5 matches found
CVE-2026-8204
Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot point to access private calendar data. The Concrete CMS security team gave this vulnerability a...
CVE-2026-8204 Concrete CMS 9.5.0 and below is vulnerable to Authorization Bypass in the Calendar Event Frontend Dialog
Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot point to access private calendar data. The Concrete CMS security team gave this vulnerability a...
CVE-2026-8204
Concrete CMS 9.5.0 and earlier versions are vulnerable to an authorization bypass in the Calendar Event Frontend Dialog, enabling potential cross-calendar data disclosure. A public calendar block can be used as a pivot to access private calendar data. The CVSS v4.0 base score is 6.3 (AV:N/AC:L/AT...
Apple iOS and iPadOS Security Vulnerabilities
Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 17 and iPadOS version 17, which arises from the fact that a person wi...
CVE-2022-32871
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16. A person with physical access to a device may be able to use Siri to access private calendar information...