CVE-2026-48223

Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in ics213rr.php. An authenticated attacker can send an unsanitized frm_add_str POST value that is echoed into a hidden HTML input value attribute, causing arbitrary JavaScript to execute in the victim’s browser when the page renders...

CRLF Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to CRLF Injection via the downloadICS.php process. An attacker can inject arbitrary calendar events and spoof event details by supplying specially crafted input...

About Cross Site Scripting – Zimbra Collaboration (CVE-2025-27915) vulnerability

About Cross Site Scripting - Zimbra Collaboration CVE-2025-27915 vulnerability. Zimbra Collaboration is a collaboration software suite, somewhat similar to Microsoft Exchange. Exploiting this vulnerability in the web mail client Classic Web Client allows an unauthenticated attacker to execute...

EUVD-2016-6758

Malware in sbrugna...

EUVD-2016-6760

Malware in sbrugna...

EUVD-2016-6759

Malware in sbrugna...

EUVD-2022-35805

Malicious code in bioql PyPI...

EUVD-2024-51137

Malicious code in bioql PyPI...

CVE-2024-12835

Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that...

CVE-2024-12835

Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that...

CVE-2024-12835 Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that...

CVE-2024-12835

Delta Electronics DRASimuCAD is affected by an ICS file parsing out-of-bounds write that can lead to remote code execution. The flaw arises from insufficient validation of data in ICS files, enabling a write past the end of an allocated buffer when opening a specially crafted file. Exploitation r...

(0Day) Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

RHEL 5 : libical (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libical: Heap buffer over-read in icaltimefromstring CVE-2016-5827 - The icalparserparsestring function i...

RHEL 7 : libical (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libical: Use-after-free CVE-2016-9584 - The icalparserparsestring function in libical 0.47 and 1.0 allows...

RHEL 6 : libical (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libical: Stack buffer overflow in icalrecuraddbydayrules in icalrecur.c CVE-2019-11705 - The...

RHEL 5 : libical (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libical: Heap buffer over-read in icaltimefromstring CVE-2016-5827 - The icalpropertynewclone function in...

CVE-2023-1977

The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network...

CVE-2023-1977 Booking Manager < 2.0.29 - Subscriber+ SSRF

The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network...

SUSE CVE-2016-5825

The icalparserparsestring function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service out-of-bounds heap read via a crafted ics file...