CVE-2026-29052

< 1.8.11

The Calendar module for HumHub enables users to create one-time or recurring events, manage attendee invitations, and efficiently

6.1MEDIUM

CVE-2025-66550

>= 4.0.0 and < 4.7.17

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with

5.7MEDIUM

CVE-2025-66546

>= 4.0.0 and < 4.7.19

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking ap

3.3LOW

CVE-2025-66511

>= 6.0.0 and < 6.0.3

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting prop

4.8MEDIUM

CVE-2025-21035

< 12.5.06.5

Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical

4.6MEDIUM

CVE-2024-45303

< 0.5

Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rendering event

6.1MEDIUM

CVE-2024-37316

>= 4.3.0 and < 4.6.8

Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data lea

4.6MEDIUM

CVE-2024-24817

< 0.4

Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platfo

4.3MEDIUM

CVE-2024-26145

< 2024-02-21

Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on Discourse. Uninvited users are ab

6.5MEDIUM

CVE-2023-48308

>= 3.0.0 and < 4.5.3

Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when g

3.5LOW

CVE-2023-45150

>= 1.0 and < 4.4.4

Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying t

4.3MEDIUM

CVE-2023-30678

< 12.4.07.15

Potential zip path traversal vulnerability in Calendar application prior to version 12.4.07.15 in Android 13 allows attackers to w

5.1MEDIUM

CVE-2023-33183

< 3.5.5

Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are dis

2.6LOW

CVE-2023-21464

< 12.4.02.9000

Improper access control in Samsung Calendar prior to versions 12.4.02.9000 in Android 13 and 12.3.08.2000 in Android 12 allows loc

4.0MEDIUM

CVE-2022-39915

< 11.6.08.0

Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.

3.3LOW

CVE-2022-41913

all versions

Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the fir

4.3MEDIUM

CVE-2022-27617

< 2.3.4-0631

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calen

5.0MEDIUM

CVE-2022-22686

< 2.3.4-0631

Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authentic

6.5MEDIUM

CVE-2022-33705

< 12.3.05.10000

Information exposure in Calendar prior to version 12.3.05.10000 allows attacker to access calendar schedule without READ_CALENDAR

3.3LOW

CVE-2022-22682

< 2.4.5-10930

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology

6.5MEDIUM

CVE-2022-24838

< 3.2.2

Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newline

5.3MEDIUM

CVE-2021-34812

< 2.4.0-0761

Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obt

5.8MEDIUM

CVE-2019-11829

< 2.3.1-0617

OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers

7.3HIGH

CVE-2019-11825

< 2.3.0-0615

Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject

6.5MEDIUM

CVE-2018-18872

< 1.3.11

The Kieran O'Shea Calendar plugin before 1.3.11 for WordPress has Stored XSS via the event_title parameter in a wp-admin/admin.php

5.4MEDIUM

CVE-2019-11820

< 2.3.3-0620

Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain

5.5MEDIUM

CVE-2018-13299

< 2.2.2-0532

Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated us

4.3MEDIUM

CVE-2018-3763

< 1.5.8

In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a s

4.8MEDIUM

CVE-2018-8927

< 2.1.2-0511

Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create a

5.4MEDIUM

CVE-2018-8915

< 2.1.1-0502

Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated

6.5MEDIUM

CVE-2016-10716

< 2.5.0.61

The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS via the Name field in a Create Calender action, related to

5.4MEDIUM

CVE-2017-15891

< 2.0.1-0242

Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated use

6.5MEDIUM

CVE-2013-2698

<= 1.3.2

Cross-site request forgery (CSRF) vulnerability in the Calendar plugin before 1.3.3 for WordPress allows remote attackers to hijac

CVE-2009-3157

all versions

Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, w