CVE-2026-39535 WordPress Display Eventbrite Events plugin <= 6.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in fullworks Display Eventbrite Events widget-for-eventbrite-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display Eventbrite Events: from n/a through = 6.5.6...

CVE-2026-39535

CVE-2026-39535 concerns the WordPress plugin Display Eventbrite Events (plugin version

EUVD-2026-19988

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hustlemoduleconverted' AJAX action in all versions up to, and including, 7.8.10.2. This makes it possible for...

VulnCheck KEV: CVE-2020-13851

Artica Pandora FMS 7.44 allows remote command execution via the events feature...

PT-2026-31102

Name of the Vulnerable Software and Affected Versions Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress versions up to and including 2.1.7 Description The Masteriyo LMS plugin is affected by an authorization bypass issue. Insufficient webhook signature...

PT-2026-31145

Missing Authorization vulnerability in fullworks Display Eventbrite Events widget-for-eventbrite-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display Eventbrite Events: from n/a through = 6.5.6...

WordPress plugin Hustle 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

pretix 安全漏洞

Pretix is a ticketing system developed by the German company Pretix. The pretix 2025 version contains a security vulnerability. This vulnerability stems from the API endpoint returning information about all organizers’ sign-in events. As a result, API users may access event information that shoul...

Android Logs Events And Protobuf Parser 路径遍历漏洞

Android Logs Events And Protobuf Parser is a tool developed by Brigs’ personal developer for parsing Android logs and protocol buffers. Versions of Android Logs Events And Protobuf Parser 3.4.0 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the NQVault.py...

OpenClaw has an unspecified vulnerability (CNVD-2026-16696)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause non-whitelisted guild members to trigger reactive events and inject reactive text into downstream session environments...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006631)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006631 advisory. In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: exynos-ppmu: Fix refcount leak in ofgetdevfreqevents ofgetchildbyname returns a nod...

CVE-2026-39935

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - CampaignEvents Extension allows Cross-Site Scripting XSS. This issue was remediated only on the master branch...

CVE-2026-39935

The CVE-2026-39935 entry describes a Cross-Site Scripting (XSS) vulnerability in The Wikimedia Foundation MediaWiki CampaignEvents Extension. Affected versions are 1.43.7, 1.44.4, and 1.45.2, where improper input neutralization during web page generation allows XSS. The issue is tied to the Campa...

CVE-2026-39400

Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, a non-admin user with createevents and runevents privileges can inject arbitrary JavaScript through job output fields html.content, html.title, table.header, table.rows, table.caption. The serve...

CVE-2026-39400 Stored XSS via Job HTML/Table Output in Cronicle

Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, a non-admin user with createevents and runevents privileges can inject arbitrary JavaScript through job output fields html.content, html.title, table.header, table.rows, table.caption. The serve...

CVE-2026-39400 Stored XSS via Job HTML/Table Output in Cronicle

Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, a non-admin user with createevents and runevents privileges can inject arbitrary JavaScript through job output fields html.content, html.title, table.header, table.rows, table.caption. The serve...

CVE-2026-39400

Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, a non-admin user with createevents and runevents privileges can inject arbitrary JavaScript through job output fields html.content, html.title, table.header, table.rows, table.caption. The serve...

CVE-2026-35585 File Browser has a Command Injection via Hook Runner

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. From 2.0.0 until 2.33.8, the hook system in File Browser — which executes administrator-defined shell commands on file events such as upload, rename, and delete...

CVE-2026-35515

Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.18, SseStream.transform interpolates message.type and message.id directly into Server-Sent Events text protocol output without sanitizing newline characters \r, \n. Since the SSE protocol treats both \r and ...

CVE-2026-35515 @nestjs/core Improperly Neutralizes Special Elements in Output Used by a Downstream Component ('Injection')

Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.18, SseStream.transform interpolates message.type and message.id directly into Server-Sent Events text protocol output without sanitizing newline characters \r, \n. Since the SSE protocol treats both \r and ...