Every CVE whose affected-product data names Nextcloud Calendar, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2025-66550 — CVSS 5.7 (medium): Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a…
CVE-2022-24838 — CVSS 5.3 (medium): Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as…
CVE-2018-3763 — CVSS 4.8 (medium): In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS…
CVE-2025-66511 — CVSS 4.8 (medium): Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals…
CVE-2024-37316 — CVSS 4.6 (medium): Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a…
CVE-2023-45150 — CVSS 4.3 (medium): Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to…
CVE-2026-45286 — CVSS 4.3 (medium): Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an…
CVE-2023-48308 — CVSS 3.5 (low): Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating…
CVE-2025-66546 — CVSS 3.3 (low): Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking…
CVE-2023-33183 — CVSS 2.6 (low): Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed…