Lucene search
K

9118 matches found

Vulnrichment
Vulnrichment
added 2026/03/10 3:33 a.m.4 views

CVE-2026-3585 The Events Calendar <= 6.15.17 - Authenticated (Author+) Arbitrary File Read via ajax_create_import

The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.17 via the 'ajaxcreateimport' function. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References2
CVE
CVE
added 2026/03/10 3:33 a.m.17 views

CVE-2026-3585

The Events Calendar WordPress plugin (up to v6.15.17) is affected by a path traversal vulnerability in the ajax_create_import function. The issue allows authenticated attackers with Author-level access or higher to read arbitrary files on the server, exposing sensitive information. The vulnerabil...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/10 3:33 a.m.3 views

CVE-2026-3585

The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.17 via the 'ajaxcreateimport' function. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the...

7.5CVSS6AI score0.0035EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/10 3:33 a.m.30 views

CVE-2026-3585 The Events Calendar <= 6.15.17 - Authenticated (Author+) Arbitrary File Read via ajax_create_import

The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.17 via the 'ajaxcreateimport' function. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the...

7.5CVSS0.0035EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.6 views

PT-2026-24425

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.3 Parse Server versions prior to 8.6.16 Description Parse Server, an open-source backend deployable on Node.js infrastructures, is susceptible to a flaw where class-level permissions CLP are not...

8.7CVSS5.8AI score0.00426EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.3 views

PT-2026-24339

Name of the Vulnerable Software and Affected Versions Coral Server versions prior to 1.1.0 Description Coral Server is an open collaboration infrastructure designed for communication, coordination, trust, and payments within The Internet of Agents. Before version 1.1.0, the Server Side Events SSE...

9.8CVSS5.8AI score0.00345EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.5 views

PT-2026-24179

The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete them via a CSRF attack...

5.8AI score0.00124EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.8 views

PT-2026-24176

Name of the Vulnerable Software and Affected Versions The Events Calendar plugin for WordPress versions prior to 6.15.18 Description The Events Calendar plugin for WordPress is susceptible to a Path Traversal issue in versions up to and including 6.15.17. This allows authenticated attackers with...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.7 views

coral-server 安全漏洞

Coral-server is a Docker-based server operation and configuration management tool developed by CoralOS. Versions of coral-server prior to 1.1.0 contained security vulnerabilities. These vulnerabilities stemmed from insufficient validation of the connection proxy by SSE endpoints, which could allo...

9.8CVSS5.8AI score0.00345EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/03/10 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-4458

The Modern Events Calendar Lite plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'wpajaxmecloadsinglepage' AJAX action in all versions up to, and including, 6.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

9.8CVSS5.9AI score0.00354EPSS
In wildExploits0References15
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.9 views

WordPress plugin The Events Calendar 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The Even...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/09 3:30 p.m.7 views

EUVD-2026-10332

Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null pointer and crashes...

5.8AI score0.00359EPSS
Exploits0References2
NVD
NVD
added 2026/03/09 1:15 p.m.11 views

CVE-2026-2261

Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null pointer and crashes...

7.5CVSS0.00359EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/09 12:10 p.m.32 views

CVE-2026-2261 blocklistd(8) socket leak

Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null pointer and crashes...

0.00359EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/09 12:10 p.m.2 views

CVE-2026-2261

Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null pointer and crashes...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/09 12:10 p.m.3 views

CVE-2026-2261 blocklistd(8) socket leak

Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null pointer and crashes...

5.8AI score0.00359EPSS
Exploits0References1
Circl
Circl
added 2026/03/09 10:24 a.m.5 views

CVE-2026-31812

creationtimestamp| type| source ---|---|--- 2026-03-09 10:24:08+00:00| published-proof-of-concept| https://github.com/quinn-rs/quinn/security/advisories/GHSA-6xvm-j4wr-6v98 2026-03-20 14:15:19+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mhipc76zq22h 2026-03-20...

8.7CVSS7.3AI score0.005EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.9 views

PT-2026-24060

Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null pointer and crashes...

5.8AI score0.00359EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/08 1:44 a.m.6 views

CVE-2026-2429

The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'cevenuename' CSV field in the onsavechangesvenues function in all versions up to, and including, 1.5.8. This is due to insufficient escaping on the user-supplied CSV data and lack of sufficient preparation on the...

4.9CVSS5.8AI score0.00325EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/07 3:30 a.m.7 views

EUVD-2026-10099

The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'cevenuename' CSV field in the onsavechangesvenues function in all versions up to, and including, 1.5.8. This is due to insufficient escaping on the user-supplied CSV data and lack of sufficient preparation on the...

4.9CVSS5.8AI score0.00325EPSS
Exploits0References5
Rows per page
Query Builder