8561 matches found
CVE-2026-57831 Joomla Extension - digital-peak.com - Unauthenticated blind SQL injection in DP Calendar 8.18.0 - 10.11.2
The Joomla extension DP Calendar is vulnerable to an unauthenticated SQL injection...
CVE-2026-57831
The Joomla extension DP Calendar is vulnerable to an unauthenticated SQL injection...
CVE-2026-57831 Joomla Extension - digital-peak.com - Unauthenticated blind SQL injection in DP Calendar 8.18.0 - 10.11.2
The Joomla extension DP Calendar is vulnerable to an unauthenticated SQL injection...
CVE-2026-52841
Easy!Appointments before 1.6.0 is vulnerable to an Authorization bypass in Google OAuth provider binding. The issue: in Google::oauth (application/controllers/Google.php:278), the provider_id supplied in the request is stored in the session and oauth_callback saves the Google OAuth token against ...
CVE-2026-52841 Easy!Appointments: Authorization bypass in Google OAuth provider binding lets any backend user rebind a peer provider's Google sync
Easy!Appointments is a self hosted appointment scheduler. In versions prior to 1.6.0, Google::oauth at application/controllers/Google.php:278 stores its URL-supplied providerid in the session, and oauthcallback saves the issued Google OAuth token against that row without checking the caller owns...
WordPress Modern Events Calendar Lite <5.16.5 - Authenticated Arbitrary File Upload
WordPress Modern Events Calendar Lite plugin before 5.16.5 is susceptible to authenticated arbitrary file upload. The plugin does not properly check the imported file, allowing PHP files to be uploaded and/or executed by an administrator or other high-privilege user using the text/csv content-typ...
openSUSE 16: apache2-mod_php8 / php8 / php8-bcmath / php8-bz2 / php8-calendar / etc (openSUSE-SU-2026:21308-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21308-1 advisory. This update for php8 fixes the following issues - Update to versio 8.4.23 - CVE-2026-14355: The AES-WRAP-PAD algorithm implementation in OpenSSL...
CVE-2026-59516
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Reflected XSS.This issue affects ICS Calendar: from n/a through = 12.1.1...
CVE-2026-57778
Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through = 3.2.36...
CVE-2026-57778
CVE-2026-57778 affects the WordPress plugin Booking calendar, Appointment Booking System, specifically versions up to and including 3.2.36. The issue is described as Missing Authorization / Broken Access Control, arising from incorrectly configured access control security levels in the booking-ca...
CVE-2026-57778 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.36 - Broken Access Control vulnerability
Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through = 3.2.36...
CVE-2026-59516 WordPress ICS Calendar plugin <= 12.1.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Reflected XSS.This issue affects ICS Calendar: from n/a through = 12.1.1...
CVE-2026-59516
This CVE concerns the WordPress ICS Calendar plugin (ics-calendar) with versions up to 12.1.1. The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw caused by improper neutralization of input during web page generation. Affected component: ICS Calendar plugin’s input handling on the we...
CVE-2026-59516
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Reflected XSS.This issue affects ICS Calendar: from n/a through = 12.1.1...
CVE-2026-3367
The CVE-2026-3367 entry concerns the WordPress plugin Lockme Calendars Integration (
CVE-2026-9838
The ICS Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'htmltagtitle' parameter in all versions up to, and including, 12.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
CVE-2026-9838
The CVE-2026-9838 entry concerns the ICS Calendar plugin for WordPress. It describes a Reflected Cross-Site Scripting (XSS) vulnerability via the htmltagtitle parameter in all versions up to and including 12.0.9. The root cause is insufficient input sanitization and output escaping, with exploita...
EUVD-2026-42852
The ICS Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'htmltagtitle' parameter in all versions up to, and including, 12.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
CVE-2026-9838
The ICS Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'htmltagtitle' parameter in all versions up to, and including, 12.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
WordPress ICS Calendar plugin <= 12.1.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin ICS Calendar versions = 12.1.1...