Lucene search
+L

3384 matches found

NVD
NVD
added 2026/06/24 7:16 a.m.18 views

CVE-2026-9721

The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the settingsform/updatesettings functionality. The plugin's options page handler dispatches on the...

4.3CVSS0.00103EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 5:33 a.m.11 views

EUVD-2026-38658

The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the settingsform/updatesettings functionality. The plugin's options page handler dispatches on the...

4.3CVSS5.8AI score0.00103EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.36 views

CVE-2026-9721 Book a Room Event Calendar <= 1.9 - Cross-Site Request Forgery to Settings Update

The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the settingsform/updatesettings functionality. The plugin's options page handler dispatches on the...

4.3CVSS0.00103EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 5:33 a.m.14 views

CVE-2026-9721

CVE-2026-9721 affects the Book a Room Event Calendar plugin for WordPress (versions up to 1.9). The vulnerability is a Cross-Site Request Forgery due to missing nonce validation on the settings_form()/update_settings() flow. The plugin’s settings page accepts POST actions and persists configurati...

4.3CVSS5.8AI score0.00103EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.16 views

PT-2026-51703

Name of the Vulnerable Software and Affected Versions Book a Room Event Calendar versions prior to 2.0 Description The Book a Room Event Calendar plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into performing an action they did not...

4.3CVSS5.6AI score0.00103EPSS
Exploits0References9
CVE
CVE
added 2026/06/23 5:21 p.m.15 views

CVE-2025-71382

MuPDF prior to 1.27.0-rc1 is affected by an uncontrolled recursion in the EPUB CSS rendering engine. The function value_from_inheritable_property() in css-apply.c recurses through the CSS property inheritance chain without a depth limit, enabling remote attackers to trigger a denial of service by...

7.1CVSS6AI score0.00316EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:40 p.m.7 views

WordPress Book a Room Event Calendar plugin <= 1.9 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by swat in WordPress Plugin Book a Room Event Calendar versions = 1.9...

4.3CVSS5.8AI score0.00103EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/17 1:20 p.m.12 views

CVE-2026-22334

Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...

7.5CVSS0.00467EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.30 views

CVE-2026-22334 WordPress Woocommerce Book Price plugin <= 1.3 - Arbitrary File Download vulnerability

Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...

7.5CVSS0.00467EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.12 views

CVE-2026-22334

CVE-2026-22334 concerns the WordPress Woocommerce Book Price plugin (&lt;= 1.3). The vulnerability is an Arbitrary File Download that requires authentication (Subscriber level or higher). The CVE entry notes an authenticated path to download arbitrary files, with a base CVSS v3.1 score of 7.5 (HI...

7.5CVSS5.2AI score0.00467EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 12:25 p.m.10 views

OESA-2026-2632 evolution-data-server security update

The evolution-data-server package provides a personal information management application that provides integrated mail, calendaring and address book functionality. The evolution-data-server package provides a single database for common, desktop-wide information, such as a user's address book or...

5.6CVSS5.5AI score0.00189EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.12 views

CVE-2026-41572

Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note I...

5.3CVSS5.3AI score0.00194EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.12 views

CVE-2026-6149

A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Affected by this issue is some unknown functionality of the file /util/BookVehicleFunction.php. Executing a manipulation of the argument BRANCHID can lead to sql injection. The attack may be performed from remote. The...

7.5CVSS7AI score0.0035EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/03 10:1 p.m.14 views

CVE-2026-10152

A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attac...

6.5CVSS6.3AI score0.00206EPSS
Exploits0References1
Wired Threat Level
Wired Threat Level
added 2026/06/01 10:30 a.m.18 views

The Romance Scammer Who Made a Small Fortune Posing as a WWE Superstar

In this excerpt from WIRED Book Club pick The Yahoo Boys, journalist Carlos Barragán traces one scammer’s journey from flop to fortune...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/30 8:16 p.m.14 views

CVE-2026-10152

A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attac...

6.5CVSS0.00206EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/30 7:15 p.m.15 views

EUVD-2026-33471

A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attac...

6.5CVSS5.5AI score0.00206EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/30 7:15 p.m.11 views

CVE-2026-10152

A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attac...

6.5CVSS6.3AI score0.00206EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/30 7:15 p.m.9 views

CVE-2026-10152 TaleLin lin-cms-spring-boot book Endpoint BookController.java access control

A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attac...

6.5CVSS6.3AI score0.00206EPSS
Exploits0References5
OSV
OSV
added 2026/05/30 7:15 p.m.3 views

CVE-2026-10152 TaleLin lin-cms-spring-boot book Endpoint BookController.java access control

A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attac...

5.3CVSS6.2AI score0.00206EPSS
Exploits0References7
Rows per page
Query Builder