GHSA-2J2X-HQR9-3H42

creationtimestamp| type| source ---|---|--- 2026-06-03 21:10:57+00:00| seen| https://gist.github.com/alon710/c225f7d330b57c3901ac40c39f91bf81...

CVE-2026-26825

creationtimestamp| type| source ---|---|--- 2026-06-03 20:45:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnfy2fprcb2u...

CVE-2026-46257

In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/timer-sp804: Fix an Oops when readcurrenttimer is called on ARM32 platforms where the SP804 is not registered as the schedclock. On SP804, the delay timer shares the same clkevt instance with schedclock. On so...

CVE-2026-46257

The CVE-2026-46257 entry concerns the Linux kernel SP804 timer on ARM32. The root cause was that the delay timer shared a clkevt instance with sched_clock; when sp804_clocksource_and_sched_clock_init used use_sched_clock != 1, sched_clkevt was not properly initialized, and read_current_timer invo...

CVE-2026-35081

creationtimestamp| type| source ---|---|--- 2026-06-03 13:10:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnf6ny6u772v 2026-06-03 21:00:54+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnfywe2uj72n...

CVE-2026-35085

creationtimestamp| type| source ---|---|--- 2026-06-03 12:51:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnf5lbwf2m2m...

CVE-2026-49975

creationtimestamp| type| source ---|---|--- 2026-06-03 12:19:44+00:00| seen| https://bsky.app/profile/hmier.bsky.social/post/3mnf3sod7zs24 2026-06-03 21:00:04+00:00| seen| https://t.me/GithubRedTeam/87196 2026-06-03 23:21:37+00:00| seen| https://bsky.app/profile/buyoh.bsky.social/post/3mngas7khi2...

CVE-2026-47065

creationtimestamp| type| source ---|---|--- 2026-06-03 11:49:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnf24u465g2o...

Quick Event Manager < 9.7.5 - Cross-Site Scripting

The Quick Event Manager WordPress Plugin, version 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qemajaxcalendar' action. id: CVE-2023-23491 info: name: Quick Event Manager 9.7.5 - Cross-Site Scripting author: ritikchaddha severity: medium...

WordPress Spider Calendar <=1.5.65 - Cross-Site Scripting

WorsPress Spider Calendar plugin through 1.5.65 is susceptible to cross-site scripting. The plugin does not sanitize and escape the callback parameter before outputting it back in the page via the window AJAX action, available to both unauthenticated and authenticated users. An attacker can injec...

Event Monster <= 1.4.3 - Information Exposure Via Visitors List Export

The Event Monster Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename...

WordPress Spider Calendar <=1.4.9 - SQL Injection

WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the catid parameter in a spiderbigcalendarmonth action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execut...

Event Espresso Core-Reg 4.10.7.p - Cross-Site Scripting

Event Espresso Core-Reg 4.10.7.p is vulnerable to cross-site scripting in wp-content/plugins/event-espresso-core-reg/adminpages/messages/templates/eemsgadminoverview.template.php and allows remote attackers to inject arbitrary web script or HTML via the page parameter. id: CVE-2020-26153 info:...

ChurchCRM - SQL Injection

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a time-based blind SQL Injection vulnerability in the EditEventTypes functionality. The newCountName parameter is directly concatenated into an SQL query without proper...

WordPress RSVP and Event Management <2.7.8 - Missing Authorization

WordPress RSVP and Event Management plugin before 2.7.8 is susceptible to missing authorization. The plugin does not have any authorization checks when exporting its entries, and the export function is hooked to the init action. An attacker can potentially retrieve sensitive information such as...

Sourcecodester Online Event Booking and Reservation System 2.3.0 - Cross-Site Scripting

Sourcecodester Online Event Booking and Reservation System 2.3.0 contains a cross-site scripting vulnerability in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clic...

WordPress Event Tickets < 5.2.2 - Open Redirect

WordPress Event Tickets 5.2.2 is susceptible to an open redirect vulnerability. The plugin does not validate the tribeticketsredirectto parameter before redirecting the user to the given value, leading to an arbitrary redirect issue. id: CVE-2021-25028 info: name: WordPress Event Tickets 5.2.2 -...

CVE-2026-10621

creationtimestamp| type| source ---|---|--- 2026-06-03 03:00:53+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mne4le5pgz2r...

CVE-2026-39552

creationtimestamp| type| source ---|---|--- 2026-06-03 02:00:56+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mndza6m4472n...

PT-2026-46020

In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/timer-sp804: Fix an Oops when read current timer is called on ARM32 platforms where the SP804 is not registered as the sched clock. On SP804, the delay timer shares the same clkevt instance with sched clock. O...