126 matches found
CVE-2026-9304
A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected element is the function validateUrlForSSRF of the file apps/web/app/api/logo/route.ts of the component Logo API. The manipulation results in server-side request forgery. It is possible to launch the attack remotely...
CVE-2026-9349
A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the function getServerSideProps of the file apps/web/modules/bookings/views/bookings-single-view.getServerSideProps.tsx of the component Generic React API. This manipulation of the argument...
cal.diy 访问控制错误漏洞
cal.diy is an open-source calendar scheduling platform developed by Cal. Versions of cal.diy 4.9.4 and earlier contain a security vulnerability related to access control. This vulnerability stems from the getServerSideProps function in the Generic React API component file...
PT-2026-42905
A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the function getServerSideProps of the file apps/web/modules/bookings/views/bookings-single-view.getServerSideProps.tsx of the component Generic React API. This manipulation of the argument...
EUVD-2026-31540
A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected element is the function validateUrlForSSRF of the file apps/web/app/api/logo/route.ts of the component Logo API. The manipulation results in server-side request forgery. It is possible to launch the attack remotely...
EUVD-2026-31539
A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this...
CVE-2026-9303 calcom cal.diy cross-site request forgery
A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this...
PT-2026-42884
A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected element is the function validateUrlForSSRF of the file apps/web/app/api/logo/route.ts of the component Logo API. The manipulation results in server-side request forgery. It is possible to launch the attack remotely...
cal.diy 安全漏洞
cal.diy is an open-source calendar scheduling platform developed by Cal. Versions of cal.diy 4.9.4 and earlier contain security vulnerabilities, which stem from unknown functions and may lead to cross-site request forgery attacks...
PT-2026-42883
A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this...
Malicious code in tauhur-sofi-diy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51776810f79138d39a33e09e142dfa9ca62bed353d074bfd15e12f9fbaf2e269 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-178853 Malicious code in tauhur-sofi-diy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51776810f79138d39a33e09e142dfa9ca62bed353d074bfd15e12f9fbaf2e269 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-136005
Malicious code in tauhur-sofi-diy npm...
EUVD-2012-6367
Malware in sbrugna...
EUVD-2011-5040
Malware in sbrugna...
EUVD-2012-6368
Malware in sbrugna...
EUVD-2012-6369
Malware in sbrugna...
EUVD-2010-3205
Malware in sbrugna...
generator-anyms-ms (>=1.0.7 <=2.0.4), generator-diy (=1.0.0) +1 more potentially affected by unknown CVE via yoeman-generator (=0.0.1-security)
yoeman-generator NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on yoeman-generator and may be impacted: - generator-anyms-ms =1.0.7, =2.0.4 - generator-diy =1.0.0 - generator-owngen =1.0.0 Source cves: unknown CVE Source...
diy-family.com Cross Site Scripting vulnerability OBB-4040199
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...