CVE-2026-33635 iCalendar has ICS injection via unsanitized URI property values

iCalendar is a Ruby library for dealing with iCalendar files in the iCalendar format defined by RFC-5545. Starting in version 2.0.0 and prior to version 2.12.2, .ics serialization does not properly sanitize URI property values, enabling ICS injection through attacker-controlled input, adding...

CVE-2026-33635

The CVE-2026-33635 entry concerns the iCalendar Ruby library. Affected versions are 2.0.0 up to, but not including, 2.12.2, where ICS serialization fails to sanitize URI property values in calendar data. Specifically, Icalendar::Values::Uri falls back to the raw input when URI.parse fails and the...

CVE-2025-62371

OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2, the OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no certificate path is provided. Prior to this fix, the OpenSearch sink and source plugin...

Improper Certificate Validation

Overview org.opensearch.dataprepper.plugins:geoip-processor is a Data Prepper project: geoip-processor Affected versions of this package are vulnerable to Improper Certificate Validation in the SSL certificate validation process when the cert parameter is not explicitly provided. An attacker can...

OpenSearch Data Prepper plugins trust all SSL certificates by default

Impact The OpenSearch sink and source plugins in Data Prepper are configured to trust all SSL certificates by default when no certificate path was provided, making connections vulnerable to man-in-the-middle attacks. Prior to this fix, the OpenSearch sink and source plugins would automatically us...

Improper Certificate Validation

Overview org.opensearch.dataprepper.plugins:kafka-plugins is a Data Prepper project: kafka-plugins Affected versions of this package are vulnerable to Improper Certificate Validation in the SSL certificate validation process when the cert parameter is not explicitly provided. An attacker can...

CVE-2025-62371 OpenSearch Data Prepper plugins trusts all SSL certificates by default

OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2, the OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no certificate path is provided. Prior to this fix, the OpenSearch sink and source plugin...

PT-2025-42388

Name of the Vulnerable Software and Affected Versions OpenSearch Data Prepper versions prior to 2.12.2 Description OpenSearch Data Prepper is an open source data collector for observability data. The OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no...

CVE-2021-40841

A Path Traversal vulnerability for a log file in LiveConfig 2.12.2 allows authenticated attackers to read files on the underlying server...

WordPress plugin Simple Job Board 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-39638

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Roundup WP Registrations for the Events Calendar allows SQL Injection.This issue affects Registrations for the Events Calendar: from n/a through 2.12.2...

WordPress Registrations for the Events Calendar plugin <= 2.12.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Registrations for the Events Calendar versions = 2.12.2...

PT-2024-23793 · WordPress · Formflow: Whatsapp Social/Advanced Form Builder With Easy Lead Collection

Name of the Vulnerable Software and Affected Versions: The FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin versions prior to 2.12.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, ev...

WordPress FormFlow Plugin < 2.12.2 is vulnerable to Cross Site Scripting (XSS)

Software FormFlow Type Plugin Vulnerable versions 2.12.2 Fixed in 2.12.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3113 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 05bb1755ee18 Credits Dikshita Trivedi Cybersecdexter...

WordPress plugin Bit Form security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

OpenMRS 安全漏洞

OpenMRS is an open source electronic medical record system from OpenMRS, Inc. A security vulnerability exists in OpenMRS versions 2.4.2 and 2.12.2, which can be exploited to launch an attack via the "attachments" page in patient...

CVE-2021-40841

A Path Traversal vulnerability for a log file in LiveConfig 2.12.2 allows authenticated attackers to read files on the underlying server...

LiveConfig 路径遍历漏洞

LiveConfig is a control panel software from the German company LiveConfig. It is used to simplify server configuration and ensure reliable and secure operation. A security vulnerability exists in LiveConfig version 2.12.2, which can be exploited by an attacker to read files on the underlying serv...

OPENSUSE-SU-2021:1054-1 Security update for icinga2

This update for icinga2 fixes the following issues: Update to 2.12.4 Bugfixes - Fix a crash when notification objects are deleted using the API 8782 - Fix crashes that might occur during downtime scheduling if host or downtime objects are deleted using the API 8785 - Fix an issue where...

Icinga Trust Management Issues Vulnerability

Icinga is a scalable server and network resource monitoring system from Icinga, Germany. A security vulnerability exists in Icinga 2 versions v2.8.0 through v2.11.7, v2.12.2, which stems from the fact that revoked certificates that are due for renewal will be automatically renewed...