20 matches found
CVE-2026-8204
Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot point to access private calendar data. The Concrete CMS security team gave this vulnerability a...
CVE-2026-8204
Concrete CMS 9.5.0 and earlier versions are vulnerable to an authorization bypass in the Calendar Event Frontend Dialog, enabling potential cross-calendar data disclosure. A public calendar block can be used as a pivot to access private calendar data. The CVSS v4.0 base score is 6.3 (AV:N/AC:L/AT...
CVE-2026-8204 Concrete CMS 9.5.0 and below is vulnerable to Authorization Bypass in the Calendar Event Frontend Dialog
Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot point to access private calendar data. The Concrete CMS security team gave this vulnerability a...
EUVD-2023-45100
Malicious code in bioql PyPI...
EUVD-2025-19845
Malicious code in bioql PyPI...
CVE-2025-0885
Incorrect Authorization vulnerability in OpenText™ GroupWise allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow unauthorized access to calendar items marked private. This issue affects GroupWise versions 7 through 17.5, 23.4, 24.1, 24.2, 24.3,...
CVE-2025-0885
CVE-2025-0885 describes an Incorrect Authorization vulnerability in OpenText GroupWise where misconfigured access control could allow unauthorized access to private calendar items. Affected versions include 7–17.5 , 23.4 , and 24.1–24.4 . The issue’s root cause is improper authorization logic lea...
CVE-2024-23289
A lock screen issue was addressed with improved state management. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A person with physical access to a device may be able to use Siri to access private calendar information...
CVE-2022-32871
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16. A person with physical access to a device may be able to use Siri to access private calendar information...
CVE-2024-37887
Vulnerability summary (CVE-2024-37887) Nextcloud Server: private shared calendar events recurrence exceptions can be read by sharees. Affected for general Nextcloud Server and Enterprise Server versions as per advisory. Impact: potential information disclosure of calendar recurrence exceptions. R...
CVE-2024-23289
A lock screen issue was addressed with improved state management. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A person with physical access to a device may be able to use Siri to access private calendar information...
Information disclosure
A lock screen issue was addressed with improved state management. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A person with physical access to a device may be able to use Siri to access private calendar information...
Information disclosure
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17. A person with physical access to a device may be able to use VoiceOver to access private calendar information...
CVE-2023-40529
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17. A person with physical access to a device may be able to use VoiceOver to access private calendar information...
Apple iOS and iPadOS Security Vulnerabilities
Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 17 and iPadOS version 17, which arises from the fact that a person wi...
CVE-2022-32871
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16. A person with physical access to a device may be able to use Siri to access private calendar information...
CVE-2022-32871
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16. A person with physical access to a device may be able to use Siri to access private calendar information...
Information disclosure
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16. A person with physical access to a device may be able to use Siri to access private calendar information...
CVE-2022-32871
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16. A person with physical access to a device may be able to use Siri to access private calendar information...
CVE-2022-32871
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16. A person with physical access to a device may be able to use Siri to access private calendar information...