CVE-2026-33128

CVE-2026-33128 is a reserved entry. The connected advisory for GHSA-22CC-P3C6-WPVM documents a vulnerability in the h3 library’s SSE streaming: createEventStream’s event-stream formatting functions (formatEventStreamMessage and formatEventStreamComment) fail to sanitize newlines in fields (id, ev...

CVE-2026-1983 SEATT: Simple Event Attendance <= 1.5.0 - Cross-Site Request Forgery to Arbitrary Event Deletion

The SEATT: Simple Event Attendance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing nonce validation on the event deletion functionality. This makes it possible for unauthenticated attackers to delete arbitrary...

CVE-2026-24471

continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the local server to sign an arbitrary event upon user interaction. Upon a user account leaving a room rejecting an invite, joining a room or knocking on a room, the...

CVE-2026-24471 Improper Validation in Conduit-derived homeservers resulting in Unintended Proxy or Intermediary ('Confused Deputy')

continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the local server to sign an arbitrary event upon user interaction. Upon a user account leaving a room rejecting an invite, joining a room or knocking on a room, the...

CVE-2026-24471

continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the local server to sign an arbitrary event upon user interaction. Upon a user account leaving a room rejecting an invite, joining a room or knocking on a room, the...

PT-2026-5720

Name of the Vulnerable Software and Affected Versions Continuwuity versions prior to 0.5.1 Conduit versions prior to 0.10.11 Grapevine versions prior to 0aae932b Tuwunel versions prior to 1.4.9 Description A flaw exists that allows a malicious remote server to cause a local server to sign an...

WordPress Plugin Community Events Security Vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress Community Events plugin <= 1.5.6 - Missing Authorization to Unauthenticated Arbitrary Event Approval via 'eventlist' Parameter vulnerability

Missing Authorization to Unauthenticated Arbitrary Event Approval via 'eventlist' Parameter vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Community Events versions = 1.5.6...

CVE-2021-31559

A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders...

Linux Distros Unpatched Vulnerability : CVE-2025-22239

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Arbitrary event injection on Salt Master. The master's minionevent method can be used by and authorized minion to send arbitrary events onto the master's event...

GHSA-C46W-GR7F-JM2P Salt vulnerable to arbitrary event injection

Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...

CVE-2025-22239

Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...

UBUNTU-CVE-2025-22239

Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...

BIT-MOODLE-2024-1439 Inadequate access control vulnerability in Moodle

Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent...

CVE-2024-1295 The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access

The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. e.g. password-protected events, drafts, etc...

CVE-2024-1295 The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access

The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. e.g. password-protected events, drafts, etc...

WordPress The Events Calendar < 6.4.0.1 - Authenticated (Contributor+) Arbitrary Events Access vulnerability

Authenticated Contributor+ Arbitrary Events Access vulnerability discovered by Scott Kingsley Clark in WordPress Plugin The Events Calendar versions 6.4.0.1...

WordPress The Events Calendar PRO < 6.4.0.1 - Authenticated (Contributor+) Arbitrary Events Access vulnerability

Authenticated Contributor+ Arbitrary Events Access vulnerability discovered by Scott Kingsley Clark in WordPress Plugin The Events Calendar PRO versions 6.4.0.1...

CVE-2024-3756 MF Gig Calendar <= 1.2.1 - Arbitrary Event Deletion via CSRF

The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack...

CVE-2024-1316 Event Tickets and Registration < 5.8.1 - Contributor+ Arbitrary Events Access

The Event Tickets and Registration WordPress plugin before 5.8.1, Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. e.g. draft, private, pending review,...