Lucene search
+L

9304 matches found

Circl
Circl
added yesterday7 views

CVE-2026-9323

creationtimestamp| type| source ---|---|--- 2026-07-18 14:34:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqwicdxykb2z 2026-07-18 15:00:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mqwjrntoau2w 2026-07-18 16:39:55+00:00| seen|...

9.2CVSS4.8AI score
Exploits0References3
Nuclei
Nuclei
added yesterday54 views

WordPress Events Calendar <1.4.5 - Cross-Site Scripting

WordPress Events Calendar plugin before 1.4.5 contains multiple cross-site scripting vulnerabilities. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the...

6.1CVSS6.1AI score0.00891EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday25 views

The Events Calendar < 6.4.0.1 - Cross-site Scripting

The Events Calendar WordPress plugin 6.4.0.1 contains a stored XSS caused by improper sanitization of user-submitted content when rendering views via AJAX, letting attackers execute scripts in the context of the affected site. Exploitation requires user interaction. id: CVE-2024-4180 info: name:...

9.1CVSS5.2AI score0.01834EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday51 views

WordPress Events Calendar 6.8.2.1 - Information Disclosure

The Events Calendar WordPress plugin 6.8.2.1 contains missing access checks in the REST API, letting unauthenticated users access information about password protected events, exploit requires no authentication. id: CVE-2024-5333 info: name: WordPress Events Calendar 6.8.2.1 - Information Disclosu...

5.3CVSS8.3AI score0.01092EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday260 views

SuiteCRM - SQL Injection

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. id: CVE-2024-36412 info: name: SuiteC...

10CVSS8.6AI score0.05692EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday166 views

My Calendar WordPress Plugin - Information Disclosure

My Calendar WordPress plugin = 3.7.6 contains an injection vulnerability caused by unvalidated user input passed to parsestr in mcajaxmcjsaction endpoint, letting unauthenticated attackers access or crash sites via switchtoblog, exploit requires WordPress Multisite or Single Site setup. id:...

8.8CVSS5.2AI score0.00932EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday135 views

WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection

WordPress Modern Events Calendar plugin before 6.1.5 is susceptible to blind SQL injection. The plugin does not sanitize and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action. An attacker can possibly obtain sensitive information, modify data, and/o...

9.8CVSS8.7AI score0.728EPSS
Exploits7References5
Nuclei
Nuclei
added yesterday9 views

MISP < 2.5.37 - SQL Injection

MISP before 2.5.37 is vulnerable to SQL injection via the order parameter in EventsController. The POST body order value is passed directly into ORDER BY clauses without validation. id: CVE-2026-44381 info: name: MISP 2.5.37 - SQL Injection author: malcha severity: medium description: | MISP befo...

9.3CVSS5.6AI score0.0054EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday12 views

Registrations for The Events Calendar < 2.7.5 - Authenticated Reflected Cross-Site Scripting

The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting id: CVE-2021-24876 info: name: Registrations for The Events Calendar 2.7.5 - Authenticated Reflected...

6.1CVSS6.2AI score0.01165EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday105 views

WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure

WordPress Modern Events Calendar Lite before 5.16.5 does not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format. id: CVE-2021-24146 info: name: WordPress Modern Events Calendar Lite 5.16.5 - Sensitive Information Disclosure...

7.5CVSS7.3AI score0.31043EPSS
Exploits5References5
NVD
NVD
added 2 days ago6 views

CVE-2026-58149

The Joomla extension Events Booking is vulnerable to an unauthenticated user enumeration that allows to retrieve account usernames and email addresses...

0.00146EPSS
Exploits0References1
NVD
NVD
added 2 days ago6 views

CVE-2026-60025

The Joomla extension Events Booking prior version 5.8.0 had an frontend file upload endpoint that lacked CSRF protection...

0.00097EPSS
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-60024

The Joomla extension Events Booking prior version 5.8.0 did by default allow unauthenticated users to upload media assets...

0.00146EPSS
Exploits0References1
CVE
CVE
added 2 days ago13 views

CVE-2026-60024

The CVE pertains to the Joomla extension Events Booking, where prior versions up to 5.8.0 allow unauthenticated users to upload media assets by default. The affected component is the Events Booking plugin for Joomla (joomdonation.com). The root cause is an insecure default configuration that perm...

5.3AI score0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-60024 Joomla Extension - joomdonation.com - Insecure default configuration Events Booking < 5.8.0

The Joomla extension Events Booking prior version 5.8.0 did by default allow unauthenticated users to upload media assets...

0.00146EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-45184

The Joomla extension Events Booking prior version 5.8.0 did by default allow unauthenticated users to upload media assets...

5.3AI score0.00146EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-45200

The Joomla extension Events Booking is vulnerable to an unauthenticated user enumeration that allows to retrieve account usernames and email addresses...

5.3AI score0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-58149 Joomla Extension - joomdonation.com - User enumeration in Events Booking < 5.8.0

The Joomla extension Events Booking is vulnerable to an unauthenticated user enumeration that allows to retrieve account usernames and email addresses...

0.00146EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-58149

Joomla extension Events Booking (joomdonation.com) is affected by CVE-2026-58149: unauthenticated user enumeration that can reveal usernames and email addresses. Affected versions are

5.3AI score0.00146EPSS
Exploits0References1
CVE
CVE
added 2 days ago14 views

CVE-2026-60025

CVE-2026-60025 affects the Joomla extension Events Booking prior to version 5.8.0. The frontend file upload endpoint is reported to lack CSRF protection, which in the accompanying CVE listing is described as enabling user enumeration in Events Booking

5.3AI score0.00097EPSS
Exploits0References1
Rows per page
Query Builder