino SMTP router, EMAIL server and client DoS - all 3 may crash Date: July 16, 2011 Author: None - looks like a malformed Kerio generated calendar invitation was the reason this was discovered -http://forums.kerio.com/index.php?t=msg&th=19863&start=0 Software Link: none -...
Stack overflow
Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in...