5 matches found
CVE-2026-59234 Authorization Bypass Through User-Controlled Key in Prospero Flow CRM calendar event deletion
Authorization Bypass Through User-Controlled Key CWE-639 in CalendarDeleteEventController app/Http/Controllers/Calendar/CalendarDeleteEventController.php, exposed at GET /calendar/event/delete/id, in Prospero Flow CRM before 5.5.3 allows a remote, authenticated attacker to delete arbitrary calend...
DEBIAN-CVE-2022-49796
In the Linux kernel, the following vulnerability has been resolved: tracing: kprobe: Fix potential null-ptr-deref on tracearray in kprobeeventgentestexit When testgenkprobecmd failed after kprobeeventgencmdend, it will goto delete, which will call kprobeeventdelete and release the corresponding...
PT-2024-26433 · Libyaml · Libyaml
Name of the Vulnerable Software and Affected Versions: libyaml versions up to 0.2.5 Description: A vulnerability was found in libyaml, affecting the function yaml event delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free. Recommendations: For libyaml versions up to...
HTB22981: Multiple XSS (Cross Site Scripting) vulnerabilities in PHP Calendar Basic
Vulnerability ID: HTB22981 Reference: http://www.htbridge.ch/advisory/multiplexsscrosssitescriptingvulnerabilitiesinphpcalendarbasic.html Product: PHP Calendar Basic Vendor: Kubelabs.com http://www.kubelabs.com/ Vulnerable Version: 2.3 and probably prior versions Vendor Notification: 03 May 2011...
PHP Calendar Basic 2.3 Cross Site Scripting
Vulnerability ID: HTB22981 Reference: http://www.htbridge.ch/advisory/multiplexsscrosssitescriptingvulnerabilitiesinphpcalendarbasic.html Product: PHP Calendar Basic Vendor: Kubelabs.com http://www.kubelabs.com/ Vulnerable Version: 2.3 and probably prior versions Vendor Notification: 03 May 2011...