Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.5 views

CVE-2026-28506

Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...

4.3CVSS5.8AI score0.00229EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/17 3:30 p.m.5 views

CVE-2026-28506

Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...

4.3CVSS5.8AI score0.00229EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/17 3:30 p.m.6 views

EUVD-2026-12584

Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...

4.3CVSS5.8AI score0.00229EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/01/26 12:0 a.m.2 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004951)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004951 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Add downwritetraceeventsem when adding trace event When a module is loaded, it adds trac...

5.5CVSS6.8AI score0.00149EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/19 7:32 a.m.5 views

CVE-2025-12976

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eventslistgrouped' shortcode in all versions up to, and including, 7.2.2.1 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5AI score0.00356EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 7:20 a.m.15 views

CVE-2025-12976

CVE-2025-12976 — Events Manager for WordPress has a stored cross-site scripting vulnerability in the shortcode [events_list_grouped], caused by insufficient input sanitization and output escaping on user-provided attributes. Affected plugin versions are up to 7.2.2.1. The issue enables an authent...

6.4CVSS4.7AI score0.00356EPSS
Exploits0References6
EUVD
EUVD
added 2025/12/18 7:20 a.m.3 views

EUVD-2025-204249

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eventslistgrouped' shortcode in all versions up to, and including, 7.2.2.1 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS4.7AI score0.00356EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.4 views

PT-2025-51997

Name of the Vulnerable Software and Affected Versions The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress versions through 7.2.2.1 Description The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is susceptible to Stored Cross-Site Scriptin...

6.4CVSS5.2AI score0.00356EPSS
Exploits0References8
Patchstack
Patchstack
added 2025/12/17 10:56 p.m.7 views

WordPress Events Manager plugin <= 7.2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'events_list_grouped' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'eventslistgrouped' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Events Manager versions = 7.2.2.1...

6.4CVSS5.6AI score0.00356EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/18 11:27 a.m.5 views

CVE-2025-38539

In the Linux kernel, the following vulnerability has been resolved: tracing: Add downwritetraceeventsem when adding trace event When a module is loaded, it adds trace events defined by the module. It may also need to modify the modules trace printk formats to replace enum names with their values...

4.4CVSS6.5AI score0.00149EPSS
Exploits0References4
CVE
CVE
added 2025/08/16 11:12 a.m.57 views

CVE-2025-38539

CVE-2025-38539 affects the Linux kernel tracing subsystem. The issue arises when a module loads trace events and may modify module printk formats to replace enum names with values; if two modules load concurrently, the addition of the event to the ftrace_events list can corrupt list walking and c...

5.5CVSS6.8AI score0.00149EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2025/08/16 11:12 a.m.7 views

CVE-2025-38539 tracing: Add down_write(trace_event_sem) when adding trace event

In the Linux kernel, the following vulnerability has been resolved: tracing: Add downwritetraceeventsem when adding trace event When a module is loaded, it adds trace events defined by the module. It may also need to modify the modules trace printk formats to replace enum names with their values...

0.00149EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/03/26 12:0 a.m.4 views

WordPress plugin Event post 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.4CVSS7.9AI score0.00219EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/06/15 6:35 p.m.36 views

CVE-2016-6555 OpenNMS Stored XSS via SNMP Trap Alerts

OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in...

7.1CVSS6.6AI score0.00795EPSS
Exploits2References2
Prion
Prion
added 2021/09/24 9:15 p.m.9 views

Cross site scripting

OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in...

4.3CVSS5.8AI score0.00795EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder