9225 matches found
SuiteCRM - SQL Injection
SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. id: CVE-2024-36412 info: name: SuiteC...
MISP < 2.5.37 - SQL Injection
MISP before 2.5.37 is vulnerable to SQL injection via the order parameter in EventsController. The POST body order value is passed directly into ORDER BY clauses without validation. id: CVE-2026-44381 info: name: MISP 2.5.37 - SQL Injection author: malcha severity: medium description: | MISP befo...
WordPress Events Calendar 6.8.2.1 - Information Disclosure
The Events Calendar WordPress plugin 6.8.2.1 contains missing access checks in the REST API, letting unauthenticated users access information about password protected events, exploit requires no authentication. id: CVE-2024-5333 info: name: WordPress Events Calendar 6.8.2.1 - Information Disclosu...
My Calendar WordPress Plugin - Information Disclosure
My Calendar WordPress plugin = 3.7.6 contains an injection vulnerability caused by unvalidated user input passed to parsestr in mcajaxmcjsaction endpoint, letting unauthenticated attackers access or crash sites via switchtoblog, exploit requires WordPress Multisite or Single Site setup. id:...
Registrations for The Events Calendar < 2.7.5 - Authenticated Reflected Cross-Site Scripting
The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting id: CVE-2021-24876 info: name: Registrations for The Events Calendar 2.7.5 - Authenticated Reflected...
The Events Calendar < 6.4.0.1 - Cross-site Scripting
The Events Calendar WordPress plugin 6.4.0.1 contains a stored XSS caused by improper sanitization of user-submitted content when rendering views via AJAX, letting attackers execute scripts in the context of the affected site. Exploitation requires user interaction. id: CVE-2024-4180 info: name:...
WordPress Events Calendar <1.4.5 - Cross-Site Scripting
WordPress Events Calendar plugin before 1.4.5 contains multiple cross-site scripting vulnerabilities. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the...
WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection
WordPress Modern Events Calendar plugin before 6.1.5 is susceptible to blind SQL injection. The plugin does not sanitize and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action. An attacker can possibly obtain sensitive information, modify data, and/o...
WordPress Modern Events Calendar Lite <5.16.5 - Authenticated Arbitrary File Upload
WordPress Modern Events Calendar Lite plugin before 5.16.5 is susceptible to authenticated arbitrary file upload. The plugin does not properly check the imported file, allowing PHP files to be uploaded and/or executed by an administrator or other high-privilege user using the text/csv content-typ...
CVE-2026-57713
Deserialization of Untrusted Data vulnerability in Marcus aka @msykes Events Manager events-manager allows Object Injection.This issue affects Events Manager: from n/a through = 7.3.6...
CVE-2026-15574
creationtimestamp| type| source ---|---|--- 2026-07-13 09:50:32+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjg4qea2f2i 2026-07-13 09:50:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjg4wv44l2k 2026-07-14 01:10:43+00:00| seen|...
EUVD-2026-43285
The User Registration & Membership WordPress plugin before 5.2.2 does not verify the authenticity of incoming payment-provider webhook notifications before acting on them, allowing unauthenticated attackers to forge a payment-approved event and activate a paid membership subscription without...
CVE-2026-57713
CVE-2026-57713 : The WordPress Plugins Events Manager (events-manager ) is affected up to version 7.3.6. The issue is a PHP Object Injection caused by deserialization of untrusted data, enabling object injection. The affected component is the Events Manager plugin for WordPress; root cause is des...
CVE-2026-57713 WordPress Events Manager plugin <= 7.3.6 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Marcus aka @msykes Events Manager events-manager allows Object Injection.This issue affects Events Manager: from n/a through = 7.3.6...
WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure
WordPress Modern Events Calendar Lite before 5.16.5 does not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format. id: CVE-2021-24146 info: name: WordPress Modern Events Calendar Lite 5.16.5 - Sensitive Information Disclosure...
CVE-2026-15522
creationtimestamp| type| source ---|---|--- 2026-07-13 03:28:55+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqiqseevj52c 2026-07-13 03:32:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqiqz75lmn2x 2026-07-13 21:03:37+00:00| seen|...
CVE-2019-6160
creationtimestamp| type| source ---|---|--- 2026-07-12 22:00:19+00:00| seen| https://t.me/pleyadesit/4210 2026-07-13 00:00:42+00:00| seen| https://t.me/pleyadesit/4210 2026-07-14 00:00:43+00:00| seen| https://t.me/pleyadesit/4210...
CVE-2020-6109
creationtimestamp| type| source ---|---|--- 2026-07-12 22:00:18+00:00| seen| https://t.me/pleyadesit/6631 2026-07-13 00:00:41+00:00| seen| https://t.me/pleyadesit/6631 2026-07-14 00:00:49+00:00| seen| https://t.me/pleyadesit/6631...
CVE-2020-5777
creationtimestamp| type| source ---|---|--- 2026-07-12 22:00:17+00:00| seen| https://t.me/pleyadesit/7444 2026-07-13 00:00:41+00:00| seen| https://t.me/pleyadesit/7444 2026-07-14 00:00:51+00:00| seen| https://t.me/pleyadesit/7444...
CVE-2020-24436
creationtimestamp| type| source ---|---|--- 2026-07-12 22:00:16+00:00| seen| https://t.me/pleyadesit/7890 2026-07-13 00:00:40+00:00| seen| https://t.me/pleyadesit/7890 2026-07-14 00:00:51+00:00| seen| https://t.me/pleyadesit/7890...