CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

253 matches found

CVE-2026-54006

Open WebUI prior to version 0.9.6 is vulnerable to an IDOR in the calendar events update endpoint. The vulnerability arises because POST /api/v1/calendars/events/{event_id}/update validates write access to the source calendar but does not validate the destination calendar_id in the request body, ...

4.3CVSS5.9AI score0.00185EPSS

Exploits1References1Affected Software1

Fedora•added 2026/06/05 4:10 a.m.•16 views

[SECURITY] Fedora 43 Update: nextcloud-33.0.4-1.fc43

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

9.1CVSS5.8AI score0.00269EPSS

Exploits1

CNNVD•added 2026/06/01 12:0 a.m.•14 views

Nextcloud Server 安全漏洞

NextCloud Server is an open-source NextCloud server program developed by NextCloud. There were security vulnerabilities in versions 32.0.0 to 32.0.9 and 33.0.0 to 33.0.3 of NextCloud Server. These vulnerabilities stemmed from improper authorization control in the calendar backend, allowing...

8.1CVSS5.3AI score0.00284EPSS

Exploits0References4

Fedora•added 2026/05/11 1:3 a.m.•23 views

[SECURITY] Fedora 43 Update: nextcloud-33.0.3-1.fc43

9.9CVSS6.4AI score0.01286EPSS

Exploits15

Fedora•added 2026/05/10 3:23 a.m.•35 views

[SECURITY] Fedora 42 Update: nextcloud-33.0.3-1.fc42

9.9CVSS6.5AI score0.01286EPSS

Exploits15

Fedora•added 2026/05/10 2:55 a.m.•30 views

[SECURITY] Fedora 44 Update: nextcloud-33.0.3-1.fc44

9.9CVSS6.5AI score0.01286EPSS

Exploits15

EUVD•added 2026/04/24 5:29 a.m.•4 views

EUVD-2026-25401

The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the dexbccfadminintcalendarlist.inc.php file due to missing validation on a user controlled key. This makes it possible for authenticated...

5.3CVSS5.7AI score0.0033EPSS

Exploits0References8

Positive Technologies•added 2026/04/24 12:0 a.m.•7 views

PT-2026-34857

The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the dex bccf admin int calendar list.inc.php file due to missing validation on a user controlled key. This makes it possible for authenticated...

5.3CVSS5.7AI score0.0033EPSS

Exploits0References10

CNNVD•added 2026/03/24 12:0 a.m.•4 views

编号撤回

Zimbra Collaboration Suite ZCS is an open-source collaboration suite developed by Zimbra Corporation. This product includes features such as WebMail, calendars, and contact management. The CVE number for this product has been withdrawn...

9.8CVSS5.7AI score0.00462EPSS

Exploits3References3

Fedora•added 2026/03/02 12:42 a.m.•16 views

[SECURITY] Fedora 43 Update: nextcloud-32.0.6-1.fc43

7.9CVSS6.1AI score0.01242EPSS

Exploits1

Patchstack•added 2025/12/31 12:0 a.m.•5 views

WordPress Private Google Calendars plugin <= 20250811 - Missing Authorization to Authenticated (Subscriber+) Settings Reset vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Reset vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Private Google Calendars versions = 20250811...

4.3CVSS5.9AI score0.00191EPSS

Exploits0References1Affected Software1

Fedora•added 2025/12/21 3:53 a.m.•9 views

[SECURITY] Fedora 43 Update: nextcloud-32.0.3-1.fc43

6.1CVSS6.9AI score0.00233EPSS

Exploits0

Fedora•added 2025/12/21 12:51 a.m.•9 views

[SECURITY] Fedora 42 Update: nextcloud-32.0.3-1.fc42

6.1CVSS6.9AI score0.00233EPSS

Exploits0

NVD•added 2025/12/09 4:18 p.m.•6 views

CVE-2025-67555

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in useStrict UseStrict's Calendly Embedder cal-embedder-lite allows Stored XSS.This issue affects UseStrict's Calendly Embedder: from n/a through = 1.1.7.2...

5.9CVSS0.00172EPSS

Exploits0References1

EUVD•added 2025/12/03 1:52 p.m.•4 views

EUVD-2025-200975

The Fluent Booking plugin for WordPress is vulnerable to unauthorized calendar import and management due to a missing capability check on the "importCalendar" function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with subscriber level access an...

4.3CVSS4.8AI score0.00158EPSS

Exploits0References3

Fedora•added 2025/12/03 1:40 a.m.•6 views

[SECURITY] Fedora 41 Update: nextcloud-32.0.2-1.fc41

7.3CVSS6.9AI score0.01297EPSS

Exploits0

Fedora•added 2025/12/03 12:59 a.m.•7 views

[SECURITY] Fedora 43 Update: nextcloud-32.0.2-1.fc43

7.3CVSS6.9AI score0.01297EPSS

Exploits0

CNVD•added 2025/11/18 12:0 a.m.•2 views

WordPress Booking Manager plugin cross-site scripting vulnerability

WordPress Booking Manager plugin is a tool for managing appointments and schedules, supporting features such as synchronization with external ICS calendars, importing events and exporting booking data. A cross-site scripting vulnerability exists in the WordPress Booking Manager plugin, which stem...

6.5CVSS6.3AI score0.00132EPSS

Exploits0References1

RedhatCVE•added 2025/11/12 3:47 a.m.•15 views

CVE-2025-12526

The Private Google Calendars plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pgcremove' action in all versions up to, and including, 20250811. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5AI score0.00191EPSS

Exploits0References1

EUVD•added 2025/11/11 6:30 a.m.•2 views

EUVD-2025-60942

4.3CVSS4.6AI score0.00191EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by