Outline 信息泄露漏洞

Outline is an open-source knowledge base developed by Outline. Versions of Outline prior to 1.5 had a vulnerability related to information leakage. This vulnerability stemmed from logical flaws in the filtering mechanism of the event list API endpoint, which could allow any authenticated user to...

CVE-2022-0418

The Event List WordPress plugin before 0.8.8 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks against other admin even when the unfilteredhtml is disallowed...

CVE-2025-66395

CVE-2025-66395 affects ChurchCRM prior to 6.5.3. The vulnerability is a SQL injection in src/ListEvents.php when filtering events by type using the WhichType POST parameter, which is not properly sanitized or type-casted before multiple SQL queries. Any authenticated user, regardless of privilege...

CVE-2025-66395 SQL Injection in Event List via `WhichType` Parameter

ChurchCRM is an open-source church management system. Prior to version 6.5.3, a SQL injection vulnerability exists in the src/ListEvents.php file. When filtering events by type, the WhichType POST parameter is not properly sanitized or type-casted before being used in multiple SQL queries. This...

CVE-2025-66395 SQL Injection in Event List via `WhichType` Parameter

ChurchCRM is an open-source church management system. Prior to version 6.5.3, a SQL injection vulnerability exists in the src/ListEvents.php file. When filtering events by type, the WhichType POST parameter is not properly sanitized or type-casted before being used in multiple SQL queries. This...

CVE-2025-66395 SQL Injection in Event List via `WhichType` Parameter

ChurchCRM is an open-source church management system. Prior to version 6.5.3, a SQL injection vulnerability exists in the src/ListEvents.php file. When filtering events by type, the WhichType POST parameter is not properly sanitized or type-casted before being used in multiple SQL queries. This...

PT-2025-49653

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The perf tool within the Linux kernel contains a memory leak in the x86 CPUID detection mechanism. The leak occurs when using the perf env read cpuid function, triggered during CPUID...

EUVD-2017-3654

Malware in sbrugna...

EUVD-2017-18364

Malware in sbrugna...

EUVD-2025-28729

Malicious code in bioql PyPI...

CVE-2025-6366

The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.0.4. This is due to the plugin not properly validating a user's capabilities prior to updating their profile in the elupdateprofile function. This makes it possible for authenticated...

CVE-2025-6366

The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.0.4. This is due to the plugin not properly validating a user's capabilities prior to updating their profile in the elupdateprofile function. This makes it possible for authenticated...

CVE-2025-6366 Event List <= 2.0.4 - Authenticated (Subscriber+) Privilege Escalation

The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.0.4. This is due to the plugin not properly validating a user's capabilities prior to updating their profile in the elupdateprofile function. This makes it possible for authenticated...

CVE-2025-6366

CVE-2025-6366 – The Event List WordPress plugin (versions ≤ 2.0.4) is vulnerable to privilege escalation due to insufficient validation of user capabilities in el_update_profile(). Authenticated users with Subscriber+ can elevate to administrator. Evidence from Wordfence/NVD/CVE records indicates...

CVE-2025-6366 Event List <= 2.0.4 - Authenticated (Subscriber+) Privilege Escalation

The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.0.4. This is due to the plugin not properly validating a user's capabilities prior to updating their profile in the elupdateprofile function. This makes it possible for authenticated...

WordPress plugin Event List 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin Event List...

PT-2025-34779 · WordPress · Event List

Name of the Vulnerable Software and Affected Versions: Event List plugin for WordPress versions up to and including 2.0.4 Description: The Event List plugin for WordPress is susceptible to privilege escalation. This occurs because the plugin does not adequately validate a user’s capabilities befo...

Linux Distros Unpatched Vulnerability : CVE-2020-25815

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names f...

CVE-2022-49607 perf/core: Fix data race between perf_event_set_output() and perf_mmap_close()

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix data race between perfeventsetoutput and perfmmapclose Yang Jihing reported a race between perfeventsetoutput and perfmmapclose: CPU1 CPU2 perfmmapclosee2 if atomicdecandtest&e2-rb-mmapcount // 1 - 0 detachrest =...

PT-2025-30787

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability exists in the Linux kernel related to RDMA/mlx5, specifically concerning the initialization of obj event-obj sub list before its insertion using xa insert. This can lead ...