9304 matches found
CVE-2026-9323
creationtimestamp| type| source ---|---|--- 2026-07-18 14:34:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqwicdxykb2z 2026-07-18 15:00:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mqwjrntoau2w 2026-07-18 16:39:55+00:00| seen|...
WordPress Events Calendar <1.4.5 - Cross-Site Scripting
WordPress Events Calendar plugin before 1.4.5 contains multiple cross-site scripting vulnerabilities. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the...
The Events Calendar < 6.4.0.1 - Cross-site Scripting
The Events Calendar WordPress plugin 6.4.0.1 contains a stored XSS caused by improper sanitization of user-submitted content when rendering views via AJAX, letting attackers execute scripts in the context of the affected site. Exploitation requires user interaction. id: CVE-2024-4180 info: name:...
WordPress Events Calendar 6.8.2.1 - Information Disclosure
The Events Calendar WordPress plugin 6.8.2.1 contains missing access checks in the REST API, letting unauthenticated users access information about password protected events, exploit requires no authentication. id: CVE-2024-5333 info: name: WordPress Events Calendar 6.8.2.1 - Information Disclosu...
SuiteCRM - SQL Injection
SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. id: CVE-2024-36412 info: name: SuiteC...
My Calendar WordPress Plugin - Information Disclosure
My Calendar WordPress plugin = 3.7.6 contains an injection vulnerability caused by unvalidated user input passed to parsestr in mcajaxmcjsaction endpoint, letting unauthenticated attackers access or crash sites via switchtoblog, exploit requires WordPress Multisite or Single Site setup. id:...
WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection
WordPress Modern Events Calendar plugin before 6.1.5 is susceptible to blind SQL injection. The plugin does not sanitize and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action. An attacker can possibly obtain sensitive information, modify data, and/o...
MISP < 2.5.37 - SQL Injection
MISP before 2.5.37 is vulnerable to SQL injection via the order parameter in EventsController. The POST body order value is passed directly into ORDER BY clauses without validation. id: CVE-2026-44381 info: name: MISP 2.5.37 - SQL Injection author: malcha severity: medium description: | MISP befo...
Registrations for The Events Calendar < 2.7.5 - Authenticated Reflected Cross-Site Scripting
The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting id: CVE-2021-24876 info: name: Registrations for The Events Calendar 2.7.5 - Authenticated Reflected...
WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure
WordPress Modern Events Calendar Lite before 5.16.5 does not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format. id: CVE-2021-24146 info: name: WordPress Modern Events Calendar Lite 5.16.5 - Sensitive Information Disclosure...
CVE-2026-58149
The Joomla extension Events Booking is vulnerable to an unauthenticated user enumeration that allows to retrieve account usernames and email addresses...
CVE-2026-60025
The Joomla extension Events Booking prior version 5.8.0 had an frontend file upload endpoint that lacked CSRF protection...
CVE-2026-60024
The Joomla extension Events Booking prior version 5.8.0 did by default allow unauthenticated users to upload media assets...
CVE-2026-60024
The CVE pertains to the Joomla extension Events Booking, where prior versions up to 5.8.0 allow unauthenticated users to upload media assets by default. The affected component is the Events Booking plugin for Joomla (joomdonation.com). The root cause is an insecure default configuration that perm...
CVE-2026-60024 Joomla Extension - joomdonation.com - Insecure default configuration Events Booking < 5.8.0
The Joomla extension Events Booking prior version 5.8.0 did by default allow unauthenticated users to upload media assets...
EUVD-2026-45184
The Joomla extension Events Booking prior version 5.8.0 did by default allow unauthenticated users to upload media assets...
EUVD-2026-45200
The Joomla extension Events Booking is vulnerable to an unauthenticated user enumeration that allows to retrieve account usernames and email addresses...
CVE-2026-58149 Joomla Extension - joomdonation.com - User enumeration in Events Booking < 5.8.0
The Joomla extension Events Booking is vulnerable to an unauthenticated user enumeration that allows to retrieve account usernames and email addresses...
CVE-2026-58149
Joomla extension Events Booking (joomdonation.com) is affected by CVE-2026-58149: unauthenticated user enumeration that can reveal usernames and email addresses. Affected versions are
CVE-2026-60025
CVE-2026-60025 affects the Joomla extension Events Booking prior to version 5.8.0. The frontend file upload endpoint is reported to lack CSRF protection, which in the accompanying CVE listing is described as enabling user enumeration in Events Booking