CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

CVE-2026-8205

Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since actiongetevents does not check canView on the calendar which results in restricted event details being disclosed. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...

6.3CVSS5.5AI score0.00031EPSS

Exploits0References1

ATTACKERKB•added 2026/05/21 8:57 p.m.•6 views

CVE-2026-8205

6.3CVSS5.8AI score0.00031EPSS

Exploits0References2Affected Software1

CVE•added 2026/05/21 8:57 p.m.•12 views

CVE-2026-8205

Concrete CMS

6.3CVSS5.8AI score0.00031EPSS

Exploits0References1Affected Software1

EUVD•added 2026/04/10 12:30 a.m.•2 views

EUVD-2026-21138

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireMention access control mechanism. Attackers can trigger reactions in mention-gated groups to enqueue agent-visible system events that should remain restricted...

5.3CVSS5.9AI score0.00034EPSS

Exploits0References4

CVE•added 2026/04/09 9:27 p.m.•3 views

CVE-2026-35642

Technical details (affected components, root cause specifics, impacted versions, or exploits) are not publicly available in the supplied documents. Monitor for updates in connected advisories.

5.3CVSS5.9AI score0.00034EPSS

Exploits0References3Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-3215

Malware in sbrugna...

4.3CVSS4.6AI score0.00114EPSS

Exploits1References3

Positive Technologies•added 2024/06/14 12:0 a.m.•3 views

PT-2024-17821 · WordPress · The Events Calendar

Name of the Vulnerable Software and Affected Versions: The Events Calendar WordPress plugin versions prior to 6.4.0.1 The Events Calendar Pro WordPress plugin versions prior to 6.4.0.1 Description: The issue allows users with at least the contributor role to leak details about events they should...

6.5CVSS6.7AI score0.00855EPSS

Exploits2References4

OSV•added 2024/03/04 9:15 p.m.•2 views

CVE-2024-1316

The Event Tickets and Registration WordPress plugin before 5.8.1, Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. e.g. draft, private, pending review,...

6.5CVSS5.8AI score0.00703EPSS

Exploits2References1

CNNVD•added 2023/05/09 12:0 a.m.•4 views

DHIS 2 安全漏洞

DHIS 2 is a software application. A flexible information system for data capture, management, validation, analysis and visualization. A security vulnerability exists in DHIS 2 Core versions prior to 2.36.13, prior to 2.37.8, and prior to 2.38.2, which stems from the fact that users may be able to...

6.5CVSS6.4AI score0.00206EPSS

Exploits0References3

CNVD•added 2020/11/10 12:0 a.m.•2 views

Netflix Dispatch Access Control Error Vulnerability

Netflix Dispatch is a US-based Netflix software that provides security event management with deep integration with Slack, GSuite, Jira and other tools. Netflix Dispatch suffers from an Access Control Error vulnerability that can be exploited by an attacker to view restricted events, escalate a...

6.5CVSS7AI score0.00621EPSS

Exploits0References1