Calendar Security Vulnerabilities and Issues — Calendar CVE List

NextcloudCalendar

10 matches found

CVE•added 2022/04/11 8:25 p.m.•110 views

CVE-2022-24838

The CVE-2022-24838 issue affects Nextcloud Calendar (the calendar app for Nextcloud). The vulnerability arises because newlines and special characters in the email value within the JSON request are not sanitized, allowing an attacker to break out of the SMTP command RCPT TO: and inject arbitrary ...

9.8CVSS7.7AI score0.08781EPSS

CVE•added 2023/10/16 7:6 p.m.•90 views

CVE-2023-45150

CVE-2023-45150 concerns Nextcloud Calendar. The Red Hat/Reddit/GHSA and CVE records describe a flaw in the Nextcloud Calendar app where missing precondition checks allow handling of arbitrarily long strings (e.g., overly long email addresses), leading to a busy, unresponsive server and potential ...

4.3CVSS4.5AI score0.00118EPSS

CVE•added 2023/05/30 5:1 a.m.•78 views

CVE-2023-33183

Summary: CVE-2023-33183 affects the Nextcloud Calendar app. An issue disclosed internal website paths when the SMTP server is unavailable, enabling information disclosure. Affected versions (Calendar app): prior to 3.5.5 and prior to 4.2.3. Impact (per sources): exposure of internal paths; limite...

4.3CVSS4.4AI score0.00084EPSS

CVE•added 2024/06/14 3:23 p.m.•58 views

CVE-2024-37316

CVE-2024-37316 affects Nextcloud Calendar. Authenticated users can create events with manipulated attachment data, causing a bad redirect for participants when clicked. Affected component: Nextcloud Calendar app. Root cause: improper handling of attachment data during event creation leading to re...

4.6CVSS4.6AI score0.00426EPSS

CVE•added 2023/12/21 11:12 p.m.•51 views

CVE-2023-48308

CVE-2023-48308 affects the Nextcloud Calendar app. The authenticated user can trigger an error while editing a calendar appointment that exposes the server’s stacktrace and internal paths. Affected software: Nextcloud Calendar prior to version 4.5.3. Root cause: error handling leaks internal debu...

6.5CVSS5.1AI score0.00269EPSS

CVE•added 2018/07/05 4:0 p.m.•46 views

CVE-2018-3763

Nextcloud Calendar versions prior to 1.5.8 and 1.6.1 contain a stored XSS in the calendar autocomplete search results for group names. The vulnerability arises from missing sanitization of search results, and exploitation is limited to privileged users (admins/group admins) crafting malicious res...

4.8CVSS4.8AI score0.00305EPSS

CVE•added 2025/12/05 4:42 p.m.•9 views

CVE-2025-66511

The CVE-2025-66511 issue affects Nextcloud Calendar prior to version 6.0.3. It stems from insecure generation of meeting proposal participant tokens (not purely random; based on a hash function), which enables an attacker to compute valid tokens and abuse them to view details and submit dates in ...

6.5CVSS6.3AI score0.00023EPSS

CVE•added 2025/12/05 4:56 p.m.•8 views

CVE-2025-66550

CVE-2025-66550 affects Nextcloud Calendar prior to versions 4.7.17 and 5.2.4. A malicious user could create a calendar event with an attachment that links to a download URL for a file on the same Nextcloud server, causing the file to be downloaded without user confirmation. The issue is resolved ...

5.7CVSS6.2AI score0.00024EPSS

CVE•added 2025/12/05 4:49 p.m.•6 views

CVE-2025-66546

Summary: CVE-2025-66546 affects Nextcloud Calendar. The vulnerability arises from the calendar’s handling of appointment IDs, allowing blind booking of appointments without knowledge of the appointment token. Affected software/versions (as documented): Nextcloud Calendar prior to 4.7.19, prior to...

3.3CVSS6.3AI score0.00009EPSS

CVE•added 2 days ago•4 views

CVE-2026-45286

CVE-2026-45286 affects Nextcloud Open Source Content Collaboration Platform. An authenticated user could enumerate other users on the same instance by abusing the Calendar app’s endpoint for suggesting attendees; standard sharing restrictions did not apply to that endpoint. Impacted versions are ...

4.3CVSS5.8AI score0.00029EPSS