126 matches found
CVE-2026-9304
A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected element is the function validateUrlForSSRF of the file apps/web/app/api/logo/route.ts of the component Logo API. The manipulation results in server-side request forgery. It is possible to launch the attack remotely...
CVE-2026-9349
A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the function getServerSideProps of the file apps/web/modules/bookings/views/bookings-single-view.getServerSideProps.tsx of the component Generic React API. This manipulation of the argument...
cal.diy 访问控制错误漏洞
cal.diy is an open-source calendar scheduling platform developed by Cal. Versions of cal.diy 4.9.4 and earlier contain a security vulnerability related to access control. This vulnerability stems from the getServerSideProps function in the Generic React API component file...
PT-2026-42905
A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the function getServerSideProps of the file apps/web/modules/bookings/views/bookings-single-view.getServerSideProps.tsx of the component Generic React API. This manipulation of the argument...
EUVD-2026-31540
A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected element is the function validateUrlForSSRF of the file apps/web/app/api/logo/route.ts of the component Logo API. The manipulation results in server-side request forgery. It is possible to launch the attack remotely...
EUVD-2026-31539
A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this...
CVE-2026-9303 calcom cal.diy cross-site request forgery
A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this...
PT-2026-42884
A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected element is the function validateUrlForSSRF of the file apps/web/app/api/logo/route.ts of the component Logo API. The manipulation results in server-side request forgery. It is possible to launch the attack remotely...
cal.diy 安全漏洞
cal.diy is an open-source calendar scheduling platform developed by Cal. Versions of cal.diy 4.9.4 and earlier contain security vulnerabilities, which stem from unknown functions and may lead to cross-site request forgery attacks...
PT-2026-42883
A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this...
MAL-2025-178853 Malicious code in tauhur-sofi-diy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51776810f79138d39a33e09e142dfa9ca62bed353d074bfd15e12f9fbaf2e269 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-136005
Malicious code in tauhur-sofi-diy npm...
Malicious code in tauhur-sofi-diy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51776810f79138d39a33e09e142dfa9ca62bed353d074bfd15e12f9fbaf2e269 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2012-6369
Malware in sbrugna...
EUVD-2010-3205
Malware in sbrugna...
EUVD-2012-6368
Malware in sbrugna...
EUVD-2011-5040
Malware in sbrugna...
EUVD-2012-6367
Malware in sbrugna...
generator-anyms-ms (>=1.0.7 <=2.0.4), generator-diy (=1.0.0) +1 more potentially affected by unknown CVE via yoeman-generator (=0.0.1-security)
yoeman-generator NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on yoeman-generator and may be impacted: - generator-anyms-ms =1.0.7, =2.0.4 - generator-diy =1.0.0 - generator-owngen =1.0.0 Source cves: unknown CVE Source...
diy-family.com Cross Site Scripting vulnerability OBB-4040199
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...