33 matches found
GHSA-46XH-7854-F568 Concrete CMS is vulnerable to authorization bypass in the Calendar Block
Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since actiongetevents does not check canView on the calendar which results in restricted event details being disclosed...
CVE-2026-8205 Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in Calendar Block since action_get_events does not check canView on the calendar
Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since actiongetevents does not check canView on the calendar which results in restricted event details being disclosed. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...
CVE-2026-8205
Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since actiongetevents does not check canView on the calendar which results in restricted event details being disclosed. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...
EUVD-2026-31351
Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since actiongetevents does not check canView on the calendar which results in restricted event details being disclosed. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...
CVE-2026-8205 Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in Calendar Block since action_get_events does not check canView on the calendar
Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since actiongetevents does not check canView on the calendar which results in restricted event details being disclosed. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...
Concrete CMS 安全漏洞
Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier have security vulnerabilities. These vulnerabilities stem from the fact that the actiongetevents function in the calendar block does not check the canView permissions of...
PT-2026-42545
Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.5.0 and earlier Description An authorization bypass exists in the Calendar Block. The function action get events fails to verify the canView permission on the calendar, which allows the disclosure of restricted event...
CVE-2025-11995
The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event details parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
EUVD-2025-37417
The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event details parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-11995
The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event details parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-11995 Community Events <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting
The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event details parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
EUVD-2014-8502
Malware in sbrugna...
CVE-2024-9993
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eaeleventdetailstext parameter of Event Calendar Widget in all versions up to, and including, 6.1.12 due to...
CVE-2024-1295
The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. e.g. password-protected events, drafts, etc...
GHSA-QX2M-RCPC-V43V
creationtimestamp| type| source ---|---|--- 2025-05-16 14:11:05+00:00| seen| https://poliverso.org/objects/0477a01e-0aa1c1a3-596b69f6d4d09712 2025-05-17 11:21:04+00:00| seen| https://bsky.app/profile/hnws.bsky.social/post/3lpegg44dal2f 2025-05-17 12:00:05+00:00| seen|...
CVE-2025-47297
creationtimestamp| type| source ---|---|--- 2025-05-06 03:20:01+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15036 2025-05-06 06:21:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3loiajosack2e...
CVE-2024-54461
creationtimestamp| type| source ---|---|--- 2025-01-29 11:57:21+00:00| seen| https://infosec.exchange/users/cve/statuses/113911519018810757 2025-01-29 12:16:02+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgux4xjmjn2h 2025-01-29 15:14:40+00:00| seen|...
CVE-2024-40763
creationtimestamp| type| source ---|---|--- 2024-12-05 12:21:10+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113600185597148773 2024-12-05 13:44:36+00:00| seen| https://infosec.exchange/users/cve/statuses/113600513695281317 2024-12-05 16:11:52+00:00| seen|...
CVE-2024-40590
creationtimestamp| type| source ---|---|--- 2024-11-13 14:12:43+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113476053415922211 2025-03-14 16:42:25+00:00| seen| https://t.me/cvedetector/20295 2025-03-14 16:46:11+00:00| seen|...
Judging Management System security breach
Judging Management System is a judging management system by Carlo Montero Personal Developer. A security vulnerability exists in Sourcecodester Judging Management System v1.0, which stems from an SQL injection vulnerability that allows remote attackers to execute arbitrary code and obtain sensiti...