DEBIAN-CVE-2026-8496

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

EUVD-2023-50951

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-32739

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number...

Linux Distros Unpatched Vulnerability : CVE-2016-6189

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the 1...

CVE-2023-46784

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Server-Side Request Forgery SSRF vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a through...

CVE-2023-46784 WordPress ICS Calendar plugin <= 10.12.0.3 - SSRF and Arbitrary File Read vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Server-Side Request Forgery SSRF vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a through...

CVE-2023-46784 WordPress ICS Calendar plugin <= 10.12.0.3 - SSRF and Arbitrary File Read vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Server-Side Request Forgery SSRF vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a through...

PT-2024-13378 · Unknown · Ics Calendar

Name of the Vulnerable Software and Affected Versions: ICS Calendar versions n/a through 10.12.0.3 Description: The issue affects ICS Calendar, allowing Absolute Path Traversal and Server Side Request Forgery due to improper limitation of a pathname to a restricted directory. This enables an...

WordPress ICS Calendar Plugin <= 10.12.0.3 is vulnerable to Arbitrary File Download

Software ICS Calendar Type Plugin Vulnerable versions = 10.12.0.3 Fixed in 10.12.0.4 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Download CVE CVE-2023-46784 Patch priority Medium CVSS severity Medium 8.2 Developer Claim ownership PSID 662755066f6f Credits Muhammad Daffa Require...

Mozilla Thunderbird < 60.5

The version of Thunderbird installed on the remote Windows host is prior to 60.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-03 advisory. - A use-after-free vulnerability can occur while playing a sound notification in Thunderbird. The memory storing the...