Lucene search
+L

58 matches found

The Hacker News
The Hacker News
added 2026/06/26 9:27 a.m.25 views

Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant

An active phishing campaign has been targeting hotel and other hospitality organizations across Europe and Asia since April 2026, using photo-themed ZIP files to drop a Node.js implant and dig into front-desk machines, Microsoft says. The company has not attributed the activity to a known threat...

5.8AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/06/25 10:30 p.m.18 views

Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access

In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. References 4. Learn more Microsoft Threat Intelligence has identified an active multi-stage intrusion campaign targeting organizations in the hospitality and hotel industry since April 2026. We’ve observed this...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/25 9:32 a.m.27 views

Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms

Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and cryptocurrency organizations. RemotePE, per NCC Group subsidiary Fox-IT, is part of a multi-stage attack chain...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.9 views

CVE-2026-0868

The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.9AI score0.00194EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/19 6:31 a.m.5 views

EUVD-2026-23681

The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.9AI score0.00194EPSS
Exploits0References3
NVD
NVD
added 2026/04/19 4:16 a.m.9 views

CVE-2026-0868

The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00194EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/19 3:26 a.m.4 views

CVE-2026-0868 EMC Scheduling Manager <= 4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via calendly Shortcode

The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.9AI score0.00194EPSS
Exploits0References2
CVE
CVE
added 2026/04/19 3:26 a.m.26 views

CVE-2026-0868

CVE-2026-0868 affects the WordPress plugin “EMC Scheduling Manager” (Easily Embed Calendly Scheduling Features) up to version 4.4. The vulnerability is a Stored Cross-Site Scripting (XSS) via the plugin’s calendly shortcode, caused by insufficient input sanitization and output escaping on user-su...

6.4CVSS5.9AI score0.00194EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/19 3:26 a.m.4 views

CVE-2026-0868

The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.9AI score0.00194EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/19 3:26 a.m.44 views

CVE-2026-0868 EMC Scheduling Manager <= 4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via calendly Shortcode

The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00194EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/19 12:0 a.m.11 views

PT-2026-33616

The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.9AI score0.00194EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/04/18 3:7 p.m.9 views

WordPress EMC – Easily Embed Calendly Scheduling plugin <= 4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Embed Calendly versions = 4.4...

6.4CVSS5.8AI score0.00194EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.3 views

CVE-2026-32411

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Simpma Embed Calendly embed-calendly-scheduling allows Stored XSS.This issue affects Embed Calendly: from n/a through = 4.4...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/13 9:31 p.m.5 views

EUVD-2026-11928

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Simpma Embed Calendly embed-calendly-scheduling allows Stored XSS.This issue affects Embed Calendly: from n/a through = 4.4...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References2
NVD
NVD
added 2026/03/13 7:54 p.m.2 views

CVE-2026-32411

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Simpma Embed Calendly embed-calendly-scheduling allows Stored XSS.This issue affects Embed Calendly: from n/a through = 4.4...

6.5CVSS0.00161EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 11:42 a.m.1 views

CVE-2026-32411

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Simpma Embed Calendly embed-calendly-scheduling allows Stored XSS.This issue affects Embed Calendly: from n/a through = 4.4...

5.8AI score0.00161EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/13 11:42 a.m.29 views

CVE-2026-32411 WordPress Embed Calendly plugin <= 4.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Simpma Embed Calendly embed-calendly-scheduling allows Stored XSS.This issue affects Embed Calendly: from n/a through = 4.4...

6.5CVSS0.00161EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/13 11:42 a.m.1 views

CVE-2026-32411 WordPress Embed Calendly plugin <= 4.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Simpma Embed Calendly embed-calendly-scheduling allows Stored XSS.This issue affects Embed Calendly: from n/a through = 4.4...

5.8AI score0.00161EPSS
Exploits0References1
CVE
CVE
added 2026/03/13 11:42 a.m.13 views

CVE-2026-32411

CVE-2026-32411 affects the WordPress Embed Calendly plugin

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.7 views

PT-2026-25257

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Simpma Embed Calendly embed-calendly-scheduling allows Stored XSS.This issue affects Embed Calendly: from n/a through = 4.4...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References3
Rows per page
Query Builder