159 matches found
JLSEC-2026-619 CR/LF injection in server-sent events (SSE) fields in HTTP.jl
Description The server-side SSE serializer wrote the single-line fields event, id, and retry verbatim to the text/event-stream wire with no CR/LF filtering, and split the multi-line data field only on \n, ignoring a bare \r that is also a valid SSE line terminator. The SSEEvent constructor...
PT-2026-26735
OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized event IDs are randomized per parse, allowing replay events to bypass manager dedupe checks. Attackers can replay Twilio webhook events to trigger duplicate or stale call-state...
CVE-2026-1655
The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the savefrontendeventsubmission function accepting a user-controlled eventid parameter and updating the correspondi...
CVE-2026-1655
The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the savefrontendeventsubmission function accepting a user-controlled eventid parameter and updating the correspondi...
PT-2026-20281
The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the save frontend event submission function accepting a user-controlled event id parameter and updating the...
CVE-2026-1987 Scheduler Widget <= 0.1.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Event Modification
The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. This is due to the schedulerwidgetajaxsaveevent function lacking proper authorization checks and ownership verification when updating events. This makes it...
EUVD-2025-73673
Malicious code in slightowlz3n npm...
EUVD-2025-41492
Malicious code in budi-wajit8-miaww npm...
CVE-2025-56243
A Cross-Site Scripting XSS vulnerability was found in the register.php page of PuneethReddyHC Event Management System 1.0, where the eventid GET parameter is improperly handled. An attacker can craft a malicious URL to execute arbitrary JavaScript in the victim s browser by injecting code into th...
CVE-2025-56243
A Cross-Site Scripting XSS vulnerability was found in the register.php page of PuneethReddyHC Event Management System 1.0, where the eventid GET parameter is improperly handled. An attacker can craft a malicious URL to execute arbitrary JavaScript in the victim s browser by injecting code into th...
CVE-2025-56243
A Cross-Site Scripting XSS vulnerability was found in the register.php page of PuneethReddyHC Event Management System 1.0, where the eventid GET parameter is improperly handled. An attacker can craft a malicious URL to execute arbitrary JavaScript in the victim s browser by injecting code into th...
EUVD-2005-3170
Malware in sbrugna...
EUVD-2019-16875
Malware in sbrugna...
PT-2025-41138
Name of the Vulnerable Software and Affected Versions PuneethReddyHC Event Management System version 1.0 Description A Cross-Site Scripting XSS issue exists in the register.php page. The event id GET parameter is improperly handled, allowing an attacker to inject code into this parameter and...
CVE-2025-56243
A Cross-Site Scripting XSS vulnerability was found in the register.php page of PuneethReddyHC Event Management System 1.0, where the eventid GET parameter is improperly handled. An attacker can craft a malicious URL to execute arbitrary JavaScript in the victim s browser by injecting code into th...
EUVD-2025-32722
A Cross-Site Scripting XSS vulnerability was found in the register.php page of PuneethReddyHC Event Management System 1.0, where the eventid GET parameter is improperly handled. An attacker can craft a malicious URL to execute arbitrary JavaScript in the victim s browser by injecting code into th...
CVE-2025-56243
PuneethReddyHC Event Management System 1.0 contains a Cross-Site Scripting (XSS) vulnerability in the register.php page. The event_id GET parameter is improperly handled, allowing an attacker to craft a malicious URL that executes arbitrary JavaScript in a victim’s browser. The issue is specifica...
CVE-2025-56243
A Cross-Site Scripting XSS vulnerability was found in the register.php page of PuneethReddyHC Event Management System 1.0, where the eventid GET parameter is improperly handled. An attacker can craft a malicious URL to execute arbitrary JavaScript in the victim s browser by injecting code into th...
EUVD-2022-53547
Malicious code in bioql PyPI...
EUVD-2025-31770
Malicious code in bioql PyPI...