CVE-2026-1655

The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the savefrontendeventsubmission function accepting a user-controlled eventid parameter and updating the correspondi...

CVE-2026-1655

CVE-2026-1655 — EventPrime for WordPress : Unauthorized post modification due to missing authorization checks in save_frontend_event_submission, which uses a user-controlled event_id to update posts. Affected versions are up to 4.2.8.4; patch exists in 4.2.8.4+. The issue allows authenticated (Cu...

CVE-2026-1655 EventPrime <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter

The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the savefrontendeventsubmission function accepting a user-controlled eventid parameter and updating the correspondi...

CVE-2026-1655 EventPrime <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter

The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the savefrontendeventsubmission function accepting a user-controlled eventid parameter and updating the correspondi...

WordPress EventPrime plugin <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Event Modification via 'eventid' Parameter vulnerability discovered by Supoj Polsawas sp0x5ec in WordPress Plugin EventPrime versions = 4.2.8.4...

EUVD-2021-13717

Malware in sbrugna...

EUVD-2005-1020

Malware in sbrugna...

EUVD-2006-1907

Malware in sbrugna...

EUVD-2006-1426

Malware in sbrugna...

EUVD-2018-17094

Malware in sbrugna...

EUVD-2009-1940

Malware in sbrugna...

EUVD-2005-4392

Malware in sbrugna...

EUVD-2005-1484

Malware in sbrugna...

EUVD-2009-0803

Malware in sbrugna...

EUVD-2023-34628

Malicious code in bioql PyPI...

CVE-2025-54433 Bugsink is vulnerable to Path Traversal attacks via event_id in ingestion

Bugsink is a self-hosted error tracking service. In versions 1.4.2 and below, 1.5.0 through 1.5.4, 1.6.0 through 1.6.3, and 1.7.0 through 1.7.3, ingestion paths construct file locations directly from untrusted eventid input without validation. A specially crafted eventid can result in paths outsi...

CVE-2025-54433

Bugsink suffers from a Path Traversal vulnerability (CVE-2025-54433) where ingestion paths are constructed from unvalidated event_id input. Affected versions include 1.4.2 and earlier, 1.5.0–1.5.4, 1.6.0–1.6.3, and 1.7.0–1.7.3. An attacker with a valid DSN can craft an event_id to cause file writ...

Bugsink 路径遍历漏洞

Bugsink is a self-hosted bug tracking software from Bugsink open source. Bugsink suffers from a path traversal vulnerability that stems from improperly constructed paths due to unvalidated eventid inputs, which could lead to arbitrary file overwriting or creation. The following versions are...

Bugsink path traversal via event_id in ingestion

Summary In affected versions, ingestion paths construct file locations directly from untrusted eventid input without validation. A specially crafted eventid can result in paths outside the intended directory, potentially allowing file overwrite or creation in arbitrary locations. Submitting such...

CVE-2024-28322

SQL Injection vulnerability in /event-management-master/backend/register.php in PuneethReddyHC Event Management 1.0 allows attackers to run arbitrary SQL commands via the eventid parameter in a crafted POST request...