CVE-2026-8176 LatePoint <= 5.5.1 - Authenticated (Agent+) Privilege Escalation to Administrator via IDOR in OsOrdersController::create_or_update + Unauthenticated Customer-Cabinet Password Reset

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.5.1. The plugin chains three independent flaws that together allow an authenticated Agent Agent+ to overwrite a...

LIVEBOX Collaboration vDesk Cross-Site Scripting Vulnerability

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A cross-site scripting vulnerability exists in LIVEBOX Collaboration vDesk v031 and earlier versions, which stems from a cross-site scripting vulnerability in the title and /dashboard/reminders parameters of the...

Malicious code in create-or-update-comment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 529afddb0ce1c2ffee5a4ae20c89657596df9fb27440956e1f78e8f6b80cb67c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-212 Malicious code in create-or-update-comment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 529afddb0ce1c2ffee5a4ae20c89657596df9fb27440956e1f78e8f6b80cb67c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-31294

An issue in the saveusers function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts...

CVE-2022-26246

TMS v2.28.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /TMS/admin/setting/mail/createorupdate...