Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

43 matches found

Nuclei
Nucleiadded 13 hours ago16 views

My Calendar WordPress Plugin - Information Disclosure

My Calendar WordPress plugin = 3.7.6 contains an injection vulnerability caused by unvalidated user input passed to parsestr in mcajaxmcjsaction endpoint, letting unauthenticated attackers access or crash sites via switchtoblog, exploit requires WordPress Multisite or Single Site setup. id:...

8.8CVSS5.2AI score0.00932EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/06/05 7:13 p.m.6 views

CVE-2026-40308

My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mcajaxmcjsaction AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parsestr without validation, allowing injection of arbitrary parameters including a site...

8.8CVSS5.4AI score0.00932EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/16 9:30 p.m.3 views

CVE-2026-40308 My Calendar: Unauthenticated Information Disclosure (IDOR) via Multisite switch_to_blog

My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mcajaxmcjsaction AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parsestr without validation, allowing injection of arbitrary parameters including a site...

8.8CVSS5.8AI score0.00932EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2019-15033

Malware in sbrugna...

4.3CVSS4.8AI score0.00854EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2023-58684

Malicious code in bioql PyPI...

5.3CVSS5.6AI score0.00564EPSS
Exploits2References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2024-49127

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.0034EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.5 views

EUVD-2024-23428

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00393EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/05/23 9:31 a.m.8 views

CVE-2024-26145

Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on Discourse. Uninvited users are able to gain access to private events by crafting a request to update their attendance. This problem is resolved in commit dfc4fa15f340189f177a1d1ab2cc94ffed3c1190. As a...

6.5CVSS7AI score0.00393EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 8:32 a.m.2 views

CVE-2024-8369

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3. This makes it possible for unauthenticated attackers to view...

5.3CVSS5.8AI score0.0034EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 4:57 a.m.7 views

CVE-2023-6447

The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name...

5.3CVSS7.3AI score0.00564EPSS
Exploits2
RedhatCVE
RedhatCVEadded 2025/05/23 1:53 a.m.9 views

CVE-2023-2796

The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventonicsdownload ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id...

5.3CVSS7.1AI score0.36371EPSS
Exploits5References1
RedhatCVE
RedhatCVEadded 2025/05/22 5:7 a.m.8 views

CVE-2019-5449

A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events...

4.3CVSS6.7AI score0.00854EPSS
Exploits0References1
OSV
OSVadded 2024/09/10 12:15 p.m.0 views

CVE-2024-8369

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3. This makes it possible for unauthenticated attackers to view...

5.3CVSS5.8AI score
Exploits0References2
NVD
NVDadded 2024/09/10 12:15 p.m.17 views

CVE-2024-8369

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3. This makes it possible for unauthenticated attackers to view...

5.3CVSS0.0034EPSS
Exploits0References2
Patchstack
Patchstackadded 2024/09/10 1:24 a.m.2 views

WordPress EventPrime plugin <= 4.0.4.3 - Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure vulnerability

Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure vulnerability discovered by Miguel Santareno in WordPress Plugin EventPrime versions = 4.0.4.3...

5.3CVSS7AI score0.0034EPSS
Exploits0References1Affected Software1
CNNVD
CNNVDadded 2024/09/10 12:0 a.m.3 views

WordPress plugin EventPrime 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.6AI score0.0034EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2024/06/14 12:0 a.m.3 views

PT-2024-4380 · Nextcloud +2 · Nextcloud Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 27.1.10 Nextcloud Server versions prior to 28.0.6 Nextcloud Server versions prior to 29.0.1 Nextcloud Enterprise Server versions prior to 27.1.10 Nextcloud Enterprise Server versions prior to 28.0.6 Nextclou...

9.8CVSS5.5AI score0.01041EPSS
Exploits6References94
NVD
NVDadded 2024/02/21 6:15 p.m.12 views

CVE-2024-26145

Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on Discourse. Uninvited users are able to gain access to private events by crafting a request to update their attendance. This problem is resolved in commit dfc4fa15f340189f177a1d1ab2cc94ffed3c1190. As a...

6.5CVSS6.6AI score0.00393EPSS
Exploits0References2
Prion
Prionadded 2024/02/21 6:15 p.m.18 views

Design/Logic Flaw

Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on Discourse. Uninvited users are able to gain access to private events by crafting a request to update their attendance. This problem is resolved in commit dfc4fa15f340189f177a1d1ab2cc94ffed3c1190. As a...

4CVSS7.5AI score0.00393EPSS
Exploits0References2
CVE
CVEadded 2024/02/21 5:19 p.m.54 views

CVE-2024-26145

CVE-2024-26145 relates to the Discourse Calendar feature. The vulnerability allows uninvited users to gain access to private events by crafting a request to update their attendance within the dynamic calendar in the first post of a topic. The underlying issue is resolved by the commit dfc4fa15f34...

6.5CVSS6.6AI score0.00393EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder