23208 matches found
CVE-2026-63101
Open Event Server 1.19.1 is affected by an unauthenticated access vulnerability that lets attackers export the full member roster (emails, names, join dates, roles) by calling the group followers CSV export endpoint. The issue arises because the export endpoint lacks authentication and can be tri...
CVE-2026-63101 Open Event Server 1.19.1 Unauthenticated Member Roster Export via CSV Export Endpoint
Open Event Server through 1.19.1 contains a missing authentication vulnerability that allows unauthenticated attackers to export the complete member roster of any group, including email addresses, names, join dates, and roles, by submitting requests to the group followers CSV export endpoint whic...
EUVD-2026-45202
Open Event Server through 1.19.1 contains a missing authentication vulnerability that allows unauthenticated attackers to export the complete member roster of any group, including email addresses, names, join dates, and roles, by submitting requests to the group followers CSV export endpoint whic...
CVE-2026-16013
creationtimestamp| type| source ---|---|--- 2026-07-17 14:35:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqtxweafkp2s...
CVE-2026-9602
creationtimestamp| type| source ---|---|--- 2026-07-17 14:30:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqtxnfdv6n2i...
CVE-2026-7189
creationtimestamp| type| source ---|---|--- 2026-07-17 14:19:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqtwyzep3z2x...
CVE-2018-12677
creationtimestamp| type| source ---|---|--- 2026-07-17 10:00:04+00:00| seen| https://t.me/makrushin/80...
ChurchCRM - SQL Injection
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a time-based blind SQL Injection vulnerability in the EditEventTypes functionality. The newCountName parameter is directly concatenated into an SQL query without proper...
Event Monster <= 1.4.3 - Information Exposure Via Visitors List Export
The Event Monster Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename...
Event Espresso Core-Reg 4.10.7.p - Cross-Site Scripting
Event Espresso Core-Reg 4.10.7.p is vulnerable to cross-site scripting in wp-content/plugins/event-espresso-core-reg/adminpages/messages/templates/eemsgadminoverview.template.php and allows remote attackers to inject arbitrary web script or HTML via the page parameter. id: CVE-2020-26153 info:...
WordPress Spider Calendar <=1.4.9 - SQL Injection
WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the catid parameter in a spiderbigcalendarmonth action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execut...
Quick Event Manager < 9.7.5 - Cross-Site Scripting
The Quick Event Manager WordPress Plugin, version 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qemajaxcalendar' action. id: CVE-2023-23491 info: name: Quick Event Manager 9.7.5 - Cross-Site Scripting author: ritikchaddha severity: medium...
WordPress RSVP and Event Management <2.7.8 - Missing Authorization
WordPress RSVP and Event Management plugin before 2.7.8 is susceptible to missing authorization. The plugin does not have any authorization checks when exporting its entries, and the export function is hooked to the init action. An attacker can potentially retrieve sensitive information such as...
WordPress Event Tickets < 5.2.2 - Open Redirect
WordPress Event Tickets 5.2.2 is susceptible to an open redirect vulnerability. The plugin does not validate the tribeticketsredirectto parameter before redirecting the user to the given value, leading to an arbitrary redirect issue. id: CVE-2021-25028 info: name: WordPress Event Tickets 5.2.2 -...
Sourcecodester Online Event Booking and Reservation System 2.3.0 - Cross-Site Scripting
Sourcecodester Online Event Booking and Reservation System 2.3.0 contains a cross-site scripting vulnerability in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clic...
Online Event Booking and Reservation System 2.3.0 - SQL Injection
Online Event Booking and Reservation System 2.3.0 contains a SQL injection vulnerability in event-management/views. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...
WordPress Spider Calendar <=1.5.65 - Cross-Site Scripting
WorsPress Spider Calendar plugin through 1.5.65 is susceptible to cross-site scripting. The plugin does not sanitize and escape the callback parameter before outputting it back in the page via the window AJAX action, available to both unauthenticated and authenticated users. An attacker can injec...
CVE-2026-62209
creationtimestamp| type| source ---|---|--- 2026-07-17 02:56:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqsqtgyf7t2x...
CVE-2025-60357
AhnLab EPP Management v1.0.14.32-6249 was discovered to contain a NoSQL injection vulnerability via the eventlog/agentEvent/list endpoint...
CVE-2026-50979
creationtimestamp| type| source ---|---|--- 2026-07-16 19:00:13+00:00| seen| Telegram/t092y5BgJmODHc3D2a3Ra4fTCXsa-vHp4gQ4JjPUYAbfUJ0 2026-07-16 19:00:13+00:00| seen| Telegram/c-tiQItlsunczDQWBYAXRvkiYxV7bIvmHKFdwaGGudIBj1Y 2026-07-17 00:00:29+00:00| seen|...