Lucene search

K

Event Calendar – Calendar (WordPress Plugin) Security Vulnerabilities

nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : mariadb (SUSE-SU-2024:2032-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2032-1 advisory. - CVE-2024-21096: Fixed mysqldump unspecified vulnerability (bsc#1225983). - Update to 10.11.8. Tenable has extracted the...

4.9CVSS

5.3AI Score

0.0005EPSS

2024-06-15 12:00 AM
nessus
nessus

Debian dla-3829 : libmilter-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3829 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3829-1 [email protected] ...

5.3CVSS

6.7AI Score

0.002EPSS

2024-06-15 12:00 AM
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2024:2031-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2031-1 advisory. - Update to version 4.9.5 - CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated...

8.3CVSS

8.7AI Score

0.0004EPSS

2024-06-15 12:00 AM
cve
cve

CVE-2024-37888

The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version <...

6.1CVSS

6.3AI Score

0.0004EPSS

2024-06-14 06:15 PM
8
nvd
nvd

CVE-2024-37888

The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version <...

6.1CVSS

0.0004EPSS

2024-06-14 06:15 PM
2
cvelist
cvelist

CVE-2024-37888 The Open Link CKEditor plugin has a cross-site scripting (XSS) vulnerability in open link functionality

The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version <...

6.1CVSS

0.0004EPSS

2024-06-14 05:17 PM
nvd
nvd

CVE-2024-37887

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or....

3.5CVSS

0.0004EPSS

2024-06-14 04:15 PM
2
cve
cve

CVE-2024-37887

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or....

3.5CVSS

4AI Score

0.0004EPSS

2024-06-14 04:15 PM
7
cve
cve

CVE-2024-37316

Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is recommended that the Nextcloud Calendar App is upgraded to 4.6.8 or...

4.6CVSS

4.8AI Score

0.0004EPSS

2024-06-14 04:15 PM
8
nvd
nvd

CVE-2024-37316

Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is recommended that the Nextcloud Calendar App is upgraded to 4.6.8 or...

4.6CVSS

0.0004EPSS

2024-06-14 04:15 PM
3
vulnrichment
vulnrichment

CVE-2024-37887 Nextcloud Server's events information leaked with shared calendars on recurrence exceptions

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or....

3.5CVSS

7AI Score

0.0004EPSS

2024-06-14 03:48 PM
2
cvelist
cvelist

CVE-2024-37887 Nextcloud Server's events information leaked with shared calendars on recurrence exceptions

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or....

3.5CVSS

0.0004EPSS

2024-06-14 03:48 PM
4
cvelist
cvelist

CVE-2024-37316 Nextcloud Calendar's event create can create attachments that link to other websites

Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is recommended that the Nextcloud Calendar App is upgraded to 4.6.8 or...

4.6CVSS

0.0004EPSS

2024-06-14 03:23 PM
nextcloud
nextcloud

Events information leaked with shared calendars on recurrence exceptions

Description Impact Private shared calendar events' recurrence exceptions can be read by sharees. Patches It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 It is recommended that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1...

3.5CVSS

6.5AI Score

0.0004EPSS

2024-06-14 02:36 PM
2
nextcloud
nextcloud

Event create can create attachments that link to other websites

Description Impact Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. Patches It is recommended that the Nextcloud Calendar App is upgraded to 4.6.8 or 4.7.2 Workarounds Disable the calendar app References ...

4.6CVSS

6.6AI Score

0.0004EPSS

2024-06-14 02:30 PM
1
rocky
rocky

libvirt bug fix update

An update is available for libvirt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libvirt library contains a C API for managing and interacting with the...

7.4AI Score

2024-06-14 02:00 PM
1
rocky
rocky

libreoffice security update

An update is available for libreoffice. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibreOffice is an open source, community-developed office productivity...

8.8CVSS

7.2AI Score

0.001EPSS

2024-06-14 02:00 PM
osv
osv

Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

8.8CVSS

7.4AI Score

0.001EPSS

2024-06-14 02:00 PM
4
rocky
rocky

kronosnet bug fix and enhancement update

An update is available for kronosnet. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

6.8AI Score

2024-06-14 01:59 PM
rocky
rocky

nmstate bug fix and enhancement update

An update is available for nmstate. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

6.8AI Score

2024-06-14 01:59 PM
rocky
rocky

grafana-pcp bug fix and enhancement update

An update is available for grafana-pcp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list grafana-pcp is an open source Grafana plugin for PCP. Bug Fix(es) and...

7.5CVSS

7.7AI Score

0.0005EPSS

2024-06-14 01:59 PM
rocky
rocky

virt:rhel and virt-devel:rhel security and enhancement update

An update is available for module.swtpm, module.libtpms, module.libnbd, netcf, module.nbdkit, hivex, libiscsi, libtpms, module.sgabios, libguestfs-winsupport, virt-v2v, module.supermin, module.virt-v2v, module.libvirt-dbus, module.qemu-kvm, supermin, swtpm, libvirt-dbus, sgabios, qemu-kvm,...

7CVSS

7.4AI Score

0.002EPSS

2024-06-14 01:59 PM
rocky
rocky

virt:rhel and virt-devel:rhel security update

An update is available for module.swtpm, module.libtpms, module.libnbd, netcf, module.nbdkit, hivex, libiscsi, libtpms, module.sgabios, libguestfs-winsupport, virt-v2v, module.supermin, module.virt-v2v, module.libvirt-dbus, module.qemu-kvm, supermin, swtpm, libvirt-dbus, sgabios, qemu-kvm,...

6.2CVSS

6.8AI Score

0.001EPSS

2024-06-14 01:59 PM
rocky
rocky

gcc-toolset-13-annobin bug fix and enhancement update

An update is available for gcc-toolset-13-annobin. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the.....

6.8AI Score

2024-06-14 01:59 PM
rocky
rocky

dnf-plugins-core bug fix and enhancement update

An update is available for dnf-plugins-core. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky.....

6.8AI Score

2024-06-14 01:59 PM
rocky
rocky

gcc bug fix update

An update is available for gcc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and...

7.3AI Score

2024-06-14 01:59 PM
cve
cve

CVE-2024-2024

The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and above, to upload...

8.8CVSS

8.9AI Score

0.001EPSS

2024-06-14 01:15 PM
11
nvd
nvd

CVE-2024-2024

The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and above, to upload...

8.8CVSS

0.001EPSS

2024-06-14 01:15 PM
3
nvd
nvd

CVE-2024-2023

The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. This makes it possible for authenticated attackers, with author access and above, to...

4.3CVSS

0.001EPSS

2024-06-14 01:15 PM
4
cve
cve

CVE-2024-2023

The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. This makes it possible for authenticated attackers, with author access and above, to...

4.3CVSS

4.5AI Score

0.001EPSS

2024-06-14 01:15 PM
9
vulnrichment
vulnrichment

CVE-2024-2024 Folders Pro <= 3.0.2 - Authenticated(Author+) Arbitrary File Upload via handle_folders_file_upload

The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and above, to upload...

8.8CVSS

7.7AI Score

0.001EPSS

2024-06-14 12:51 PM
1
cvelist
cvelist

CVE-2024-2024 Folders Pro <= 3.0.2 - Authenticated(Author+) Arbitrary File Upload via handle_folders_file_upload

The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and above, to upload...

8.8CVSS

0.001EPSS

2024-06-14 12:51 PM
1
vulnrichment
vulnrichment

CVE-2024-2023 Folders <= 3.0 and Folders Pro <= 3.0.2 - Directory Traversal via handle_folders_file_upload

The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. This makes it possible for authenticated attackers, with author access and above, to...

4.3CVSS

7AI Score

0.001EPSS

2024-06-14 12:50 PM
cvelist
cvelist

CVE-2024-2023 Folders <= 3.0 and Folders Pro <= 3.0.2 - Directory Traversal via handle_folders_file_upload

The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. This makes it possible for authenticated attackers, with author access and above, to...

4.3CVSS

0.001EPSS

2024-06-14 12:50 PM
2
cve
cve

CVE-2023-51376

Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through...

4.3CVSS

7AI Score

0.0004EPSS

2024-06-14 11:15 AM
25
nvd
nvd

CVE-2023-51376

Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-14 11:15 AM
cvelist
cvelist

CVE-2023-51376 WordPress ProjectHuddle Client Site plugin <= 1.0.34 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-14 10:21 AM
1
nvd
nvd

CVE-2024-2472

The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to...

9.1CVSS

0.001EPSS

2024-06-14 10:15 AM
2
cve
cve

CVE-2024-2472

The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to...

9.1CVSS

9AI Score

0.001EPSS

2024-06-14 10:15 AM
9
cvelist
cvelist

CVE-2024-2472 LatePoint Plugin <= 4.9.9 - Missing Authorization and Sensitive Information Exposure via IDOR

The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to...

9.1CVSS

0.001EPSS

2024-06-14 09:36 AM
5
vulnrichment
vulnrichment

CVE-2024-2472 LatePoint Plugin <= 4.9.9 - Missing Authorization and Sensitive Information Exposure via IDOR

The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to...

9.1CVSS

6.7AI Score

0.001EPSS

2024-06-14 09:36 AM
nvd
nvd

CVE-2024-4863

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

0.0004EPSS

2024-06-14 09:15 AM
5
cve
cve

CVE-2024-4863

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-14 09:15 AM
8
cvelist
cvelist

CVE-2024-4863 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

0.0004EPSS

2024-06-14 08:35 AM
2
vulnrichment
vulnrichment

CVE-2024-4863 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-06-14 08:35 AM
veracode
veracode

Path Traversal

org.jenkins-ci.plugins:report-info is vulnerable to Path Traversal. The vulnerability is due to lack of path validation in the workspace directory, allowing attackers with Item/Configure permission to access restricted files on the controller file...

6.6AI Score

0.0004EPSS

2024-06-14 08:21 AM
cve
cve

CVE-2024-5577

The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version &lt;= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. This makes it possible for unauthenticated attackers to include and execute arbitrary files hosted on extern...

9.8CVSS

10AI Score

0.001EPSS

2024-06-14 08:15 AM
11
nvd
nvd

CVE-2024-5577

The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version &lt;= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. This makes it possible for unauthenticated attackers to include and execute arbitrary files hosted on extern...

9.8CVSS

0.001EPSS

2024-06-14 08:15 AM
4
nvd
nvd

CVE-2024-5465

Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect...

5.9CVSS

0.0004EPSS

2024-06-14 08:15 AM
6
cve
cve

CVE-2024-5465

Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect...

5.9CVSS

7.2AI Score

0.0004EPSS

2024-06-14 08:15 AM
10
Total number of security vulnerabilities269646