Lucene search
K

33 matches found

OSV
OSV
added 2026/05/21 9:30 p.m.2 views

GHSA-46XH-7854-F568 Concrete CMS is vulnerable to authorization bypass in the Calendar Block

Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since actiongetevents does not check canView on the calendar which results in restricted event details being disclosed...

6.3CVSS5.9AI score0.00211EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/21 8:57 p.m.6 views

CVE-2026-8205 Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in Calendar Block since action_get_events does not check canView on the calendar

Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since actiongetevents does not check canView on the calendar which results in restricted event details being disclosed. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...

6.3CVSS5.8AI score0.00211EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 8:57 p.m.8 views

CVE-2026-8205

Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since actiongetevents does not check canView on the calendar which results in restricted event details being disclosed. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...

6.3CVSS5.8AI score0.00211EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/21 8:57 p.m.9 views

EUVD-2026-31351

Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since actiongetevents does not check canView on the calendar which results in restricted event details being disclosed. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...

6.3CVSS5.8AI score0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 8:57 p.m.30 views

CVE-2026-8205 Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in Calendar Block since action_get_events does not check canView on the calendar

Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since actiongetevents does not check canView on the calendar which results in restricted event details being disclosed. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...

6.3CVSS0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier have security vulnerabilities. These vulnerabilities stem from the fact that the actiongetevents function in the calendar block does not check the canView permissions of...

6.3CVSS5.8AI score0.00211EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.13 views

PT-2026-42545

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.5.0 and earlier Description An authorization bypass exists in the Calendar Block. The function action get events fails to verify the canView permission on the calendar, which allows the disclosure of restricted event...

6.3CVSS5.8AI score0.00211EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/02 4:46 a.m.10 views

CVE-2025-11995

The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event details parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS5.2AI score0.00265EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/01 6:30 a.m.5 views

EUVD-2025-37417

The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event details parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS4.8AI score0.00265EPSS
Exploits0References4
NVD
NVD
added 2025/11/01 5:16 a.m.11 views

CVE-2025-11995

The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event details parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS0.00265EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/01 4:27 a.m.9 views

CVE-2025-11995 Community Events <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting

The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event details parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS0.00265EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-8502

Malware in sbrugna...

5CVSS6.4AI score0.01173EPSS
Exploits0References3
OSV
OSV
added 2025/06/07 12:15 p.m.3 views

CVE-2024-9993

The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eaeleventdetailstext parameter of Event Calendar Widget in all versions up to, and including, 6.1.12 due to...

5.4CVSS5.9AI score0.00176EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:22 a.m.3 views

CVE-2024-1295

The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. e.g. password-protected events, drafts, etc...

6.5CVSS6.7AI score0.00464EPSS
Exploits2References1
Circl
Circl
added 2025/05/16 2:11 p.m.12 views

GHSA-QX2M-RCPC-V43V

creationtimestamp| type| source ---|---|--- 2025-05-16 14:11:05+00:00| seen| https://poliverso.org/objects/0477a01e-0aa1c1a3-596b69f6d4d09712 2025-05-17 11:21:04+00:00| seen| https://bsky.app/profile/hnws.bsky.social/post/3lpegg44dal2f 2025-05-17 12:00:05+00:00| seen|...

4.8AI score
Exploits0References7
Circl
Circl
added 2025/05/06 3:20 a.m.14 views

CVE-2025-47297

creationtimestamp| type| source ---|---|--- 2025-05-06 03:20:01+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15036 2025-05-06 06:21:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3loiajosack2e...

4.8AI score
Exploits0References2
Circl
Circl
added 2025/01/29 11:57 a.m.2 views

CVE-2024-54461

creationtimestamp| type| source ---|---|--- 2025-01-29 11:57:21+00:00| seen| https://infosec.exchange/users/cve/statuses/113911519018810757 2025-01-29 12:16:02+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgux4xjmjn2h 2025-01-29 15:14:40+00:00| seen|...

7.1CVSS5.8AI score0.00198EPSS
Exploits0References4
Circl
Circl
added 2024/12/05 12:21 p.m.8 views

CVE-2024-40763

creationtimestamp| type| source ---|---|--- 2024-12-05 12:21:10+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113600185597148773 2024-12-05 13:44:36+00:00| seen| https://infosec.exchange/users/cve/statuses/113600513695281317 2024-12-05 16:11:52+00:00| seen|...

7.5CVSS8.7AI score0.0095EPSS
Exploits0References5
Circl
Circl
added 2024/11/13 2:12 p.m.5 views

CVE-2024-40590

creationtimestamp| type| source ---|---|--- 2024-11-13 14:12:43+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113476053415922211 2025-03-14 16:42:25+00:00| seen| https://t.me/cvedetector/20295 2025-03-14 16:46:11+00:00| seen|...

4.8CVSS4.8AI score0.00152EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/01/12 12:0 a.m.4 views

Judging Management System security breach

Judging Management System is a judging management system by Carlo Montero Personal Developer. A security vulnerability exists in Sourcecodester Judging Management System v1.0, which stems from an SQL injection vulnerability that allows remote attackers to execute arbitrary code and obtain sensiti...

9.8CVSS8.5AI score0.01024EPSS
Exploits1References2
Rows per page
Query Builder