8884 matches found
GHSA-G72G-R7M4-9X4G NocoDB: OAuth Tokens Persist Through Security Events
Summary OAuth access and refresh tokens were not revoked when the user changed, reset, or recovered their password, leaving an attacker-issued OAuth grant valid after the user believed they had locked the attacker out. Details revokeAllOAuthTokensByUser in the users service was an empty stub bein...
CVE-2026-8914
creationtimestamp| type| source ---|---|--- 2026-06-05 11:35:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnk2akmdy32f 2026-06-05 11:35:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnk2akmdy32f...
[SECURITY] Fedora 44 Update: python-starlette-0.52.1-2.fc44
Starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python. It is production-ready, and gives you the following: =E2=80=A2 A lightweight, low-complexity HTTP web framework. =E2=80=A2 WebSocket support. =E2=80=A2 In-process background tasks. =E2=80=...
[SECURITY] Fedora 43 Update: python-starlette-0.52.1-2.fc43
Starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python. It is production-ready, and gives you the following: =E2=80=A2 A lightweight, low-complexity HTTP web framework. =E2=80=A2 WebSocket support. =E2=80=A2 In-process background tasks. =E2=80=...
WordPress Events Calendar 6.8.2.1 - Information Disclosure
The Events Calendar WordPress plugin 6.8.2.1 contains missing access checks in the REST API, letting unauthenticated users access information about password protected events, exploit requires no authentication. id: CVE-2024-5333 info: name: WordPress Events Calendar 6.8.2.1 - Information Disclosu...
WordPress Events Calendar <1.4.5 - Cross-Site Scripting
WordPress Events Calendar plugin before 1.4.5 contains multiple cross-site scripting vulnerabilities. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the...
The Events Calendar < 6.4.0.1 - Cross-site Scripting
The Events Calendar WordPress plugin 6.4.0.1 contains a stored XSS caused by improper sanitization of user-submitted content when rendering views via AJAX, letting attackers execute scripts in the context of the affected site. Exploitation requires user interaction. id: CVE-2024-4180 info: name:...
Registrations for The Events Calendar < 2.7.5 - Authenticated Reflected Cross-Site Scripting
The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting id: CVE-2021-24876 info: name: Registrations for The Events Calendar 2.7.5 - Authenticated Reflected...
My Calendar WordPress Plugin - Information Disclosure
My Calendar WordPress plugin = 3.7.6 contains an injection vulnerability caused by unvalidated user input passed to parsestr in mcajaxmcjsaction endpoint, letting unauthenticated attackers access or crash sites via switchtoblog, exploit requires WordPress Multisite or Single Site setup. id:...
WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure
WordPress Modern Events Calendar Lite before 5.16.5 does not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format. id: CVE-2021-24146 info: name: WordPress Modern Events Calendar Lite 5.16.5 - Sensitive Information Disclosure...
CVE-2026-11291
creationtimestamp| type| source ---|---|--- 2026-06-05 02:42:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnj4j2ss7t2g 2026-06-05 13:24:42+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116697713800926918...
CVE-2019-25727
creationtimestamp| type| source ---|---|--- 2026-06-04 23:27:58+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mnirmjtf7n25 2026-06-04 23:30:28+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mnirqyr22a26...
GHSA-H97M-27FX-42RX matrix-sdk-ui: Incomplete edit validation
Impact The message edit validation logic in the matrix-sdk-ui crate before 0.16.1 is missing a check: when replacing an encrypted event, the replacement event itself is not required to be encrypted. This enables a malicious homeserver administrator or an actor with equivalent power to impersonate...
matrix-sdk-ui: Incomplete edit validation
Impact The message edit validation logic in the matrix-sdk-ui crate before 0.16.1 is missing a check: when replacing an encrypted event, the replacement event itself is not required to be encrypted. This enables a malicious homeserver administrator or an actor with equivalent power to impersonate...
kernel: wifi: brcmfmac: validate bsscfg indices in IF events
A flaw was found in the Linux kernel's brcmfmac Wi-Fi driver. This vulnerability occurs because the driver fails to properly validate bsscfg indices in interface IF events. An attacker could exploit this by sending a specially crafted IF event with an invalid bsscfg index, which could lead to an...
CVE-2026-50209
Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...
CVE-2026-50209
Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...
CVE-2026-50209
CVE-2026-50209 describes a vulnerability where broadcast events allow malicious software to rewrite the device’s default Mobile Device Management (MDM) endpoint address, shifting administrative ownership to an external attacker. The issue is tied to the MDM registration/endpoint resolution flow a...
CVE-2026-50209 MDM Server Registration Overriding
Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...
EUVD-2026-34221
Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...