CVE-2026-23478

Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user's account by supplying a target email address via session.update. This vulnerability is fixed in...

EUVD-2026-2413

Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user's account by supplying a target email address via session.update. This vulnerability is fixed in...

CVE-2026-23478

Cal.com CVE-2026-23478 affects versions 3.1.6–6.0.6. Root cause: improper server-side validation in a custom NextAuth JWT callback that trusts client-supplied data during session.update(), enabling an unauthenticated attacker to fully impersonate any user. Impact: total account takeover with acce...

CVE-2025-69021

CVE-2025-14998 (Branda – White Label & Branding, Free Login Page Customizer) : Unauthenticated privilege escalation via account takeover. CVSS 9.8 (Critical). Affected software: Branda – White Label & Branding, Free Login Page Customizer (

PT-2025-53902

Name of the Vulnerable Software and Affected Versions Ays Pro Popup box versions through 6.0.7 Description A Cross-Site Request Forgery issue exists in Ays Pro Popup box. This allows attackers to perform actions on behalf of an unsuspecting user. The issue affects the Popup box component...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the improper privilege management for in the upload process. An attacker can install or remove arbitrary packages and potentially execute malicious code by leveraging insufficient access controls in the...

Drupal Simple OAuth (OAuth2) & OpenID Connect 安全漏洞

Drupal Simple OAuth OAuth2 & OpenID Connect is an authorization framework for the Drupal community. A security vulnerability exists in Drupal Simple OAuth OAuth2 & OpenID Connect version 6.0.0 through versions prior to 6.0.7, which stems from an authentication bypass vulnerability that could lead...

CVE-2025-12466 Simple OAuth (OAuth2) & OpenID Connect - Critical - Access bypass - SA-CONTRIB-2025-114

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth OAuth2 & OpenID Connect allows Authentication Bypass.This issue affects Simple OAuth OAuth2 & OpenID Connect: from 6.0.0 before 6.0.7...

DRUPAL-CONTRIB-2025-114

This module introduces an OAuth 2.0 authorization server, which can be configured to protect your Drupal instance with access tokens, or allow clients to request new access tokens and refresh them. The module doesn't sufficiently respect granted scopes, it affects all access checks that are based...

Simple OAuth (OAuth2) & OpenID Connect - Critical - Access bypass - SA-CONTRIB-2025-114

This module introduces an OAuth 2.0 authorization server, which can be configured to protect your Drupal instance with access tokens, or allow clients to request new access tokens and refresh them. The module doesn't sufficiently respect granted scopes, it affects all access checks that are based...

EUVD-2002-0412

Malware in sbrugna...

EUVD-2020-15804

Malware in sbrugna...

CVE-2024-56063

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through = 6.0.7...

CVE-2025-32508

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ComMotion Course Booking System course-booking-system allows Reflected XSS.This issue affects Course Booking System: from n/a through = 6.1.2...

CVE-2025-32508

The CVE-2025-32508 entry refers to a Reflected XSS in the ComMotion Course Booking System (Course Booking System plugin) affecting versions from n/a up to 6.0.7. The vulnerability arises from improper input neutralization during web page generation, enabling reflected cross-site scripting. Multip...

WordPress plugin Course Booking System 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2024-36698 · Wpdeveloper · Wpdeveloper Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: WPDeveloper Essential Addons for Elementor versions through 6.0.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that a...

WordPress plugin Essential Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin Essential Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Promptr 安全漏洞

Promptr is a CLI tool by the individual developer Ferris Lucas. Allows the use of plain English to instruct the OpenAI LLM model to make changes to the code base. A security vulnerability exists in Promptr version v6.0.7, which stems from the presence of a Remote Command Execution RCE vulnerabili...