17 matches found
CVE-2026-52779 OpenProject: Cross-project authorization bypass allows deleting public Calendar and Team Planner queries from unauthorized projects
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, a cross-project IDOR / authorization context confusion in the Calendar and Team Planner modules allows a user with management permissions in one project to delete public Calendar or Team Planner Queries...
CVE-2026-8204
Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot point to access private calendar data. The Concrete CMS security team gave this vulnerability a...
GHSA-X2FP-HJ8C-MMXH Concrete CMS is vulnerable to authorization bypass in the Calendar Event Frontend Dialog
Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot point to access private calendar data...
CVE-2026-8204
Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot point to access private calendar data. The Concrete CMS security team gave this vulnerability a...
CVE-2026-8204 Concrete CMS 9.5.0 and below is vulnerable to Authorization Bypass in the Calendar Event Frontend Dialog
Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot point to access private calendar data. The Concrete CMS security team gave this vulnerability a...
EUVD-2026-31348
Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot point to access private calendar data. The Concrete CMS security team gave this vulnerability a...
CVE-2026-8204
Concrete CMS 9.5.0 and earlier versions are vulnerable to an authorization bypass in the Calendar Event Frontend Dialog, enabling potential cross-calendar data disclosure. A public calendar block can be used as a pivot to access private calendar data. The CVSS v4.0 base score is 6.3 (AV:N/AC:L/AT...
PT-2026-42544
Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot point to access private calendar data. The Concrete CMS security team gave this vulnerability a...
EUVD-2017-1247
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2022-32739
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number...
CVE-2022-32739
When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number...
CVE-2022-32739
When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number...
CVE-2022-32739
When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number...
katieevanscounselling.co.uk XSS vulnerability
Open Bug Bounty ID: OBB-657325 Description| Value ---|--- Affected Website:| katieevanscounselling.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
ownCloud Information Disclosure Vulnerability (CNVD-2017-22086)
ownCloud is a free and open source personal cloud storage solution from the German company ownCloud, which provides file management, music storage, calendaring and other features. ownCloud server is a server version. A security vulnerability exists in versions of ownCloud Server prior to 10.0.2. ...
Share tokens for public calendars disclosed - ownCloud security advisory
Platform: ownCloud Server Versions: 10.0.2 Date: 5/31/2017 Risk level: Medium CVSS v3 Base Score: 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CWE: Information Exposure Through Directory Listing CWE-548...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in index.php in dotProject 2.1.2 allow remote attackers to inject arbitrary web script or HTML via 1 the inactive parameter in a tasks action, 2 the date parameter in a calendar dayview action, 3 the callback parameter in a public calendar action,...