PT-2026-26735

OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized event IDs are randomized per parse, allowing replay events to bypass manager dedupe checks. Attackers can replay Twilio webhook events to trigger duplicate or stale call-state...

CVE-2026-1655

The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the savefrontendeventsubmission function accepting a user-controlled eventid parameter and updating the correspondi...

CVE-2026-1655

The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the savefrontendeventsubmission function accepting a user-controlled eventid parameter and updating the correspondi...

PT-2026-20281

The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the save frontend event submission function accepting a user-controlled event id parameter and updating the...

CVE-2026-1987 Scheduler Widget <= 0.1.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Event Modification

The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. This is due to the schedulerwidgetajaxsaveevent function lacking proper authorization checks and ownership verification when updating events. This makes it...

EUVD-2025-73673

Malicious code in slightowlz3n npm...

EUVD-2025-41492

Malicious code in budi-wajit8-miaww npm...

CVE-2025-56243

A Cross-Site Scripting XSS vulnerability was found in the register.php page of PuneethReddyHC Event Management System 1.0, where the eventid GET parameter is improperly handled. An attacker can craft a malicious URL to execute arbitrary JavaScript in the victim s browser by injecting code into th...

CVE-2025-56243

A Cross-Site Scripting XSS vulnerability was found in the register.php page of PuneethReddyHC Event Management System 1.0, where the eventid GET parameter is improperly handled. An attacker can craft a malicious URL to execute arbitrary JavaScript in the victim s browser by injecting code into th...

CVE-2025-56243

A Cross-Site Scripting XSS vulnerability was found in the register.php page of PuneethReddyHC Event Management System 1.0, where the eventid GET parameter is improperly handled. An attacker can craft a malicious URL to execute arbitrary JavaScript in the victim s browser by injecting code into th...

EUVD-2005-3170

Malware in sbrugna...

EUVD-2019-16875

Malware in sbrugna...

PT-2025-41138

Name of the Vulnerable Software and Affected Versions PuneethReddyHC Event Management System version 1.0 Description A Cross-Site Scripting XSS issue exists in the register.php page. The event id GET parameter is improperly handled, allowing an attacker to inject code into this parameter and...

CVE-2025-56243

PuneethReddyHC Event Management System 1.0 contains a Cross-Site Scripting (XSS) vulnerability in the register.php page. The event_id GET parameter is improperly handled, allowing an attacker to craft a malicious URL that executes arbitrary JavaScript in a victim’s browser. The issue is specifica...

CVE-2025-56243

A Cross-Site Scripting XSS vulnerability was found in the register.php page of PuneethReddyHC Event Management System 1.0, where the eventid GET parameter is improperly handled. An attacker can craft a malicious URL to execute arbitrary JavaScript in the victim s browser by injecting code into th...

EUVD-2025-32722

A Cross-Site Scripting XSS vulnerability was found in the register.php page of PuneethReddyHC Event Management System 1.0, where the eventid GET parameter is improperly handled. An attacker can craft a malicious URL to execute arbitrary JavaScript in the victim s browser by injecting code into th...

CVE-2025-56243

A Cross-Site Scripting XSS vulnerability was found in the register.php page of PuneethReddyHC Event Management System 1.0, where the eventid GET parameter is improperly handled. An attacker can craft a malicious URL to execute arbitrary JavaScript in the victim s browser by injecting code into th...

EUVD-2025-31770

Malicious code in bioql PyPI...

EUVD-2022-53547

Malicious code in bioql PyPI...

Liferay Portal Vulnerable to IDOR via audit events

Insecure Direct Object Reference IDOR vulnerability with audit events in Liferay Portal 7.4.0 through 7.4.3.117, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported...