Lucene search
K

131 matches found

Nuclei
Nuclei
added 2 days ago29 views

WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure

WordPress Modern Events Calendar Lite before 5.16.5 does not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format. id: CVE-2021-24146 info: name: WordPress Modern Events Calendar Lite 5.16.5 - Sensitive Information Disclosure...

7.5CVSS7.1AI score0.31043EPSS
Exploits5References5
Nuclei
Nuclei
added 3 days ago123 views

WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection

WordPress Modern Events Calendar plugin before 6.1.5 is susceptible to blind SQL injection. The plugin does not sanitize and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action. An attacker can possibly obtain sensitive information, modify data, and/o...

9.8CVSS7.3AI score0.728EPSS
Exploits7References5
Nuclei
Nuclei
added 4 days ago41 views

WordPress Modern Events Calendar Lite <5.16.5 - Authenticated Arbitrary File Upload

WordPress Modern Events Calendar Lite plugin before 5.16.5 is susceptible to authenticated arbitrary file upload. The plugin does not properly check the imported file, allowing PHP files to be uploaded and/or executed by an administrator or other high-privilege user using the text/csv content-typ...

7.2CVSS7.4AI score0.88158EPSS
Exploits9References5
NVD
NVD
added 2026/06/19 5:16 p.m.10 views

CVE-2017-20268

Joomla! Component Zap Calendar Lite 4.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'eid' parameter. Attackers can send GET requests to the RSVP plugin endpoint with crafted SQL payloads t...

8.8CVSS0.0027EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:11 p.m.6 views

CVE-2017-20268

Joomla! Component Zap Calendar Lite 4.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'eid' parameter. Attackers can send GET requests to the RSVP plugin endpoint with crafted SQL payloads t...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/19 4:11 p.m.30 views

CVE-2017-20268 Joomla! Component Zap Calendar Lite 4.3.4 SQL Injection

Joomla! Component Zap Calendar Lite 4.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'eid' parameter. Attackers can send GET requests to the RSVP plugin endpoint with crafted SQL payloads t...

8.8CVSS0.0027EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 4:11 p.m.14 views

CVE-2017-20268

The CVE covers Joomla! component Zap Calendar Lite 4.3.4, where an SQL injection via the eid parameter allows unauthenticated attackers to execute arbitrary SQL queries. Attack vectors include sending crafted GET requests to the RSVP endpoint to extract sensitive information, such as database nam...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 4:11 p.m.5 views

EUVD-2017-18995

Joomla! Component Zap Calendar Lite 4.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'eid' parameter. Attackers can send GET requests to the RSVP plugin endpoint with crafted SQL payloads t...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/24 3:18 p.m.6 views

CVE-2026-24636

Missing Authorization vulnerability in Syed Balkhi Sugar Calendar Lite sugar-calendar-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sugar Calendar Lite: from n/a through = 3.9.1...

4.3CVSS5.9AI score0.00198EPSS
Exploits0References1
NVD
NVD
added 2026/01/23 3:16 p.m.6 views

CVE-2026-24636

Missing Authorization vulnerability in Syed Balkhi Sugar Calendar Lite sugar-calendar-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sugar Calendar Lite: from n/a through = 3.9.1...

4.3CVSS0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/23 2:29 p.m.33 views

CVE-2026-24636 WordPress Sugar Calendar (Lite) plugin <= 3.9.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Syed Balkhi Sugar Calendar Lite sugar-calendar-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sugar Calendar Lite: from n/a through = 3.9.1...

4.3CVSS0.00198EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/23 2:29 p.m.5 views

CVE-2026-24636 WordPress Sugar Calendar (Lite) plugin <= 3.9.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Syed Balkhi Sugar Calendar Lite sugar-calendar-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sugar Calendar Lite: from n/a through = 3.9.1...

4.3CVSS5.8AI score0.00198EPSS
Exploits0References1
CVE
CVE
added 2026/01/23 2:29 p.m.11 views

CVE-2026-24636

CVE-2026-24636 describes a Missing Authorization vulnerability in Sugar Calendar (Lite) plugin for WordPress. The issue affects Sugar Calendar (Lite) versions up to and including 3.10.1 and is categorized as broken/incorrect access control (Missing Authorization). Public sources in the connected ...

4.3CVSS5.9AI score0.00198EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/23 2:29 p.m.3 views

CVE-2026-24636

Missing Authorization vulnerability in Syed Balkhi Sugar Calendar Lite sugar-calendar-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sugar Calendar Lite: from n/a through = 3.10.1...

4.3CVSS5.9AI score0.00198EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.7 views

PT-2026-4466

Name of the Vulnerable Software and Affected Versions Syed Balkhi Sugar Calendar Lite versions through 3.10.1 Description An issue exists in Syed Balkhi Sugar Calendar Lite related to incorrectly configured access control security levels, potentially allowing unauthorized access. Recommendations...

4.3CVSS5.3AI score0.00198EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.6 views

WordPress plugin Sugar Calendar (Lite) has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00198EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/05 8:0 a.m.6 views

WordPress Sugar Calendar (Lite) plugin <= 3.9.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Sugar Calendar Lite versions = 3.9.1...

4.3CVSS5.4AI score0.00198EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-11063

Malware in sbrugna...

8.8CVSS8.7AI score0.01505EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2006-0680

Malware in sbrugna...

7.5CVSS6.4AI score0.021EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-11958

Malware in sbrugna...

5.4CVSS5.4AI score0.00611EPSS
Exploits2References2
Rows per page
Query Builder