WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection

WordPress Modern Events Calendar plugin before 6.1.5 is susceptible to blind SQL injection. The plugin does not sanitize and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action. An attacker can possibly obtain sensitive information, modify data, and/o...

EUVD-2026-36961

Contributor PHP Object Injection in Events Calendar for GeoDirectory = 2.3.25 versions...

CVE-2026-39532

Contributor PHP Object Injection in Events Calendar for GeoDirectory = 2.3.25 versions...

CVE-2026-39532 WordPress Events Calendar for GeoDirectory plugin <= 2.3.25 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Events Calendar for GeoDirectory = 2.3.25 versions...

CVE-2026-39532

The CVE-2026-39532 affects WordPress plugin “Events Calendar for GeoDirectory” up to version 2.3.25, with a PHP Object Injection vulnerability in Contributor PHP Object Injection in Events Calendar for GeoDirectory &lt;= 2.3.25. The associated CVSS v3.1 score is 8.8 (HIGH), vector: CVSS:3.1/AV:N/...

CVE-2026-6047

LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...

GHSA-268H-HP4C-CRQ3

creationtimestamp| type| source ---|---|--- 2026-06-15 18:11:22+00:00| seen| https://gist.github.com/alon710/c427aa6118bf0e273bdc93bc35772150 2026-06-15 18:21:39+00:00| seen| https://gist.github.com/alon710/af634e90c0bab5733aa7b5794a1ffb98 2026-06-15 18:31:11+00:00| seen|...

CVE-2026-6047 Heap buffer overflow in OOXML text box element import

LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...

EUVD-2026-36737

LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...

CVE-2026-6047 Heap buffer overflow in OOXML text box element import

LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...

Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw

Palo Alto Networks has revealed that it has observed "active exploitation" of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portals. The vulnerability in question is CVE-2026-0257 CVSS score: 7.8, an authentication bypass flaw...

CVE-2026-12217

creationtimestamp| type| source ---|---|--- 2026-06-15 04:30:26+00:00| seen| https://infosec.exchange/users/offseq/statuses/116752241414863988 2026-06-15 04:30:27+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3moch6lbnsc2i 2026-06-15 05:00:05+00:00| seen|...

CVE-2026-12192

creationtimestamp| type| source ---|---|--- 2026-06-15 01:00:19+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3moc3gsau3s22 2026-06-15 01:18:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moc4gzc3iz2b 2026-06-15 03:00:28+00:00| seen|...

PT-2026-49265

LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...

PT-2026-49399

Contributor PHP Object Injection in Events Calendar for GeoDirectory = 2.3.25 versions...

CVE-2026-54229

Affects the abrt-dbus D-Bus service’s ChownProblemDir method. A race condition occurs when ChownProblemDir opens the dump directory with DD_OPEN_READONLY and then calls dd_chown to change ownership of all files to the caller’s UID, which succeeds even while post-create event handlers hold a write...

CVE-2026-53837

OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that fails to validate channel type metadata. Attackers can bypass intended DM policy decisions by sending crafted Mattermost events missing channel type information to process restricted conte...

CVE-2026-53837 OpenClaw < 2026.5.6 - Missing Channel Type Validation in Mattermost Event Handlers

OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that fails to validate channel type metadata. Attackers can bypass intended DM policy decisions by sending crafted Mattermost events missing channel type information to process restricted conte...

CVE-2026-47263

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the MessageBus.publish call for /webhookevents/ in Jobs::RedeliverWebHookEvents did not pass groupids, leaving the channel...

CVE-2026-44786

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, chat events for public category channels are published to MessageBus without permission scoping, so any MessageBus...