Luxcal Web Calendar

4 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-25224 HIGH This Week

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Luxcal Web Calendar
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-25223 MEDIUM This Month

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal vulnerability in dloader.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Luxcal Web Calendar
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-25222 CRITICAL Act Now

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Luxcal Web Calendar
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-25221 CRITICAL Act Now

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in pdf.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Luxcal Web Calendar
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-25224
EPSS 0% CVSS 7.5
HIGH This Week

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Luxcal Web Calendar
NVD
CVE-2025-25223
EPSS 0% CVSS 5.3
MEDIUM This Month

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal vulnerability in dloader.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Luxcal Web Calendar
NVD
CVE-2025-25222
EPSS 0% CVSS 9.8
CRITICAL Act Now

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Luxcal Web Calendar
NVD
CVE-2025-25221
EPSS 0% CVSS 9.8
CRITICAL Act Now

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in pdf.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Luxcal Web Calendar
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy