Lucene search
+L

23208 matches found

CVE
CVE
added 6 hours ago7 views

CVE-2026-63101

Open Event Server 1.19.1 is affected by an unauthenticated access vulnerability that lets attackers export the full member roster (emails, names, join dates, roles) by calling the group followers CSV export endpoint. The issue arises because the export endpoint lacks authentication and can be tri...

8.7CVSS5.5AI score
Exploits0References2
Cvelist
Cvelist
added 6 hours ago8 views

CVE-2026-63101 Open Event Server 1.19.1 Unauthenticated Member Roster Export via CSV Export Endpoint

Open Event Server through 1.19.1 contains a missing authentication vulnerability that allows unauthenticated attackers to export the complete member roster of any group, including email addresses, names, join dates, and roles, by submitting requests to the group followers CSV export endpoint whic...

8.7CVSS
Exploits0References2
EUVD
EUVD
added 6 hours ago6 views

EUVD-2026-45202

Open Event Server through 1.19.1 contains a missing authentication vulnerability that allows unauthenticated attackers to export the complete member roster of any group, including email addresses, names, join dates, and roles, by submitting requests to the group followers CSV export endpoint whic...

8.7CVSS5.4AI score
Exploits0References2
Circl
Circl
added 8 hours ago5 views

CVE-2026-16013

creationtimestamp| type| source ---|---|--- 2026-07-17 14:35:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqtxweafkp2s...

6.9CVSS4.9AI score
Exploits0References1
Circl
Circl
added 8 hours ago4 views

CVE-2026-9602

creationtimestamp| type| source ---|---|--- 2026-07-17 14:30:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqtxnfdv6n2i...

6.5CVSS4.9AI score
Exploits0References1
Circl
Circl
added 8 hours ago5 views

CVE-2026-7189

creationtimestamp| type| source ---|---|--- 2026-07-17 14:19:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqtwyzep3z2x...

7.5CVSS4.9AI score
Exploits0References1
Circl
Circl
added 12 hours ago3 views

CVE-2018-12677

creationtimestamp| type| source ---|---|--- 2026-07-17 10:00:04+00:00| seen| https://t.me/makrushin/80...

4.9AI score
Exploits0References1
Nuclei
Nuclei
added 18 hours ago14 views

ChurchCRM - SQL Injection

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a time-based blind SQL Injection vulnerability in the EditEventTypes functionality. The newCountName parameter is directly concatenated into an SQL query without proper...

9.8CVSS7.8AI score0.02177EPSS
Exploits1References3
Nuclei
Nuclei
added 18 hours ago48 views

Event Monster <= 1.4.3 - Information Exposure Via Visitors List Export

The Event Monster Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename...

5.3CVSS6.3AI score0.01975EPSS
Exploits2References5
Nuclei
Nuclei
added 18 hours ago35 views

Event Espresso Core-Reg 4.10.7.p - Cross-Site Scripting

Event Espresso Core-Reg 4.10.7.p is vulnerable to cross-site scripting in wp-content/plugins/event-espresso-core-reg/adminpages/messages/templates/eemsgadminoverview.template.php and allows remote attackers to inject arbitrary web script or HTML via the page parameter. id: CVE-2020-26153 info:...

6.1CVSS6AI score0.03796EPSS
Exploits2References5
Nuclei
Nuclei
added 18 hours ago51 views

WordPress Spider Calendar <=1.4.9 - SQL Injection

WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the catid parameter in a spiderbigcalendarmonth action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execut...

7.5CVSS6.2AI score0.11182EPSS
Exploits1References4
Nuclei
Nuclei
added 18 hours ago47 views

Quick Event Manager < 9.7.5 - Cross-Site Scripting

The Quick Event Manager WordPress Plugin, version 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qemajaxcalendar' action. id: CVE-2023-23491 info: name: Quick Event Manager 9.7.5 - Cross-Site Scripting author: ritikchaddha severity: medium...

6.1CVSS5.8AI score0.01179EPSS
Exploits2References4
Nuclei
Nuclei
added 18 hours ago62 views

WordPress RSVP and Event Management <2.7.8 - Missing Authorization

WordPress RSVP and Event Management plugin before 2.7.8 is susceptible to missing authorization. The plugin does not have any authorization checks when exporting its entries, and the export function is hooked to the init action. An attacker can potentially retrieve sensitive information such as...

5.3CVSS5.7AI score0.03764EPSS
Exploits1References3
Nuclei
Nuclei
added 18 hours ago89 views

WordPress Event Tickets < 5.2.2 - Open Redirect

WordPress Event Tickets 5.2.2 is susceptible to an open redirect vulnerability. The plugin does not validate the tribeticketsredirectto parameter before redirecting the user to the given value, leading to an arbitrary redirect issue. id: CVE-2021-25028 info: name: WordPress Event Tickets 5.2.2 -...

6.1CVSS6.3AI score0.01932EPSS
Exploits2References2
Nuclei
Nuclei
added 18 hours ago46 views

Sourcecodester Online Event Booking and Reservation System 2.3.0 - Cross-Site Scripting

Sourcecodester Online Event Booking and Reservation System 2.3.0 contains a cross-site scripting vulnerability in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clic...

4.3CVSS4.8AI score0.03792EPSS
Exploits3References5
Nuclei
Nuclei
added 18 hours ago90 views

Online Event Booking and Reservation System 2.3.0 - SQL Injection

Online Event Booking and Reservation System 2.3.0 contains a SQL injection vulnerability in event-management/views. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

9.8CVSS8.8AI score0.15806EPSS
Exploits3References5
Nuclei
Nuclei
added 18 hours ago89 views

WordPress Spider Calendar <=1.5.65 - Cross-Site Scripting

WorsPress Spider Calendar plugin through 1.5.65 is susceptible to cross-site scripting. The plugin does not sanitize and escape the callback parameter before outputting it back in the page via the window AJAX action, available to both unauthenticated and authenticated users. An attacker can injec...

6.1CVSS5.5AI score0.02291EPSS
Exploits2References3
Circl
Circl
added 19 hours ago7 views

CVE-2026-62209

creationtimestamp| type| source ---|---|--- 2026-07-17 02:56:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqsqtgyf7t2x...

8.1CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 22 hours ago8 views

CVE-2025-60357

AhnLab EPP Management v1.0.14.32-6249 was discovered to contain a NoSQL injection vulnerability via the eventlog/agentEvent/list endpoint...

Exploits1References2
Circl
Circl
added yesterday5 views

CVE-2026-50979

creationtimestamp| type| source ---|---|--- 2026-07-16 19:00:13+00:00| seen| Telegram/t092y5BgJmODHc3D2a3Ra4fTCXsa-vHp4gQ4JjPUYAbfUJ0 2026-07-16 19:00:13+00:00| seen| Telegram/c-tiQItlsunczDQWBYAXRvkiYxV7bIvmHKFdwaGGudIBj1Y 2026-07-17 00:00:29+00:00| seen|...

6.1AI score
Exploits1
Rows per page
Query Builder