Lucene search
K

541 matches found

CNNVD
CNNVD
added 2026/03/19 12:0 a.m.11 views

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.2 contained security...

5.4CVSS5.8AI score0.00212EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/13 9:31 p.m.6 views

EUVD-2026-11758

The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: 1 a non-user-bound publicnonce is exposed to unauthenticated users...

7.5CVSS5.8AI score0.0029EPSS
Exploits0References6
NVD
NVD
added 2026/03/13 7:53 p.m.11 views

CVE-2026-1704

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.9.29. This is due to the getitempermissionscheck method granting access to users with the...

4.3CVSS0.00212EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/13 7:23 a.m.28 views

CVE-2026-3045 Appointment Booking Calendar <= 1.6.9.29 - Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint

The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: 1 a non-user-bound publicnonce is exposed to unauthenticated users...

7.5CVSS0.0029EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/13 7:23 a.m.4 views

CVE-2026-1704 Appointment Booking Calendar <= 1.6.9.29 - Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information Exposure

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.9.29. This is due to the getitempermissionscheck method granting access to users with the...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/13 7:23 a.m.9 views

CVE-2026-1704

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.9.29. This is due to the getitempermissionscheck method granting access to users with the...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/03/13 7:9 a.m.10 views

WordPress Appointment Booking Calendar plugin <= 1.6.9.29 - Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint vulnerability discovered by Muhammad Sharief in WordPress Plugin Simply Schedule Appointments versions = 1.6.9.29...

7.5CVSS5.8AI score0.0029EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/13 3:31 a.m.6 views

WordPress Appointment Booking Calendar plugin <= 1.6.9.29 - Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information Exposure vulnerability

Insecure Direct Object Reference to Authenticated Staff+ Sensitive Information Exposure vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Simply Schedule Appointments versions = 1.6.9.29...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.9 views

PT-2026-25152

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.9.29. This is due to the get item permissions check method granting access to users with the ssa manage...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.7 views

WordPress plugin Appointment Booking Calendar — Simply Schedule Appointments 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.8AI score0.0029EPSS
Exploits0References5
NVD
NVD
added 2026/03/11 8:16 a.m.6 views

CVE-2026-1708

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection in all versions up to, and including, 1.6.9.27. This is due to the dbwhereconditions method in the TDDBModel class failing to prevent the appendwheresql paramet...

7.5CVSS0.00406EPSS
Exploits0References10
Patchstack
Patchstack
added 2026/03/11 8:12 a.m.8 views

WordPress Appointment Booking Calendar plugin <= 1.6.9.27 - Unauthenticated SQL Injection via 'append_where_sql' Parameter vulnerability

Unauthenticated SQL Injection via 'appendwheresql' Parameter vulnerability discovered by d.v4ns3c in WordPress Plugin Simply Schedule Appointments versions = 1.6.9.27...

7.5CVSS5.8AI score0.00406EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/03 5:16 p.m.6 views

CVE-2026-26884

Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/viewappointment.php...

2.7CVSS5.9AI score0.0022EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.9 views

PT-2026-22752

Sourcecodester Simple Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/view appointment.php...

6AI score0.0022EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/09 1:23 p.m.9 views

CVE-2026-2149

A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /appointments.php. The manipulation of the argument patientid results in cross site scripting. It is possible to...

6.1CVSS4AI score0.00352EPSS
Exploits1References1
OSV
OSV
added 2026/02/08 11:15 a.m.5 views

CVE-2026-2149

A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /appointments.php. The manipulation of the argument patientid results in cross site scripting. It is possible to...

6.1CVSS4.3AI score0.00352EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/08 11:2 a.m.38 views

CVE-2026-2149 SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System appointments.php cross site scripting

A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /appointments.php. The manipulation of the argument patientid results in cross site scripting. It is possible to...

5.3CVSS0.00352EPSS
Exploits1References4
EUVD
EUVD
added 2026/02/08 11:2 a.m.8 views

EUVD-2026-5800

A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /appointments.php. The manipulation of the argument patientid results in cross site scripting. It is possible to...

6.1CVSS3.8AI score0.00352EPSS
Exploits1References4
CVE
CVE
added 2026/02/08 11:2 a.m.18 views

CVE-2026-2149

CVE-2026-2149 affects SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System v1.0. The vulnerability is a cross-site scripting (XSS) flaw caused by manipulating the patient_id argument in /appointments.php, enabling remote exploitation. Public exploits exist per the reported e...

6.1CVSS3.9AI score0.00352EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/02/08 12:0 a.m.8 views

SourceCodester Patients Waiting Area Queue Management System 代码注入漏洞

The SourceCodester Patients Waiting Area Queue Management System is an open-source system developed by SourceCodester for managing patient waiting queues. Version 1.0 of the SourceCodester Patients Waiting Area Queue Management System contains a code injection vulnerability. This vulnerability...

6.1CVSS5.7AI score0.00352EPSS
Exploits1References5
Rows per page
Query Builder