Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
event vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2010-4950
SQL injection vulnerability in the Event (event) extension prior to 0.3.7 for TYPO3 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Joachim Ruhs Event 0.2.5
Joachim Ruhs Event
Joachim Ruhs Event 0.2.2
Joachim Ruhs Event 0.2.4
Joachim Ruhs Event 0.2.7
6.5
CVSSv2
CVE-2021-29792
IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA private key to create their own certificates and deploy them in the cluster and gain privileges of another user. IBM X-Force ID: 203450.
Ibm Event Streams 10.0.0
Ibm Event Streams 10.1.0
Ibm Event Streams 10.2.0
Ibm Event Streams 10.3.0
6.8
CVSSv2
CVE-2006-3052
Cross-site scripting (XSS) vulnerability in Event Registration allows remote malicious users to inject arbitrary web script or HTML via the (1) event_id parameter to view-event-details.php or (2) select_events parameter to event-registration.php. NOTE: the provenance of this info...
Cescripts Event Registration 2checkout
Cescripts Event Registration Corporate
Cescripts Event Registration Paypal
Cescripts Event Registration Rsvp 1.0
1 EDB exploit
3.5
CVSSv2
CVE-2021-24480
The Event Geek WordPress plugin up to and including 2.5.2 does not sanitise or escape its "Use your own " setting before outputting it in the page, leading to an authenticated (admin+) stored Cross-Site Scripting issue
Event Geek Project Event Geek
4.3
CVSSv2
CVE-2017-18576
The event-notifier plugin prior to 1.2.1 for WordPress has XSS via the loading animation.
Event Notifier Project Event Notifier
3.5
CVSSv2
CVE-2022-0418
The Event List WordPress plugin prior to 0.8.8 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks against other admin even when the unfiltered_html is disallowed
Event List Project Event List
7.5
CVSSv2
CVE-2014-5504
SolarWinds Log and Event Manager prior to 6.0 uses "static" credentials, which makes it easier for remote malicious users to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL.
Solarwinds Log And Event Manager
Solarwinds Log And Event Manager 5.6.0
Solarwinds Log And Event Manager 5.5.0
Solarwinds Log And Event Manager 5.2.0
Solarwinds Log And Event Manager 5.4.0
6.5
CVSSv2
CVE-2017-9429
SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php.
Event List Project Event List 0.7.8
1 EDB exploit
4.3
CVSSv2
CVE-2017-12068
The Event List plugin 0.7.9 for WordPress has XSS in the slug array parameter to wp-admin/admin.php in an el_admin_categories delete_bulk action.
Event List Project Event List 0.7.9
1 Github repository
4.3
CVSSv2
CVE-2022-25114
Event Management v1.0 exists to contain a reflected cross-site scripting (XSS) vulnerability via the full_name parameter under register.php.
Event Management Project Event Management 1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3012
CVE-2024-30200
XXE
CVE-2023-24955
CVE-2023-42931
CVE-2024-29231
remote code execution
cross-site scripting
CVE-2024-0677
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »