1478 matches found
WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.16 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure vulnerability
Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin Timetable and Event Schedule versions = 2.4.16...
CVE-2026-7493
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 1.6.11.5. This is due to a publicly accessible REST API endpoint /wp-json/ssa/v1/async that calls PHP's sleep function on a...
PT-2026-44098
Name of the Vulnerable Software and Affected Versions Gladinet Triofox Cloud Server Agent affected versions not specified Description Improper handling of remote HTTP messages in the GladServerAgentService.exe, which listens on TCP port 7878, allows unauthenticated attackers to potentially gain...
CVE-2026-48593 Unbounded range expansion in cron describe causes memory exhaustion in oban_web
Uncontrolled Resource Consumption vulnerability in oban-bg obanweb 'Elixir.Oban.Web.CronExpr' modules allows memory exhaustion via unbounded cron range expansion. An attacker with access to schedule cron jobs can submit a malicious cron expression such as "0 0 1-100000000 ". When a user with...
EUVD-2026-31544
A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument mode can lead to os command injection. It is possible to...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iouring: A schedule point was added in ioaddbuffers. Looping 65535 times and making kmalloc calls can trigger soft lockups, especially with DEBUG features like KASAN. 253.536212 watchdog: BUG: Soft lockup – CPU64 stuck for 26...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: BPF: Added schedule points in batch operations. SYZbot reported various soft lockups caused by BPF batch operations. INFO: Task kworker/1:1:27 was blocked for more than 140 seconds. INFO: Task hung during the rcubarrier...
CVE-2025-40903
A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected...
CVE-2025-40903 HTML injection in Schedule Restore Archive in Guardian/CMC before 26.1.0
A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected...
EUVD-2025-209896
A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected...
CVE-2025-40903
A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected...
CVE-2025-40903
Summary (technical details from sources): CVE-2025-40903 affects Guardian/CMC prior to version 26.1.0, in the Schedule Restore Archive function. A stored HTML injection flaw arises from improper validation of an input parameter in a restore schedule defined by an authenticated administrator. When...
CVE-2025-40903 HTML injection in Schedule Restore Archive in Guardian/CMC before 26.1.0
A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected...
HTML injection in Schedule Restore Archive in Guardian/CMC before 26.1.0
Summary A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. Impact An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim view...
PT-2026-41890
A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected...
CVE-2026-43680
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5...
CVE-2026-43680
CVE-2026-43680 describes a remote code execution in Claris FileMaker Cloud where an Admin Console user could bypass a front-end restriction on OS Script schedule types and run arbitrary OS commands on the host. Documented impact suggests total compromise with HIGH confidentiality, integrity, and ...
CVE-2026-43680
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5...
CVE-2026-43878
WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/Meet/iframe.php echoes the attacker-controlled user and pass query parameters unescaped into a JavaScript double-quoted string literal inside a block. An attacker who sends a victim to a crafted URL can bre...
CVE-2026-43878 WWBN AVideo: Reflected XSS in plugin/Meet/iframe.php via Unescaped `user`/`pass` Parameters Reflected into JavaScript String Literal
WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/Meet/iframe.php echoes the attacker-controlled user and pass query parameters unescaped into a JavaScript double-quoted string literal inside a block. An attacker who sends a victim to a crafted URL can bre...