5 matches found
CVE-2026-45780
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, EventSerializer could expose invited group names, sample invitees, and attendance statistics to users who could view the topic but were not entitled to view the private event invitee list. This...
CVE-2026-45780
CVE-2026-45780 affects Discourse prior to versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5. The issue arises in EventSerializer, which could expose invited group names, sample invitees, and attendance statistics to users who could view the topic but were not entitled to view the private event ...
CVE-2025-12408 Events Manager <= 7.2.2.2 - Unauthenticated Information Exposure
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 7.2.2.2 via the 'getlocation' action due to insufficient restrictions on which locations can be included. This makes it possible for...
EventPrime < 3.3.6 - Unauthenticated Event Access
Description The plugin lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name. 1. Create a password-protected event or a private event then publish it. 2. Access to the URL on a private...
Fedora 20 : php-horde-kronolith-4.2.4-1.fc20 (2014-16397)
kronolith 4.2.4 - jan Make access to non-CalDAV remote calendars faster Bug 12379. - jan Continue with further events if parsing of one remote event date fails. - jan Fix JS error in month view with more events today than the maximum threshold. - mjr Fix fatal error when creating or modifying an...