[SECURITY] Fedora 43 Update: nextcloud-33.0.4-1.fc43

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

NextCloud Server security vulnerabilities

NextCloud Server is an open-source NextCloud server program developed by NextCloud. There were security vulnerabilities in versions 32.0.0 to 32.0.9 and 33.0.0 to 33.0.3 of NextCloud Server. These vulnerabilities stemmed from improper authorization control in the calendar backend, allowing...

[SECURITY] Fedora 43 Update: nextcloud-33.0.3-1.fc43

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

[SECURITY] Fedora 42 Update: nextcloud-33.0.3-1.fc42

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

[SECURITY] Fedora 44 Update: nextcloud-33.0.3-1.fc44

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

EUVD-2026-25401

The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the dexbccfadminintcalendarlist.inc.php file due to missing validation on a user controlled key. This makes it possible for authenticated...

PT-2026-34857

The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the dex bccf admin int calendar list.inc.php file due to missing validation on a user controlled key. This makes it possible for authenticated...

编号撤回

Zimbra Collaboration Suite ZCS is an open-source collaboration suite developed by Zimbra Corporation. This product includes features such as WebMail, calendars, and contact management. The CVE number for this product has been withdrawn...

[SECURITY] Fedora 43 Update: nextcloud-32.0.6-1.fc43

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

WordPress Private Google Calendars plugin <= 20250811 - Missing Authorization to Authenticated (Subscriber+) Settings Reset vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Reset vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Private Google Calendars versions = 20250811...

[SECURITY] Fedora 43 Update: nextcloud-32.0.3-1.fc43

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

[SECURITY] Fedora 42 Update: nextcloud-32.0.3-1.fc42

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

CVE-2025-67555

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in useStrict UseStrict's Calendly Embedder cal-embedder-lite allows Stored XSS.This issue affects UseStrict's Calendly Embedder: from n/a through = 1.1.7.2...

EUVD-2025-200975

The Fluent Booking plugin for WordPress is vulnerable to unauthorized calendar import and management due to a missing capability check on the "importCalendar" function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with subscriber level access an...

[SECURITY] Fedora 41 Update: nextcloud-32.0.2-1.fc41

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

[SECURITY] Fedora 43 Update: nextcloud-32.0.2-1.fc43

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

WordPress Booking Manager plugin cross-site scripting vulnerability

WordPress Booking Manager plugin is a tool for managing appointments and schedules, supporting features such as synchronization with external ICS calendars, importing events and exporting booking data. A cross-site scripting vulnerability exists in the WordPress Booking Manager plugin, which stem...

CVE-2025-12526

The Private Google Calendars plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pgcremove' action in all versions up to, and including, 20250811. This makes it possible for authenticated attackers, with Subscriber-level access and...

EUVD-2025-60942

The Private Google Calendars plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pgcremove' action in all versions up to, and including, 20250811. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2025-12526

The Private Google Calendars plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pgcremove' action in all versions up to, and including, 20250811. This makes it possible for authenticated attackers, with Subscriber-level access and...