867 matches found
PT-2026-4709
In startAnimation of StageCoordinator.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-4701
Name of the Vulnerable Software and Affected Versions versions prior to 2026-0021 Description A cross-user permission bypass exists due to a confused deputy condition in the hasInteractAcrossUsersFullPermission function within the AppInfoBase.java file. This could allow for local escalation of...
PT-2026-4692
In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-4712
Name of the Vulnerable Software and Affected Versions Chromium affected versions not specified Description An integer overflow in multiple functions within ubsan throwing runtime.cpp can cause a UBSan failure. This issue may lead to a remote denial of service without requiring additional executio...
PT-2026-4696
In multiple locations of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-4697
In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to override settings across users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
PT-2026-4708
In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2026-24406
creationtimestamp| type| source ---|---|--- 2026-01-24 01:20:48+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3md52eqfvb52m 2026-01-24 01:20:58+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3md52ezqg6323 2026-01-24 01:33:59+00:00| seen|...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-20805link is external Microsoft Windows Information Disclosure Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actor...
PT-2025-53587
Name of the Vulnerable Software and Affected Versions IBM Aspera Faspex 5 versions 5.0.0 through 5.0.14.1 Description Authenticated users may be able to enumerate sensitive information regarding data due dates by enumerating package identifiers. The issue involves the potential disclosure of data...
WordPress Booking Calendar plugin <= 10.14.8 - Unauthenticated SQL Injection via dates_to_check vulnerability
Unauthenticated SQL Injection via datestocheck vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin Booking Calendar versions = 10.14.8...
CVE-2025-14383
The Booking Calendar plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'datestocheck' parameter in all versions up to, and including, 10.14.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2025-14383 Booking Calendar <= 10.14.8 - Unauthenticated SQL Injection via dates_to_check
The Booking Calendar plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'datestocheck' parameter in all versions up to, and including, 10.14.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2025-14383 Booking Calendar <= 10.14.8 - Unauthenticated SQL Injection via dates_to_check
The Booking Calendar plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'datestocheck' parameter in all versions up to, and including, 10.14.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2025-14383
CVE-2025-14383 : Booking Calendar for WordPress is vulnerable to unauthenticated time-based SQL Injection via the dates_to_check parameter in all versions up to 10.14.8 due to insufficient escaping in user input and query construction. This can allow extraction of sensitive data from the database...
WordPress plugin Booking Calendar SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...
PT-2025-51230
The Booking Calendar plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'dates to check' parameter in all versions up to, and including, 10.14.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2025-66511
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...
EUVD-2025-201444
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...
CVE-2025-66511 Nextcloud Calendar app used predictable proposal participant tokens
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...