Calendar
This hub aggregates every CVE we track for Calendar, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
36
CVEs tracked
0
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM28LOW6HIGH2
Monthly trend
0
0
1
0
0
0
0
0
0
0
0
0
0
0
1
0
0
4
0
0
0
0
0
1
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Calendar.
- CVE-2026-45286Nextcloud: Calendar app leaked user identifiers via attendee suggestion endpoint4.3
- CVE-2025-14548Calendar <= 1.3.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'event_desc'6.4
- CVE-2025-66550Nextcloud Calendar attachments of local files are offered to downloaded5.7
- CVE-2025-66546Nextcloud Calendar app allowed booking appointments without the generated token3.3
- CVE-2025-66511Nextcloud Calendar app used predictable proposal participant tokens4.8
- CVE-2025-21035Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers to access data across multiple user profiles.4.6
- CVE-2024-45303Discourse Calendar plugin event names susceptible to XSS6.1
- CVE-2024-37316Nextcloud Calendar's event create can create attachments that link to other websites4.6
- CVE-2024-2831Calendar <= 1.3.14 - Authenticated (Contributor+) SQL Injection via Shortcode8.8
- CVE-2024-24817User can see invitees in events created in PMs and private categories4.3
- CVE-2024-26145Uninvited user is able to join and mark the attendance of the the private event6.5
- CVE-2023-48308Calendar app returns full stacktrace when an error happens while editing appointment3.5
- CVE-2023-45150Inviting excessive long email addresses to a calendar event makes the Nextcloud server unresponsive4.3
- CVE-2023-30678Potential zip path traversal vulnerability in Calendar application prior to version 12.4.07.15 in Android 13 allows attackers to write arbitrary file.5.1
- CVE-2023-33183Error in calendar when booking an appointment reveals the full path of the website2.6
Product normalization is registry-driven with AI assist and human review. How it works