CVE-2026-1987 Scheduler Widget <= 0.1.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Event Modification

The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. This is due to the schedulerwidgetajaxsaveevent function lacking proper authorization checks and ownership verification when updating events. This makes it...

fsnotify: do not generate ACCESS/MODIFY events on child for special files

...

CVE-2025-68788

In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events e.g. INACCESS/INMODIFY, but they do allow the same user to subscri...

CVE-2025-68788 fsnotify: do not generate ACCESS/MODIFY events on child for special files

In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events e.g. INACCESS/INMODIFY, but they do allow the same user to subscri...

CVE-2025-68788

In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events e.g. INACCESS/INMODIFY, but they do allow the same user to subscri...

CVE-2025-68788 fsnotify: do not generate ACCESS/MODIFY events on child for special files

In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events e.g. INACCESS/INMODIFY, but they do allow the same user to subscri...

CVE-2025-68788

CVE-2025-68788 is addressed in OSV:OESA-2026-1305, which reports a Linux kernel security update for the fsnotify subsystem. The fix aligns fsnotify behavior with file-attrib semantics by not generating ACCESS/MODIFY events for parent watchers when a read/write occurs on special files (e.g., /dev/...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from fsnotify generating ACCESS/MODIFY sub-events for special files, which could lead to information disclosure...

CVE-2021-25084

The Advanced Cron Manager WordPress plugin before 2.4.2 and Advanced Cron Manager Pro WordPress plugin before 2.5.3 do not have authorisation checks in some of their AJAX actions, allowing any authenticated users, such as subscriber to call them and add or remove events as well as schedules for...

CVE-2017-15891

Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors...

Improper access control

Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors...

CVE-2017-15891

Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors...

The vulnerability of the iOS operating system allows attackers to bypass event handlers and modify events of arbitrary applications.

The vulnerability of the XPC Services software interface in the LaunchServices component of the iOS operating system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass event handler restrictions and modify events of arbitrary application...

CVE-2013-3929

Cross-site scripting XSS vulnerability in admin/editevent.php in CMS Made Simple CMSMS 1.11.9 allows remote authenticated users with the "Modify Events" permission to inject arbitrary web script or HTML via the handler parameter...