CVE-2026-10855

An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already existed but did not verify that the importing user belonged to the organization that owned the...

CVE-2026-10854

A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...

CVE-2026-9548

creationtimestamp| type| source ---|---|--- 2026-06-04 13:20:18+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnhpnwevta2j...

CVE-2026-10855 MISP Event template importer authorization bypass

An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already existed but did not verify that the importing user belonged to the organization that owned the...

CVE-2026-10855

An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already existed but did not verify that the importing user belonged to the organization that owned the...

CVE-2026-10855

CVE-2026-10855 concerns an authorization flaw in the MISP Event Template Importer overwrite workflow. During overwrite, the system checked for a matching template but did not verify that the importing user belonged to the organization that owned the template. This could allow an authenticated use...

CVE-2026-10855 MISP Event template importer authorization bypass

An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already existed but did not verify that the importing user belonged to the organization that owned the...

EUVD-2026-34259

An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already existed but did not verify that the importing user belonged to the organization that owned the...

CVE-2026-10854

A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...

CVE-2026-10854 Unauthorized exposure of private galaxies in MISP event template creation

A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...

EUVD-2026-34257

A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...

CVE-2026-47319

creationtimestamp| type| source ---|---|--- 2026-06-04 10:54:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnhhjizpk72x...

Security Bulletin: IBM Event Processing is vulnerable to a CRLF injection vulnerability in Netty (CVE-2025-67735)

Summary IBM Event Processing is vulnerable to a CRLF injection vulnerability in Netty io.netty.handler.codec.http.HttpRequestEncoder. An attacker could exploit this vulnerability to perform HTTP request smuggling against affected Event Processing services that use the vulnerable Netty component...

Event Monster <= 1.4.3 - Information Exposure Via Visitors List Export

The Event Monster Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename...

WordPress Spider Calendar <=1.5.65 - Cross-Site Scripting

WorsPress Spider Calendar plugin through 1.5.65 is susceptible to cross-site scripting. The plugin does not sanitize and escape the callback parameter before outputting it back in the page via the window AJAX action, available to both unauthenticated and authenticated users. An attacker can injec...

Quick Event Manager < 9.7.5 - Cross-Site Scripting

The Quick Event Manager WordPress Plugin, version 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qemajaxcalendar' action. id: CVE-2023-23491 info: name: Quick Event Manager 9.7.5 - Cross-Site Scripting author: ritikchaddha severity: medium...

Event Espresso Core-Reg 4.10.7.p - Cross-Site Scripting

Event Espresso Core-Reg 4.10.7.p is vulnerable to cross-site scripting in wp-content/plugins/event-espresso-core-reg/adminpages/messages/templates/eemsgadminoverview.template.php and allows remote attackers to inject arbitrary web script or HTML via the page parameter. id: CVE-2020-26153 info:...

WordPress Spider Calendar <=1.4.9 - SQL Injection

WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the catid parameter in a spiderbigcalendarmonth action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execut...

ChurchCRM - SQL Injection

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a time-based blind SQL Injection vulnerability in the EditEventTypes functionality. The newCountName parameter is directly concatenated into an SQL query without proper...

WordPress Event Tickets < 5.2.2 - Open Redirect

WordPress Event Tickets 5.2.2 is susceptible to an open redirect vulnerability. The plugin does not validate the tribeticketsredirectto parameter before redirecting the user to the given value, leading to an arbitrary redirect issue. id: CVE-2021-25028 info: name: WordPress Event Tickets 5.2.2 -...