Lucene search
K

9225 matches found

Nuclei
Nuclei
added 14 hours ago258 views

SuiteCRM - SQL Injection

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. id: CVE-2024-36412 info: name: SuiteC...

10CVSS7.1AI score0.05692EPSS
Exploits1References2
Nuclei
Nuclei
added 14 hours ago7 views

MISP < 2.5.37 - SQL Injection

MISP before 2.5.37 is vulnerable to SQL injection via the order parameter in EventsController. The POST body order value is passed directly into ORDER BY clauses without validation. id: CVE-2026-44381 info: name: MISP 2.5.37 - SQL Injection author: malcha severity: medium description: | MISP befo...

9.3CVSS6.1AI score0.0054EPSS
Exploits0References3
Nuclei
Nuclei
added 14 hours ago50 views

WordPress Events Calendar 6.8.2.1 - Information Disclosure

The Events Calendar WordPress plugin 6.8.2.1 contains missing access checks in the REST API, letting unauthenticated users access information about password protected events, exploit requires no authentication. id: CVE-2024-5333 info: name: WordPress Events Calendar 6.8.2.1 - Information Disclosu...

5.3CVSS7AI score0.01092EPSS
Exploits1References2
Nuclei
Nuclei
added 14 hours ago163 views

My Calendar WordPress Plugin - Information Disclosure

My Calendar WordPress plugin = 3.7.6 contains an injection vulnerability caused by unvalidated user input passed to parsestr in mcajaxmcjsaction endpoint, letting unauthenticated attackers access or crash sites via switchtoblog, exploit requires WordPress Multisite or Single Site setup. id:...

8.8CVSS6.1AI score0.00932EPSS
Exploits0References2
Nuclei
Nuclei
added 14 hours ago12 views

Registrations for The Events Calendar < 2.7.5 - Authenticated Reflected Cross-Site Scripting

The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting id: CVE-2021-24876 info: name: Registrations for The Events Calendar 2.7.5 - Authenticated Reflected...

6.1CVSS6.4AI score0.01165EPSS
Exploits2References2
Nuclei
Nuclei
added 14 hours ago22 views

The Events Calendar < 6.4.0.1 - Cross-site Scripting

The Events Calendar WordPress plugin 6.4.0.1 contains a stored XSS caused by improper sanitization of user-submitted content when rendering views via AJAX, letting attackers execute scripts in the context of the affected site. Exploitation requires user interaction. id: CVE-2024-4180 info: name:...

9.1CVSS6.2AI score0.01834EPSS
Exploits2References3
Nuclei
Nuclei
added 14 hours ago53 views

WordPress Events Calendar <1.4.5 - Cross-Site Scripting

WordPress Events Calendar plugin before 1.4.5 contains multiple cross-site scripting vulnerabilities. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the...

6.1CVSS6.4AI score0.00891EPSS
Exploits2References2
Nuclei
Nuclei
added 14 hours ago135 views

WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection

WordPress Modern Events Calendar plugin before 6.1.5 is susceptible to blind SQL injection. The plugin does not sanitize and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action. An attacker can possibly obtain sensitive information, modify data, and/o...

9.8CVSS7.1AI score0.728EPSS
Exploits7References5
Nuclei
Nuclei
added 14 hours ago57 views

WordPress Modern Events Calendar Lite <5.16.5 - Authenticated Arbitrary File Upload

WordPress Modern Events Calendar Lite plugin before 5.16.5 is susceptible to authenticated arbitrary file upload. The plugin does not properly check the imported file, allowing PHP files to be uploaded and/or executed by an administrator or other high-privilege user using the text/csv content-typ...

7.2CVSS7.2AI score0.88158EPSS
Exploits9References5
NVD
NVD
added yesterday5 views

CVE-2026-57713

Deserialization of Untrusted Data vulnerability in Marcus aka @msykes Events Manager events-manager allows Object Injection.This issue affects Events Manager: from n/a through = 7.3.6...

8.8CVSS0.00461EPSS
Exploits0References1
Circl
Circl
added yesterday4 views

CVE-2026-15574

creationtimestamp| type| source ---|---|--- 2026-07-13 09:50:32+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjg4qea2f2i 2026-07-13 09:50:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjg4wv44l2k 2026-07-14 01:10:43+00:00| seen|...

7.5CVSS6.1AI score0.00259EPSS
Exploits0References3
EUVD
EUVD
added yesterday6 views

EUVD-2026-43285

The User Registration & Membership WordPress plugin before 5.2.2 does not verify the authenticity of incoming payment-provider webhook notifications before acting on them, allowing unauthenticated attackers to forge a payment-approved event and activate a paid membership subscription without...

9.1CVSS6.1AI score0.00148EPSS
Exploits0References2
CVE
CVE
added yesterday12 views

CVE-2026-57713

CVE-2026-57713 : The WordPress Plugins Events Manager (events-manager ) is affected up to version 7.3.6. The issue is a PHP Object Injection caused by deserialization of untrusted data, enabling object injection. The affected component is the Events Manager plugin for WordPress; root cause is des...

8.8CVSS6.1AI score0.00461EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday29 views

CVE-2026-57713 WordPress Events Manager plugin <= 7.3.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Marcus aka @msykes Events Manager events-manager allows Object Injection.This issue affects Events Manager: from n/a through = 7.3.6...

8.8CVSS0.00461EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday104 views

WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure

WordPress Modern Events Calendar Lite before 5.16.5 does not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format. id: CVE-2021-24146 info: name: WordPress Modern Events Calendar Lite 5.16.5 - Sensitive Information Disclosure...

7.5CVSS7AI score0.31043EPSS
Exploits5References5
Circl
Circl
added yesterday6 views

CVE-2026-15522

creationtimestamp| type| source ---|---|--- 2026-07-13 03:28:55+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqiqseevj52c 2026-07-13 03:32:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqiqz75lmn2x 2026-07-13 21:03:37+00:00| seen|...

5.3CVSS6.2AI score0.00137EPSS
Exploits0References3
Circl
Circl
added 2 days ago6 views

CVE-2019-6160

creationtimestamp| type| source ---|---|--- 2026-07-12 22:00:19+00:00| seen| https://t.me/pleyadesit/4210 2026-07-13 00:00:42+00:00| seen| https://t.me/pleyadesit/4210 2026-07-14 00:00:43+00:00| seen| https://t.me/pleyadesit/4210...

8.8CVSS7AI score0.01381EPSS
Exploits0References1
Circl
Circl
added 2 days ago5 views

CVE-2020-6109

creationtimestamp| type| source ---|---|--- 2026-07-12 22:00:18+00:00| seen| https://t.me/pleyadesit/6631 2026-07-13 00:00:41+00:00| seen| https://t.me/pleyadesit/6631 2026-07-14 00:00:49+00:00| seen| https://t.me/pleyadesit/6631...

9.8CVSS7.1AI score0.04914EPSS
Exploits1References1
Circl
Circl
added 2 days ago5 views

CVE-2020-5777

creationtimestamp| type| source ---|---|--- 2026-07-12 22:00:17+00:00| seen| https://t.me/pleyadesit/7444 2026-07-13 00:00:41+00:00| seen| https://t.me/pleyadesit/7444 2026-07-14 00:00:51+00:00| seen| https://t.me/pleyadesit/7444...

9.8CVSS7AI score0.23897EPSS
Exploits0References1
Circl
Circl
added 2 days ago3 views

CVE-2020-24436

creationtimestamp| type| source ---|---|--- 2026-07-12 22:00:16+00:00| seen| https://t.me/pleyadesit/7890 2026-07-13 00:00:40+00:00| seen| https://t.me/pleyadesit/7890 2026-07-14 00:00:51+00:00| seen| https://t.me/pleyadesit/7890...

7.8CVSS7AI score0.16348EPSS
Exploits0References1
Rows per page
Query Builder