CVE-2026-7525 My Calendar <= 3.7.9 - Authenticated (Custom+) Missing Authorization to Unauthorized Event Publication via 'event_approved' Parameter

The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers,...

CVE-2026-1231

The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the js Global Settings parameter in all versions up to, and including, 2.10.0.5 due to missing capability checks on saveglobalsettings function and insufficient...

CVE-2026-1231

The CVE-2026-1231 entry concerns Beaver Builder Page Builder – Drag and Drop Website Builder for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw exploitable via the js Global Settings parameter, requiring authenticated Custom+ access with Beaver Builder permissions. The i...

PT-2026-7482

The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the js Global Settings parameter in all versions up to, and including, 2.10.0.5 due to missing capability checks on save global settings function and insufficient...

PT-2024-17217 · WordPress · Kivicare

Name of the Vulnerable Software and Affected Versions: KiviCare – Clinic & Patient Management System EHR plugin for WordPress versions up to and including 3.6.4 Description: The issue is related to SQL injection through the service list0service id parameter of the AJAX action get widget payment...

PT-2023-27221 · Unknown · @Keystone-6/Core

Name of the Vulnerable Software and Affected Versions: @keystone-6/core versions prior to 5.5.1 Description: The issue arises when ui.isAccessAllowed is set as undefined, making the adminMeta GraphQL query publicly accessible without requiring a session. This behavior differs from the default...

CVE-2022-36781

ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default configuration. Attackers could exploit this vulnerability to gain unauthorized access by repeatedly attempting...

PT-2022-23620 · Connectwise · Connectwise Screenconnect

Name of the Vulnerable Software and Affected Versions: ConnectWise ScreenConnect versions 22.6 and below Description: The issue allows potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default configuration. Attackers could exploit this to gain...

UBUNTU-CVE-2020-35711

An issue has been discovered in the arc-swap crate before 0.4.8 and 1.x before 1.1.0 for Rust. Use of arcswap::access::Map with the Constant test helper or with a user-supplied implementation of the Access trait could sometimes lead to dangling references being returned by the map...