CVE-2026-40308 My Calendar: Unauthenticated Information Disclosure (IDOR) via Multisite switch_to_blog

My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mcajaxmcjsaction AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parsestr without validation, allowing injection of arbitrary parameters including a site...

CVE-2022-42949

Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions...

EUVD-2022-7608

Malicious code in bioql PyPI...

CVE-2024-13835

The Post Meta Data Manager plugin for WordPress is vulnerable to multisite privilege escalation in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying the existence of a multisite installation prior to allowing user meta to be added/modified. This makes it...

SQL Injection

silverstripe/subsites is vulnerable to SQL Injection. The vulnerability is due to insufficient input validation and sanitization in the silverstripe/subsites module, which allows attacker can inject malicious SQL queries...

GHSA-XC69-P8FC-M6M5 silverstripe/subsites Unsafe SQL Query Construction (Safe Data Source)

There is a low level potential SQL injection vulnerability in the silverstripe/subsites module has been identified and fixed in version 2.1.1...

silverstripe/subsites Unsafe SQL Query Construction (Safe Data Source)

There is a low level potential SQL injection vulnerability in the silverstripe/subsites module has been identified and fixed in version 2.1.1...

PT-2024-40525 · Silverstripe · Silverstripe/Subsites

Name of the Vulnerable Software and Affected Versions: silverstripe/subsites versions prior to 2.1.1 Description: A potential SQL injection issue has been identified in the silverstripe/subsites module. The issue has been fixed in version 2.1.1. Recommendations: For versions prior to 2.1.1, updat...

CVE-2022-42949

Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions...

CVE-2022-42949

Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions...

Design/Logic Flaw

Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions...

Privilege Escalation

silverstripe/subsites is vulnerable to privilege escalation. The vulnerability exists in FileSubsites.php due to the lack of validation in file edit privileges, which allows an attacker to modify sensitive files inside the system...

SilverStripe 安全漏洞

SilverStripe is New Zealand SilverStripe company's set of open source programming framework and content management system CMS. The system features multi-language and cross-platform support. A security vulnerability exists in SilverStripe, which stems from a vulnerability in the subsites module th...

CVE-2022-42949

Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions...

CVE-2022-42949

Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions...

CVE-2022-42949

The CVE-2022-42949 issue affects SilverStripe subsites up to version 2.6.0. Root cause: the subsites module can weaken edit restrictions on certain files, allowing a malicious user to edit files they should not have rights to. Impact: unauthorized edits within subsites-enabled projects; no detail...

PT-2022-26676 · Silverstripe · Silverstripe/Subsites

Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/subsites versions through 2.6.0 Description: The subsites module can weaken edit restrictions on some files, allowing a malicious user to edit files they do not have edit rights to. This issue only affects projects...

Description of the security update for SharePoint Enterprise Server 2016: May 14, 2019

Description of the security update for SharePoint Enterprise Server 2016: May 14, 2019 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see t...