CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

663 matches found

WordPress RSVP and Event Management <2.7.8 - Missing Authorization

WordPress RSVP and Event Management plugin before 2.7.8 is susceptible to missing authorization. The plugin does not have any authorization checks when exporting its entries, and the export function is hooked to the init action. An attacker can potentially retrieve sensitive information such as...

5.3CVSS5.7AI score0.11691EPSS

Exploits1References3

RedhatCVE•added 5 days ago•12 views

CVE-2026-7537

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

7.2CVSS6.3AI score0.00358EPSS

Exploits1References1

ATTACKERKB•added 6 days ago•8 views

CVE-2026-7537

7.2CVSS6.3AI score0.00358EPSS

Exploits1References11

CVE•added 6 days ago•26 views

CVE-2026-7537

The CVE concerns the MDJM Event Management WordPress plugin (≤ 1.7.8.3). The vulnerability is an Arbitrary File Upload via the mdjm_send_comm_email function, caused by lack of validation for file type, extension, and MIME type on uploads. This enables authenticated attackers with administrator-le...

7.2CVSS6.3AI score0.00358EPSS

Exploits1References10

Vulnrichment•added 6 days ago•8 views

CVE-2026-7537 MDJM Event Management <= 1.7.8.3 - Authenticated (Administrator+) Arbitrary File Upload via 'mdjm_email_upload_file' Parameter

7.2CVSS6.3AI score0.00358EPSS

Exploits1References10

EUVD•added 6 days ago•11 views

EUVD-2026-34948

7.2CVSS6.3AI score0.00358EPSS

Exploits1References10

Cvelist•added 6 days ago•31 views

CVE-2026-7537 MDJM Event Management <= 1.7.8.3 - Authenticated (Administrator+) Arbitrary File Upload via 'mdjm_email_upload_file' Parameter

7.2CVSS0.00358EPSS

Exploits1References10

Vulnrichment•added last week•6 views

CVE-2026-8608 Event Monster <= 2.1.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass via em_capture_payment AJAX Action

The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capturepayment AJAX handler registered via wpajaxnoprivemcapturepayment trusting...

5.3CVSS5.6AI score0.00023EPSS

Exploits0References5

RedhatCVE•added last week•7 views

CVE-2026-27398

Missing Authorization vulnerability in WP Chill RSVP and Event Management allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RSVP and Event Management: from n/a through 2.7.16...

5.3CVSS5.5AI score0.00037EPSS

Exploits0References1

RedhatCVE•added last week•5 views

CVE-2026-34279

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Event Management. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle...

9.1CVSS7.3AI score0.00038EPSS

Exploits0References1

Patchstack•added 2026/06/05 2:20 p.m.•5 views

WordPress MDJM Event Management plugin <= 1.7.8.3 - Authenticated (Administrator+) Arbitrary File Upload vulnerability

Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin Mobile DJ Manager versions = 1.7.8.3...

7.2CVSS5.4AI score0.00358EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2026/06/05 12:0 a.m.•8 views

PT-2026-47070

Name of the Vulnerable Software and Affected Versions The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress versions prior to 2.1.1 Description The software is affected by Insufficient Verification of Data Authenticity. The capture payment AJAX handler, registered vi...

5.3CVSS5.6AI score0.00023EPSS

Exploits0References8

Packet Storm News•added 2026/06/03 12:0 a.m.•10 views

From Attack Simulation to SIEM Rule: Deterministic Detection-As-Code Synthesis with Probe-Level Traceability

Security teams routinely simulate attacks against their own systems to check whether their monitoring would catch a real intruder. These Breach-and-Attack-Simulation BAS tools surface findings, but the security information and event management SIEM systems that watch production need detection rul...

5.4AI score

Exploits0

Packet Storm News•added 2026/05/27 12:0 a.m.•10 views

OSSEC HIDS 4.1.0

OSSEC is a full platform to monitor and control your systems. It mixes together all the aspects of HIDS host-based intrusion detection, log monitoring and SIM/SIEM together in a simple, powerful and open source solution. This is the source code release...

5.9AI score

Exploits0

NVD•added 2026/05/25 10:16 p.m.•6 views

CVE-2026-27398

5.3CVSS0.00037EPSS

Exploits0References1

Cvelist•added 2026/05/25 9:56 p.m.•16 views

CVE-2026-27398 WordPress RSVP and Event Management plugin <= 2.7.16 - Broken Access Control vulnerability

5.3CVSS0.00037EPSS

Exploits0References1

CVE•added 2026/05/25 9:56 p.m.•18 views

CVE-2026-27398

The CVE-2026-27398 entry describes a Missing Authorization vulnerability in the WordPress RSVP and Event Management plugin, affecting versions up to 2.7.16. The issue is classified as a Broken Access Control vulnerability with insecure access configuration allowing exploitation without user inter...

5.3CVSS5.8AI score0.00037EPSS

Exploits0References1

EUVD•added 2026/05/25 9:56 p.m.•7 views

EUVD-2026-31756

5.3CVSS5.8AI score0.00037EPSS

Exploits0References1

Vulnrichment•added 2026/05/25 9:56 p.m.•6 views

CVE-2026-27398 WordPress RSVP and Event Management plugin <= 2.7.16 - Broken Access Control vulnerability

5.3CVSS5.8AI score0.00037EPSS

Exploits0References1

Patchstack•added 2026/05/25 9:55 p.m.•9 views

WordPress RSVP and Event Management plugin <= 2.7.16 - Broken Access Control vulnerability