5 matches found
CVE-2026-40308 My Calendar: Unauthenticated Information Disclosure (IDOR) via Multisite switch_to_blog
My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mcajaxmcjsaction AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parsestr without validation, allowing injection of arbitrary parameters including a site...
CVE-2025-67749
PCSX2 is a free and open-source PlayStation 2 PS2 emulator. In versions 2.5.377 and below, an unchecked offset and size used in a memcpy operation inside PCSX2's CDVD SCMD 0x91 and SCMD 0x8F handlers allow a specially crafted disc image or ELF to cause an out-of-bounds read from emulator memory...
CVE-2021-26377
creationtimestamp| type| source ---|---|--- 2025-09-06 19:50:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ly6x4rmaal2p...
CVE-2024-43301
Cross-Site Request Forgery CSRF vulnerability in Fonts Plugin Fonts allows Stored XSS.This issue affects Fonts: from n/a through 3.7.7...
CVE-2022-37783
creationtimestamp| type| source ---|---|--- 2022-12-06 00:40:11+00:00| seen| https://t.me/cibsecurity/54024...