CVE-2026-10029 Event Koi Lite <= 1.3.13.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure via REST API Endpoints

The Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.13.1 via the getevents. This makes it possible for unauthenticated attackers to extract sensitive data including...

EUVD-2026-37841

The Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.13.1 via the getevents. This makes it possible for unauthenticated attackers to extract sensitive data including...

CVE-2026-10029

The vulnerability CVE-2026-10029 concerns the WordPress plugin Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets. Affected are all versions up to and including 1.3.13.1. The root cause is a Sensitive Information Exposure via the plugin’s get_events endpoint, allowing unauthent...

CVE-2026-8205

Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since actiongetevents does not check canView on the calendar which results in restricted event details being disclosed. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...

CVE-2026-8205 Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in Calendar Block since action_get_events does not check canView on the calendar

Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since actiongetevents does not check canView on the calendar which results in restricted event details being disclosed. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...

CVE-2024-33403

A SQL injection vulnerability in /model/getevents.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the eventid parameter...

Sql injection

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/getevents.php?eventid=...

itsourcecode Advanced School Management System SQL注入漏洞

Advanced School Management System, a school management system by Angel Jude Reyes Suarez, a personal developer, has a SQL injection vulnerability in version v1.0, which originates in /school/model/ getevents.php?eventid=The page lacks validation for external input SQL statements, which could be...