Lucene search
+L

8561 matches found

cvelist
cvelist
added yesterday29 views

CVE-2026-57831 Joomla Extension - digital-peak.com - Unauthenticated blind SQL injection in DP Calendar 8.18.0 - 10.11.2

The Joomla extension DP Calendar is vulnerable to an unauthenticated SQL injection...

8.7CVSS0.00228EPSS
Exploits0References1
attackerkb
attackerkb
added yesterday5 views

CVE-2026-57831

The Joomla extension DP Calendar is vulnerable to an unauthenticated SQL injection...

8.7CVSS6.1AI score0.00228EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added yesterday7 views

CVE-2026-57831 Joomla Extension - digital-peak.com - Unauthenticated blind SQL injection in DP Calendar 8.18.0 - 10.11.2

The Joomla extension DP Calendar is vulnerable to an unauthenticated SQL injection...

8.7CVSS6.1AI score0.00228EPSS
Exploits0References1
cve
cve
added 2 days ago14 views

CVE-2026-52841

Easy!Appointments before 1.6.0 is vulnerable to an Authorization bypass in Google OAuth provider binding. The issue: in Google::oauth (application/controllers/Google.php:278), the provider_id supplied in the request is stored in the session and oauth_callback saves the Google OAuth token against ...

3.1CVSS6.1AI score0.00129EPSS
Exploits0References2
osv
osv
added 2 days ago3 views

CVE-2026-52841 Easy!Appointments: Authorization bypass in Google OAuth provider binding lets any backend user rebind a peer provider's Google sync

Easy!Appointments is a self hosted appointment scheduler. In versions prior to 1.6.0, Google::oauth at application/controllers/Google.php:278 stores its URL-supplied providerid in the session, and oauthcallback saves the issued Google OAuth token against that row without checking the caller owns...

3.1CVSS6.1AI score0.00129EPSS
Exploits0References4
nuclei
nuclei
added 2 days ago57 views

WordPress Modern Events Calendar Lite <5.16.5 - Authenticated Arbitrary File Upload

WordPress Modern Events Calendar Lite plugin before 5.16.5 is susceptible to authenticated arbitrary file upload. The plugin does not properly check the imported file, allowing PHP files to be uploaded and/or executed by an administrator or other high-privilege user using the text/csv content-typ...

7.2CVSS7.2AI score0.88158EPSS
Exploits9References5
nessus
nessus
added 2 days ago4 views

openSUSE 16: apache2-mod_php8 / php8 / php8-bcmath / php8-bz2 / php8-calendar / etc (openSUSE-SU-2026:21308-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21308-1 advisory. This update for php8 fixes the following issues - Update to versio 8.4.23 - CVE-2026-14355: The AES-WRAP-PAD algorithm implementation in OpenSSL...

5.6CVSS6.2AI score0.00306EPSS
Exploits0References6
nvd
nvd
added 3 days ago7 views

CVE-2026-59516

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Reflected XSS.This issue affects ICS Calendar: from n/a through = 12.1.1...

7.1CVSS0.00146EPSS
Exploits0References1
nvd
nvd
added 3 days ago4 views

CVE-2026-57778

Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through = 3.2.36...

5.3CVSS0.00285EPSS
Exploits0References1
cve
cve
added 3 days ago11 views

CVE-2026-57778

CVE-2026-57778 affects the WordPress plugin Booking calendar, Appointment Booking System, specifically versions up to and including 3.2.36. The issue is described as Missing Authorization / Broken Access Control, arising from incorrectly configured access control security levels in the booking-ca...

5.3CVSS6.1AI score0.00285EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago29 views

CVE-2026-57778 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.36 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through = 3.2.36...

5.3CVSS0.00285EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago32 views

CVE-2026-59516 WordPress ICS Calendar plugin <= 12.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Reflected XSS.This issue affects ICS Calendar: from n/a through = 12.1.1...

7.1CVSS0.00146EPSS
Exploits0References1
cve
cve
added 3 days ago8 views

CVE-2026-59516

This CVE concerns the WordPress ICS Calendar plugin (ics-calendar) with versions up to 12.1.1. The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw caused by improper neutralization of input during web page generation. Affected component: ICS Calendar plugin’s input handling on the we...

7.1CVSS6.1AI score0.00146EPSS
Exploits0References1
attackerkb
attackerkb
added 3 days ago4 views

CVE-2026-59516

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Reflected XSS.This issue affects ICS Calendar: from n/a through = 12.1.1...

7.1CVSS6.1AI score0.00146EPSS
Exploits0References2
cve
cve
added 5 days ago10 views

CVE-2026-3367

The CVE-2026-3367 entry concerns the WordPress plugin Lockme Cal­endars Integration (

4.4CVSS6.2AI score0.00256EPSS
Exploits0References14
nvd
nvd
added 6 days ago6 views

CVE-2026-9838

The ICS Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'htmltagtitle' parameter in all versions up to, and including, 12.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS0.00296EPSS
Exploits0References10
cve
cve
added 6 days ago6 views

CVE-2026-9838

The CVE-2026-9838 entry concerns the ICS Calendar plugin for WordPress. It describes a Reflected Cross-Site Scripting (XSS) vulnerability via the htmltagtitle parameter in all versions up to and including 12.0.9. The root cause is insufficient input sanitization and output escaping, with exploita...

6.1CVSS6.2AI score0.00296EPSS
Exploits0References10
euvd
euvd
added 6 days ago6 views

EUVD-2026-42852

The ICS Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'htmltagtitle' parameter in all versions up to, and including, 12.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS6.2AI score0.00296EPSS
Exploits0References10
attackerkb
attackerkb
added 6 days ago6 views

CVE-2026-9838

The ICS Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'htmltagtitle' parameter in all versions up to, and including, 12.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS6.2AI score0.00296EPSS
Exploits0References11
patchstack
patchstack
added 6 days ago12 views

WordPress ICS Calendar plugin <= 12.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin ICS Calendar versions = 12.1.1...

7.1CVSS6.1AI score0.00146EPSS
Exploits0Affected Software1
Rows per page
Query Builder