CVE-2026-39401

Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, jb child processes can include an updateevent key in their JSON output. The server applies this directly to the parent event's stored configuration without any authorization check. A low-privile...

WordPress EventPrime plugin <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Event Modification via 'eventid' Parameter vulnerability discovered by Supoj Polsawas sp0x5ec in WordPress Plugin EventPrime versions = 4.2.8.4...

CVE-2026-1987

The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. This is due to the schedulerwidgetajaxsaveevent function lacking proper authorization checks and ownership verification when updating events. This makes it...

CVE-2026-1987

The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. This is due to the schedulerwidgetajaxsaveevent function lacking proper authorization checks and ownership verification when updating events. This makes it...

CVE-2026-1987 Scheduler Widget <= 0.1.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Event Modification

The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. This is due to the schedulerwidgetajaxsaveevent function lacking proper authorization checks and ownership verification when updating events. This makes it...

CVE-2026-1987

The PatchStack entry identifies a vulnerability in WordPress Scheduler Widget plugin (versions

CVE-2026-1987

The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. This is due to the schedulerwidgetajaxsaveevent function lacking proper authorization checks and ownership verification when updating events. This makes it...

PT-2026-8086

The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. This is due to the scheduler widget ajax save event function lacking proper authorization checks and ownership verification when updating events. This makes it...

WordPress Scheduler Widget plugin <= 0.1.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Event Modification vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary Event Modification vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin Scheduler Widget versions = 0.1.6...

EUVD-2017-7310

Malware in sbrugna...

EUVD-2007-2393

Malware in sbrugna...

CVE-2025-48937

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those event...

CVE-2018-8949

An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event without attribute UUIDs but attribute IDs set could overwrite an existing attribute...

WordPress plugin 访问控制错误漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An authorization issue vulnerability exists in the Advanced Cron Manager WordPress plugin and the Advanced Cro...

Vulnerabilities fixed in McAfee Agent for Windows

Vulnerabilities have been fixed in McAfee Agent for Windows. A malicious party could potentially exploit the vulnerability with CVE attribute CVE-2021-31840 potentially exploit it to execute arbitrary code with elevated privileges via a "DLL preloading" attack. The vulnerability with CVE attribut...

Fedora 31 : php-horde-kronolith (2020-0fbd043bcf)

kronolith 4.2.29 - mjr Fix regresssion in event modification notifications Bug 15022. ---- kronolith 4.2.28 - mjr SECURITY: Don't leak private details when sending notifications for private events Bug 15011. - mjr Fix regression in display of clickable event URL property Bug 14941. Note that...

CVE-2017-15891

Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors...

CVE-2017-15891

Synology Calendar (before 2.0.1-0242) is affected by an improper access control vulnerability in SYNO.Cal.EventBase. Remote authenticated users can modify calendar events via unspecified vectors. Root cause: access control flaw in EventBase handling. Impact: ability to alter events without proper...

phpCommunityCalendar 4.0.3 &#40;possibly prior versions&#41; sql injection / login bypass / cross site scripting

phpCommunityCalendar 4.0.3 possibly prior versions sql injection / login bypass / cross site scripting software: site: http://open.appideas.com download: http://open.appideas.com/Calendar/ 1 sql injection / login bypass: "admin" directory contains tools for the site administrator. "webadmin"...