Known Vulnerabilities for Calendar by Synology
Listed below are 10 of the newest known vulnerabilities associated with "Calendar" by "Synology".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33635 | iCalendar is a Ruby library for dealing with iCalendar files in the iCalendar format defined by RFC-5545. Starting in version... | Not Provided | 2026-03-26 | 2026-03-30 |
| CVE-2026-25465 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Multi Vie... | Not Provided | 2026-03-25 | 2026-03-25 |
| CVE-2026-25435 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Booking calend... | Not Provided | 2026-03-25 | 2026-03-25 |
| CVE-2026-25312 | Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectl... | Not Provided | 2026-03-19 | 2026-04-01 |
| CVE-2026-24636 | Missing Authorization vulnerability in Syed Balkhi Sugar Calendar (Lite) sugar-calendar-lite allows Exploiting Incorrectly Co... | Not Provided | 2026-01-23 | 2026-04-01 |
| CVE-2026-24378 | Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object In... | Not Provided | 2026-03-25 | 2026-03-26 |
| CVE-2026-4668 | The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to SQL Injection via the `sort` ... | Not Provided | 2026-04-01 | 2026-04-01 |
| CVE-2025-69358 | Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectl... | Not Provided | 2026-03-25 | 2026-03-26 |
| CVE-2025-58862 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in George Sexton WordPress... | Not Provided | 2025-09-05 | 2026-04-01 |
| CVE-2025-58861 | Cross-Site Request Forgery (CSRF) vulnerability in WP Corner Quick Event Calendar quick-event-calendar allows Stored XSS.This... | Not Provided | 2025-09-05 | 2026-04-01 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Synology | Calendar | 2.3.3-0620 | All | All | All |
| Application | Synology | Calendar | 2.3.2-0619 | All | All | All |
| Application | Synology | Calendar | 2.3.1-0617 | All | All | All |
| Application | Synology | Calendar | 2.3.0-0615 | All | All | All |
| Application | Synology | Calendar | 2.2.3-0534 | All | All | All |
| Application | Synology | Calendar | 2.2.2-0532 | All | All | All |
| Application | Synology | Calendar | 2.2.1-0518 | All | All | All |
| Application | Synology | Calendar | 2.1.2-0511 | All | All | All |
| Application | Synology | Calendar | 2.1.1-0502 | All | All | All |
| Application | Synology | Calendar | 2.1.0-0425 | All | All | All |
| Application | Synology | Calendar | 2.0.1-0242 | All | All | All |
| Application | Synology | Calendar | 2.0.0-0241 | All | All | All |
| Application | Synology | Calendar | 1.1.0-0146 | All | All | All |
| Application | Synology | Calendar | 1.0.3-0132 | All | All | All |
| Application | Synology | Calendar | 1.0.2-0131 | All | All | All |
| Application | Synology | Calendar | 1.0.0-0121 | All | All | All |