CVE-2026-27465

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources...

GHSA-2V6M-6XW3-6467 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users

Summary A vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources associated with the service account. Impact Fleet returns configuration da...

CVE-2026-27465 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources...

CVE-2026-27465 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources...

CVE-2026-27465

Summary: CVE-2026-27465 affects Fleet before v4.80.1, where the configuration API could expose Google Calendar service account credentials to authenticated users with the lowest-privilege role (Observer). The credentials were not properly obfuscated, potentially allowing unauthorized access to Go...

Prompt Injection in AI Browsers

This is why AIs are not ready to be personal assistants: A new attack called 'CometJacking' exploits URL parameters to pass to Perplexity's Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar. In a realistic scenario, no...

EUVD-2017-18909

Malware in sbrugna...

EUVD-2009-4070

Malware in sbrugna...

EUVD-2023-56217

Malicious code in bioql PyPI...

MAL-2025-31791 Malicious code in react-google-calendar-events (npm)

The package react-google-calendar-events was found to contain malicious code...

New Promptware Attack Hijacks User’s Gemini AI Via Google Calendar Invite

Cybersecurity researchers demonstrate a new attack on Google Gemini AI for Workspace. Discover how a simple calendar invite can be used to perform phishing, steal emails, and even control home appliances...

⚡ Weekly Recap: APT Intrusions, AI Malware, Zero-Click Exploits, Browser Hijacks and More

If this had been a security drill, someone would've said it went too far. But it wasn't a drill—it was real. The access? Everything looked normal. The tools? Easy to find. The detection? Came too late. This is how attacks happen now—quiet, convincing, and fast. Defenders aren't just chasing hacke...

CVE-2023-51504

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dan Dulaney Dan's Embedder for Google Calendar allows Stored XSS.This issue affects Dan's Embedder for Google Calendar: from n/a through 1.2...

CVE-2023-46189

Cross-Site Request Forgery CSRF vulnerability in Simple Calendar – Google Calendar Plugin = 3.2.5 versions...

Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper

Cybersecurity researchers have discovered a malicious package named "os-info-checker-es6" that disguises itself as an operating system information utility to stealthily drop a next-stage payload onto compromised systems. "This campaign employs clever Unicode-based steganography to hide its initia...

CVE-2024-10729

CVE-2024-10729 affects Booking & Appointment Plugin for WooCommerce for WordPress (versions up to and including 6.9.0). Root cause: missing capability check in the save_google_calendar_data function, allowing authenticated users with subscriber-level permissions or higher to arbitrarily update si...

PT-2024-16491 · Woocommerce · Booking & Appointment Plugin For Woocommerce

Name of the Vulnerable Software and Affected Versions: Booking & Appointment Plugin for WooCommerce version 6.9.0 and earlier Description: The issue is related to a missing capability check in the save google calendar data function, allowing authenticated attackers with subscriber-level permissio...

CVE-2024-33640 WordPress Pretty Google Calendar plugin <= 1.7.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LBell Pretty Google Calendar allows Stored XSS.This issue affects Pretty Google Calendar: from n/a through 1.7.2...

CVE-2024-33640 WordPress Pretty Google Calendar plugin <= 1.7.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LBell Pretty Google Calendar allows Stored XSS.This issue affects Pretty Google Calendar: from n/a through 1.7.2...

CVE-2024-1425 EmbedPress <= 3.9.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via Google Calendar Widget Link

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due to insufficient input...