Lucene search
+L

58 matches found

Cvelist
Cvelist
added 2 days ago33 views

CVE-2025-60357

AhnLab EPP Management v1.0.14.32-6249 was discovered to contain a NoSQL injection vulnerability via the eventlog/agentEvent/list endpoint...

0.00401EPSS
Exploits1References2
GithubExploit
GithubExploit
added 4 days ago41 views

Exploit for CVE-2025-60357

CVE-2025-60357- NoSQLMongoDB Injection Vulnerab...

6.1AI score0.00401EPSS
Exploits1
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.11 views

Outline 信息泄露漏洞

Outline is an open-source knowledge base developed by Outline. Versions of Outline prior to 1.5 had a vulnerability related to information leakage. This vulnerability stemmed from logical flaws in the filtering mechanism of the event list API endpoint, which could allow any authenticated user to...

4.3CVSS5.7AI score0.00229EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:46 a.m.2 views

CVE-2022-0418

The Event List WordPress plugin before 0.8.8 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks against other admin even when the unfilteredhtml is disallowed...

4.8CVSS6.1AI score0.00577EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/12/17 7:4 p.m.29 views

CVE-2025-66395 SQL Injection in Event List via `WhichType` Parameter

ChurchCRM is an open-source church management system. Prior to version 6.5.3, a SQL injection vulnerability exists in the src/ListEvents.php file. When filtering events by type, the WhichType POST parameter is not properly sanitized or type-casted before being used in multiple SQL queries. This...

8.8CVSS0.00333EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/17 7:4 p.m.4 views

CVE-2025-66395 SQL Injection in Event List via `WhichType` Parameter

ChurchCRM is an open-source church management system. Prior to version 6.5.3, a SQL injection vulnerability exists in the src/ListEvents.php file. When filtering events by type, the WhichType POST parameter is not properly sanitized or type-casted before being used in multiple SQL queries. This...

8.8CVSS7.8AI score0.00333EPSS
Exploits1References1
OSV
OSV
added 2025/12/17 7:4 p.m.5 views

CVE-2025-66395 SQL Injection in Event List via `WhichType` Parameter

ChurchCRM is an open-source church management system. Prior to version 6.5.3, a SQL injection vulnerability exists in the src/ListEvents.php file. When filtering events by type, the WhichType POST parameter is not properly sanitized or type-casted before being used in multiple SQL queries. This...

8.8CVSS8.2AI score0.00333EPSS
Exploits1References3
CVE
CVE
added 2025/12/17 7:4 p.m.12 views

CVE-2025-66395

CVE-2025-66395 affects ChurchCRM prior to 6.5.3. The vulnerability is a SQL injection in src/ListEvents.php when filtering events by type using the WhichType POST parameter, which is not properly sanitized or type-casted before multiple SQL queries. Any authenticated user, regardless of privilege...

8.8CVSS7.8AI score0.00333EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.6 views

PT-2025-49653

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The perf tool within the Linux kernel contains a memory leak in the x86 CPUID detection mechanism. The leak occurs when using the perf env read cpuid function, triggered during CPUID...

5.9AI score0.00174EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2017-3654

Malware in sbrugna...

6.1CVSS6.3AI score0.0078EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-18364

Malware in sbrugna...

8.8CVSS8.7AI score0.0273EPSS
Exploits4References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-28729

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.00284EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/30 6:17 p.m.5 views

CVE-2025-6366

The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.0.4. This is due to the plugin not properly validating a user's capabilities prior to updating their profile in the elupdateprofile function. This makes it possible for authenticated...

8.8CVSS6AI score0.00284EPSS
Exploits0References1
NVD
NVD
added 2025/08/26 3:15 p.m.5 views

CVE-2025-6366

The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.0.4. This is due to the plugin not properly validating a user's capabilities prior to updating their profile in the elupdateprofile function. This makes it possible for authenticated...

8.8CVSS0.00284EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/26 2:26 p.m.2 views

CVE-2025-6366 Event List <= 2.0.4 - Authenticated (Subscriber+) Privilege Escalation

The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.0.4. This is due to the plugin not properly validating a user's capabilities prior to updating their profile in the elupdateprofile function. This makes it possible for authenticated...

8.8CVSS7.1AI score0.00284EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/26 2:26 p.m.10 views

CVE-2025-6366 Event List <= 2.0.4 - Authenticated (Subscriber+) Privilege Escalation

The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.0.4. This is due to the plugin not properly validating a user's capabilities prior to updating their profile in the elupdateprofile function. This makes it possible for authenticated...

8.8CVSS0.00284EPSS
Exploits0References2
CVE
CVE
added 2025/08/26 2:26 p.m.22 views

CVE-2025-6366

CVE-2025-6366 – The Event List WordPress plugin (versions ≤ 2.0.4) is vulnerable to privilege escalation due to insufficient validation of user capabilities in el_update_profile(). Authenticated users with Subscriber+ can elevate to administrator. Evidence from Wordfence/NVD/CVE records indicates...

8.8CVSS6.5AI score0.00284EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.4 views

PT-2025-34779 · WordPress · Event List

Name of the Vulnerable Software and Affected Versions: Event List plugin for WordPress versions up to and including 2.0.4 Description: The Event List plugin for WordPress is susceptible to privilege escalation. This occurs because the plugin does not adequately validate a user’s capabilities befo...

8.8CVSS6.7AI score0.00284EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/08/26 12:0 a.m.2 views

WordPress plugin Event List 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin Event List...

8.8CVSS6.5AI score0.00284EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-25815

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names f...

6.1CVSS6.9AI score0.01104EPSS
Exploits0References2
Rows per page
Query Builder