WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting

Multiple cross-site scripting vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 title parameter to app/view/agenda-widget-form.php; 2 args, 3 title, 4 beforetitle, or 5 aftertitle parameter to...

Analysis of active exploitation of SolarWinds Web Help Desk

The Microsoft Defender Research Team observed a multi‑stage intrusion where threat actors exploited internet‑exposed SolarWinds Web Help Desk WHD instances to get an initial foothold and then laterally moved towards other high-value assets within the organization. However, we have not yet confirm...

CVE-2025-40215

CVE-2025-40215 affects Linux kernel xfrm: the fix ensures that the xfrm fallback state is deleted as soon as the last user state depending on it is removed, preventing stale references from delaying deletion. The description notes that prior fixes on net exit paths could leave a fallback state be...

EUVD-2023-49309

Malicious code in bioql PyPI...

PT-2025-37982

Name of the Vulnerable Software and Affected Versions: Workcube ERP versions V12 through V14 through 20250916 Description: Workcube ERP is susceptible to a Reflected Cross-site Scripting XSS issue due to improper neutralization of input during web page generation. Recommendations: Workcube ERP...

Verizon’s 2024 DBIR Unpacked: From Ransomware Evolution to Supply Chain Vulnerabilities

As we delve into cybersecuritys complex and evolving landscape, the Verizon 2024 Data Breach Investigations Report DBIR offers crucial insights into the mechanisms and motives behind the latest wave of cyberattacks. Qualys is once again proud to contribute to the report, helping to dissect these...

Financials By Coda Cross Site Scripting

Vulnerability type: Cross-site Scripting Vendor: https://www.unit4.com/ Product: Financials by Coda Product site: https://www.unit4.com/fr/products/financial-management-software Affected version: HTTP/2 Host: TIMELINE – 30/10/2023: Vulnerability found – 02/11/2023: Vendor informed – 05/12/2023:...

De-risking Your Organization in Spite of NVD Delays

In the face of recent struggles with the National Vulnerability Database NVD, causing delays in analyzing Common Vulnerabilities and Exposures CVEs since February 12, 2024, a significant number of CVEs lacked essential metadata including severity scores and affected product details. Qualys remain...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-6448 Unitronics Vision PLC and HMI Insecure Default Password These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...

recollections.biz Improper Access Control vulnerability OBB-3764466

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-44987

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Timely - Appointment software Timely Booking Button plugin = 2.0.2 versions...

CVE-2023-44987

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Timely - Appointment software Timely Booking Button plugin = 2.0.2 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Timely - Appointment software Timely Booking Button plugin = 2.0.2 versions...

CVE-2023-44987 WordPress Timely Booking Button Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Timely - Appointment software Timely Booking Button plugin = 2.0.2 versions...

CVE-2023-44987

CVE-2023-44987 affects the Timely Booking Button plugin for WordPress (versions

CVE-2023-44987 WordPress Timely Booking Button Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Timely - Appointment software Timely Booking Button plugin = 2.0.2 versions...

WordPress Plugin Timely Booking Button Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-29333 · WordPress · Timely Booking Button

Name of the Vulnerable Software and Affected Versions: Timely Booking Button plugin versions = 2.0.2 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with admin access can inject malicious scripts into the system, whi...

WordPress Timely Booking Button Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Timely Booking Button Type Plugin Vulnerable versions = 2.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-44987 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7f597f7217c8 Credits yuyudhn Required...

2022 Top Routinely Exploited Vulnerabilities

SUMMARY The following cybersecurity agencies coauthored this joint Cybersecurity Advisory CSA: United States: The Cybersecurity and Infrastructure Security Agency CISA, National Security Agency NSA, and Federal Bureau of Investigation FBI Australia: Australian Signals Directorate’s Australian Cyb...