Lucene search
K

17 matches found

Cvelist
Cvelist
added 2026/06/26 7:2 p.m.30 views

CVE-2026-52779 OpenProject: Cross-project authorization bypass allows deleting public Calendar and Team Planner queries from unauthorized projects

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, a cross-project IDOR / authorization context confusion in the Calendar and Team Planner modules allows a user with management permissions in one project to delete public Calendar or Team Planner Queries...

5.4CVSS0.00185EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.8 views

CVE-2026-8204

Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot point to access private calendar data. The Concrete CMS security team gave this vulnerability a...

6.3CVSS5.4AI score0.00211EPSS
Exploits0References1
OSV
OSV
added 2026/05/21 9:30 p.m.2 views

GHSA-X2FP-HJ8C-MMXH Concrete CMS is vulnerable to authorization bypass in the Calendar Event Frontend Dialog

Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot point to access private calendar data...

6.3CVSS5.8AI score0.00211EPSS
Exploits0References3
NVD
NVD
added 2026/05/21 9:16 p.m.14 views

CVE-2026-8204

Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot point to access private calendar data. The Concrete CMS security team gave this vulnerability a...

6.3CVSS0.00211EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 8:56 p.m.8 views

CVE-2026-8204 Concrete CMS 9.5.0 and below is vulnerable to Authorization Bypass in the Calendar Event Frontend Dialog

Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot point to access private calendar data. The Concrete CMS security team gave this vulnerability a...

6.3CVSS5.8AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/21 8:56 p.m.12 views

EUVD-2026-31348

Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot point to access private calendar data. The Concrete CMS security team gave this vulnerability a...

6.3CVSS5.8AI score0.00211EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 8:56 p.m.23 views

CVE-2026-8204

Concrete CMS 9.5.0 and earlier versions are vulnerable to an authorization bypass in the Calendar Event Frontend Dialog, enabling potential cross-calendar data disclosure. A public calendar block can be used as a pivot to access private calendar data. The CVSS v4.0 base score is 6.3 (AV:N/AC:L/AT...

6.3CVSS5.8AI score0.00211EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.12 views

PT-2026-42544

Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot point to access private calendar data. The Concrete CMS security team gave this vulnerability a...

6.3CVSS5.8AI score0.00211EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-1247

Malware in sbrugna...

4.3CVSS4.7AI score0.01169EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-32739

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number...

5.3CVSS5.6AI score0.00733EPSS
Exploits0References2
OSV
OSV
added 2022/06/13 8:15 a.m.4 views

CVE-2022-32739

When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number...

5.3CVSS5.7AI score0.00733EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2022/06/13 8:15 a.m.40 views

CVE-2022-32739

When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number...

5.3CVSS5.9AI score0.00733EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/13 7:0 a.m.3 views

CVE-2022-32739

When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number...

5.3CVSS5.7AI score0.00733EPSS
Exploits0References2Affected Software2
Openbugbounty
Openbugbounty
added 2018/08/01 10:38 p.m.10 views

katieevanscounselling.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-657325 Description| Value ---|--- Affected Website:| katieevanscounselling.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
CNVD
CNVD
added 2017/07/06 12:0 a.m.3 views

ownCloud Information Disclosure Vulnerability (CNVD-2017-22086)

ownCloud is a free and open source personal cloud storage solution from the German company ownCloud, which provides file management, music storage, calendaring and other features. ownCloud server is a server version. A security vulnerability exists in versions of ownCloud Server prior to 10.0.2. ...

5.3CVSS6.8AI score0.01036EPSS
Exploits0References1
OwnCloud
OwnCloud
added 2017/05/31 12:0 a.m.20 views

Share tokens for public calendars disclosed - ownCloud security advisory

Platform: ownCloud Server Versions: 10.0.2 Date: 5/31/2017 Risk level: Medium CVSS v3 Base Score: 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CWE: Information Exposure Through Directory Listing CWE-548...

5.3CVSS2.3AI score0.01036EPSS
Exploits0
Prion
Prion
added 2008/09/02 3:41 p.m.15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in dotProject 2.1.2 allow remote attackers to inject arbitrary web script or HTML via 1 the inactive parameter in a tasks action, 2 the date parameter in a calendar dayview action, 3 the callback parameter in a public calendar action,...

4.3CVSS5.9AI score0.01073EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder