Outline 信息泄露漏洞

Outline is an open-source knowledge base developed by Outline. Versions of Outline prior to 1.5 had a vulnerability related to information leakage. This vulnerability stemmed from logical flaws in the filtering mechanism of the event list API endpoint, which could allow any authenticated user to...

CVE-2022-0418

The Event List WordPress plugin before 0.8.8 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks against other admin even when the unfilteredhtml is disallowed...

CVE-2025-66395 SQL Injection in Event List via `WhichType` Parameter

ChurchCRM is an open-source church management system. Prior to version 6.5.3, a SQL injection vulnerability exists in the src/ListEvents.php file. When filtering events by type, the WhichType POST parameter is not properly sanitized or type-casted before being used in multiple SQL queries. This...

CVE-2025-66395 SQL Injection in Event List via `WhichType` Parameter

ChurchCRM is an open-source church management system. Prior to version 6.5.3, a SQL injection vulnerability exists in the src/ListEvents.php file. When filtering events by type, the WhichType POST parameter is not properly sanitized or type-casted before being used in multiple SQL queries. This...

CVE-2025-66395 SQL Injection in Event List via `WhichType` Parameter

ChurchCRM is an open-source church management system. Prior to version 6.5.3, a SQL injection vulnerability exists in the src/ListEvents.php file. When filtering events by type, the WhichType POST parameter is not properly sanitized or type-casted before being used in multiple SQL queries. This...

CVE-2025-66395

CVE-2025-66395 affects ChurchCRM prior to 6.5.3. The vulnerability is a SQL injection in src/ListEvents.php when filtering events by type using the WhichType POST parameter, which is not properly sanitized or type-casted before multiple SQL queries. Any authenticated user, regardless of privilege...

PT-2025-49653

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The perf tool within the Linux kernel contains a memory leak in the x86 CPUID detection mechanism. The leak occurs when using the perf env read cpuid function, triggered during CPUID...

EUVD-2017-18364

Malware in sbrugna...

EUVD-2017-3654

Malware in sbrugna...

EUVD-2025-28729

Malicious code in bioql PyPI...

CVE-2025-6366

The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.0.4. This is due to the plugin not properly validating a user's capabilities prior to updating their profile in the elupdateprofile function. This makes it possible for authenticated...

CVE-2025-6366

The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.0.4. This is due to the plugin not properly validating a user's capabilities prior to updating their profile in the elupdateprofile function. This makes it possible for authenticated...

CVE-2025-6366 Event List <= 2.0.4 - Authenticated (Subscriber+) Privilege Escalation

The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.0.4. This is due to the plugin not properly validating a user's capabilities prior to updating their profile in the elupdateprofile function. This makes it possible for authenticated...

CVE-2025-6366 Event List <= 2.0.4 - Authenticated (Subscriber+) Privilege Escalation

The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.0.4. This is due to the plugin not properly validating a user's capabilities prior to updating their profile in the elupdateprofile function. This makes it possible for authenticated...

CVE-2025-6366

CVE-2025-6366 – The Event List WordPress plugin (versions ≤ 2.0.4) is vulnerable to privilege escalation due to insufficient validation of user capabilities in el_update_profile(). Authenticated users with Subscriber+ can elevate to administrator. Evidence from Wordfence/NVD/CVE records indicates...

WordPress plugin Event List 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin Event List...

PT-2025-34779 · WordPress · Event List

Name of the Vulnerable Software and Affected Versions: Event List plugin for WordPress versions up to and including 2.0.4 Description: The Event List plugin for WordPress is susceptible to privilege escalation. This occurs because the plugin does not adequately validate a user’s capabilities befo...

Linux Distros Unpatched Vulnerability : CVE-2020-25815

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names f...

CVE-2022-49607 perf/core: Fix data race between perf_event_set_output() and perf_mmap_close()

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix data race between perfeventsetoutput and perfmmapclose Yang Jihing reported a race between perfeventsetoutput and perfmmapclose: CPU1 CPU2 perfmmapclosee2 if atomicdecandtest&e2-rb-mmapcount // 1 - 0 detachrest =...

PT-2025-30787

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability exists in the Linux kernel related to RDMA/mlx5, specifically concerning the initialization of obj event-obj sub list before its insertion using xa insert. This can lead ...