Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication...
8.1CVSS
7.8AI Score
0.004EPSS
The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component...
10CVSS
9AI Score
0.005EPSS
Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by...
5.3CVSS
6.7AI Score
0.007EPSS
The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by...
10CVSS
9.2AI Score
0.005EPSS