Lucene search
K

74 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/03 10:1 p.m.4 views

CVE-2020-37077

Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manageemailtemplates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside the intended directory by manipulating...

6.9CVSS5.4AI score0.00602EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/02/03 10:1 p.m.9 views

CVE-2020-37077

Booked Scheduler 2.7.7 is affected by a directory traversal vulnerability in the manage_email_templates.php script. Authenticated administrators can use the vulnerable tn parameter to read files outside the intended directory. The underlying cause is improper directory traversal handling. Reporte...

6.9CVSS5.4AI score0.00602EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/03 10:1 p.m.2 views

CVE-2020-37077 Booked Scheduler 2.7.7 - Authenticated Directory Traversal

Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manageemailtemplates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside the intended directory by manipulating...

6.9CVSS5.4AI score0.00602EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/03 10:1 p.m.31 views

CVE-2020-37077 Booked Scheduler 2.7.7 - Authenticated Directory Traversal

Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manageemailtemplates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside the intended directory by manipulating...

6.9CVSS0.00602EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.8 views

PT-2026-5828

Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage email templates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside the intended directory by manipulating...

6.9CVSS5.5AI score0.00602EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.11 views

Booked Scheduler 路径遍历漏洞

Booked Scheduler is a powerful scheduling solution provided by the Booked company. Version 2.7.7 of Booked Scheduler contains a path traversal vulnerability. This vulnerability stems from the tn parameter in the manageemailtemplates.php script, which exposes the script to directory traversal...

6.9CVSS5.8AI score0.00602EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/02/02 12:0 a.m.9 views

Booked Scheduler 2.5.15 Cross Site Request Forgery

A cross site request forgery vulnerability exists in Booked Scheduler version 2.5.15. The vulnerability allows remote attackers to perform unauthorized actions on behalf of authenticated users. This issue is older research added to the archive...

5.2AI score
Exploits0
Patchstack
Patchstack
added 2026/01/29 8:8 a.m.7 views

WordPress Booked plugin <= 3.0.0 - Account Takeover vulnerability

Account Takeover vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Booked versions = 3.0.0...

5.4CVSS5.9AI score0.00354EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.11 views

PT-2026-2166

Name of the Vulnerable Software and Affected Versions wpDiscuz versions prior to 7.6.47 Description The software contains a stored cross-site scripting issue that permits authenticated attackers to inject malicious JavaScript. This is achieved by importing a specially crafted options file...

9.9CVSS5.7AI score0.0027EPSS
Exploits0References13
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-14959

Malicious code in bioql PyPI...

5.4CVSS8.7AI score0.00132EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-52536

Malicious code in bioql PyPI...

6.1CVSS5.4AI score0.00548EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-39112

Malicious code in bioql PyPI...

7.5CVSS8.3AI score0.00531EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-28121

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.0085EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/05/23 1:55 a.m.7 views

CVE-2023-24058

Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservationsave.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler Sep 6, 2022 Feature...

4.3CVSS6.7AI score0.0085EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:18 a.m.5 views

CVE-2022-30706

Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL...

6.1CVSS7AI score0.00548EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:53 p.m.6 views

CVE-2022-36399

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars.This issue affects Booked - Appointment Booking for WordPress | Calendars: from n/a before 2.4.4...

7.5CVSS7.9AI score0.00531EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/29 4:22 p.m.26 views

CVE-2025-22634

Cross-Site Request Forgery CSRF vulnerability in MD Abu Jubayer Hossain Easy Booked – Appointment Booking and Scheduling Management System for WordPress easy-booked allows Cross Site Request Forgery.This issue affects Easy Booked – Appointment Booking and Scheduling Management System for WordPres...

5.4CVSS7.2AI score0.00132EPSS
Exploits0References1
NVD
NVD
added 2025/03/27 4:15 p.m.26 views

CVE-2025-22634

Cross-Site Request Forgery CSRF vulnerability in MD Abu Jubayer Hossain Easy Booked – Appointment Booking and Scheduling Management System for WordPress easy-booked allows Cross Site Request Forgery.This issue affects Easy Booked – Appointment Booking and Scheduling Management System for WordPres...

5.4CVSS0.00132EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/27 3:27 p.m.8 views

CVE-2025-22634 WordPress Easy Booked Plugin <= 2.4.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in MD Abu Jubayer Hossain Easy Booked – Appointment Booking and Scheduling Management System for WordPress allows Cross Site Request Forgery.This issue affects Easy Booked – Appointment Booking and Scheduling Management System for WordPress: from n/a...

5.4CVSS5.6AI score0.00132EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/27 3:27 p.m.36 views

CVE-2025-22634 WordPress Easy Booked Plugin <= 2.4.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in MD Abu Jubayer Hossain Easy Booked – Appointment Booking and Scheduling Management System for WordPress easy-booked allows Cross Site Request Forgery.This issue affects Easy Booked – Appointment Booking and Scheduling Management System for WordPres...

5.4CVSS0.00132EPSS
Exploits0References1
Rows per page
Query Builder