Lucene search
K

2394 matches found

Nuclei
Nuclei
added 11 hours ago12 views

WordPress 12 Step Meeting List Plugin <= 3.14.33 - Cross-Site Scripting

Code for Recovery 12 Step Meeting List versions up to 3.14.33 contain a reflected cross-site scripting caused by improper input neutralization during web page generation, letting attackers execute malicious scripts in users' browsers, exploit requires attacker to craft a malicious URL. id:...

7.1CVSS6.1AI score0.0059EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42550

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...

4.3CVSS5.9AI score0.00435EPSS
Exploits0References10
CVE
CVE
added 6 days ago8 views

CVE-2026-60092

The CVE-2026-60092 entry describes a stored cross-site scripting vulnerability in the AVideo Meet plugin. When a participant joins a public meeting, the raw HTTP User-Agent header is stored in meet_join_log.user_agent without sanitization and later echoed in the Participants management panel (vis...

6.1CVSS5.7AI score0.002EPSS
Exploits0References3
NVD
NVD
added 2026/06/26 8:17 p.m.7 views

CVE-2026-44731

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the web application's meetings filter feature leaks whether a given user ID corresponds to a valid account and discloses the user's full name, allowing an attacker to enumerate all existing user account...

4.3CVSS0.00186EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 7:29 p.m.13 views

CVE-2026-49355

OpenProject (open-source, web-based project management) contains a vulnerability in versions prior to 17.4.0. The issue arises in GET /api/v3/meetings/:meeting_id/agenda_items/:agenda_item_id, which may disclose private work package data from a linked work package that belongs to a private/inacce...

4.3CVSS5.8AI score0.00214EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 11:16 a.m.10 views

CVE-2026-57913

Johnson & Johnson Audit Tracking Management System ATMS before 2026-04-21 allows viewing of meeting minutes and transcripts...

7.5CVSS0.00245EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 10:6 a.m.13 views

CVE-2026-57913

CVE-2026-57913 affects Johnson & Johnson ATMS (Audit Tracking Management System) prior to 2026-04-21, enabling viewing of meeting minutes and transcripts. The available data do not specify root cause, affected versions beyond the date, or exploitable vectors beyond unauthenticated access indicate...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 10:6 a.m.9 views

CVE-2026-57913

Johnson & Johnson Audit Tracking Management System ATMS before 2026-04-21 allows viewing of meeting minutes and transcripts...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 10:6 a.m.8 views

EUVD-2026-39644

Johnson & Johnson Audit Tracking Management System ATMS before 2026-04-21 allows viewing of meeting minutes and transcripts...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/18 4:31 a.m.12 views

EUVD-2026-37841

The Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.13.1 via the getevents. This makes it possible for unauthenticated attackers to extract sensitive data including...

5.3CVSS5.1AI score0.0031EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.17 views

PT-2026-50620

Name of the Vulnerable Software and Affected Versions Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress versions prior to 1.3.13.2 Description Sensitive information exposure occurs via the get events function. This allows unauthenticated attackers to extra...

5.3CVSS5.9AI score0.0031EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-49608

The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to obtain...

5.3CVSS5.3AI score0.00323EPSS
Exploits0References9
CVE
CVE
added 2026/06/09 7:15 p.m.25 views

CVE-2026-47106

CVE-2026-47106 affects Ellucian Banner Self-Service prior to the April T2 release. The issue is a stored cross-site scripting (XSS) vulnerability in the course search functionality caused by missing HTML encoding during DOM insertion. Malicious JavaScript can be stored in fields such as faculty d...

5.4CVSS5.6AI score0.00196EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.18 views

PT-2026-48222

Name of the Vulnerable Software and Affected Versions Ellucian Banner Self-Service versions prior to 2025-04-23 Description The course search functionality contains a stored cross-site scripting issue. Authenticated Banner ERP users with write access can inject malicious JavaScript into faculty a...

5.4CVSS5.3AI score0.00196EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.12 views

CVE-2026-6937

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.11.8 due to the plugin not properly verifying that a user is authorized to perform an action via the bulk appointmen...

5.3CVSS5.6AI score0.00561EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.10 views

CVE-2026-25058

Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint GET /internal/transcripts/meetingid that returns transcript data for any meeting without any authentication or...

7.5CVSS5.5AI score0.00402EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/04 6:30 a.m.44 views

CVE-2026-49202 Unverified Meeting Recording Endpoints & Permissive CORS

Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...

8.8CVSS0.00257EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 6:30 a.m.23 views

CVE-2026-49202

Technical details are not publicly available in the provided documents; monitor for updates.

8.8CVSS5.7AI score0.00257EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 6:30 a.m.12 views

CVE-2026-49202 Unverified Meeting Recording Endpoints & Permissive CORS

Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...

8.8CVSS5.7AI score0.00257EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 9:16 a.m.19 views

CVE-2026-6937

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.11.8 due to the plugin not properly verifying that a user is authorized to perform an action via the bulk appointmen...

5.3CVSS0.00561EPSS
Exploits0References11
Rows per page
Query Builder