CVE-2026-31670

In the Linux kernel, the following vulnerability has been resolved: net: rfkill: prevent unlimited numbers of rfkill events from being created Userspace can create an unlimited number of rfkill events if the system is so configured, while not consuming them from the rfkill file descriptor, causin...

CVE-2026-39329

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was identified in /EventNames.php in ChurchCRM. Authenticated users with AddEvent privileges can inject SQL via the newEvtTypeCntLst parameter during event type creation. The vulnerable flow reach...

PT-2026-30953

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was identified in /EventNames.php in ChurchCRM. Authenticated users with AddEvent privileges can inject SQL via the newEvtTypeCntLst parameter during event type creation. The vulnerable flow reach...

CVE-2025-58638

creationtimestamp| type| source ---|---|--- 2026-01-20 20:12:30+00:00| seen| Telegram/sWyHUnrbIHX-Kbgt2WnfloqXmwwtZwbq4XH8MFv2PgEZKIo...

CVE-2025-67751

ChurchCRM is an open-source church management system. Prior to version 6.5.0, a SQL injection vulnerability exists in the EventEditor.php file. When creating a new event and selecting an event type, the ENtyid POST parameter is not sanitized. This allows an authenticated user with event managemen...

CVE-2025-65021

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability exists in the poll finalization feature of the application. Any authenticated user can finalize a poll they do not own by manipulating the pollId parameter in...

CVE-2025-65021 Rallly Has Unauthorized Poll Finalization via Insecure Direct Object Reference (IDOR)

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability exists in the poll finalization feature of the application. Any authenticated user can finalize a poll they do not own by manipulating the pollId parameter in...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to the missing capability check in the calendar event creation flow. An attacker can access private or restricted group...

EUVD-2019-4088

Malware in sbrugna...

EUVD-2024-0523

Malicious code in bioql PyPI...

EUVD-2022-35080

Malicious code in bioql PyPI...

CVE-2023-47297

creationtimestamp| type| source ---|---|--- 2025-06-23 16:13:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lsbxyv3xpk23...

CVE-2024-0855

The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the eventauthor parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+...

CVE-2024-39031

In Silverpeas Core = 6.3.5, in Mes Agendas, a user can create new events and add them to their calendar. Additionally, users can invite others from the same domain, including administrators, to these events. A standard user can inject an XSS payload into the "Titre" and "Description" fields when...

Silverpeas Core Cross-site Scripting vulnerability

In Silverpeas Core = 6.3.5, in Mes Agendas, a user can create new events and add them to their calendar. Additionally, users can invite others from the same domain, including administrators, to these events. A standard user can inject an XSS payload into the "Titre" and "Description" fields when...

GHSA-VFWH-GVF6-MFF8 Silverpeas Core Cross-site Scripting vulnerability

In Silverpeas Core = 6.3.5, in Mes Agendas, a user can create new events and add them to their calendar. Additionally, users can invite others from the same domain, including administrators, to these events. A standard user can inject an XSS payload into the "Titre" and "Description" fields when...

CVE-2024-39031

In Silverpeas Core = 6.3.5, in Mes Agendas, a user can create new events and add them to their calendar. Additionally, users can invite others from the same domain, including administrators, to these events. A standard user can inject an XSS payload into the "Titre" and "Description" fields when...

PT-2024-28339 · Unknown · Silverpeas Core

Name of the Vulnerable Software and Affected Versions: Silverpeas Core versions = 6.3.5 Description: The issue allows a standard user to inject an XSS payload into the Titre and Description fields when creating an event in Mes Agendas. The user can then invite others, including administrators, to...

CVE-2024-33996

Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to...

PT-2024-4649 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue is related to insufficient input validation, which could allow a remote attacker to execute arbitrary commands. It also involves incorrect validation of allowed event types in a...