浏览 94+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-4109 | Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) <= 4.1.8 Missing Authorization to Authenticated (Subscriber+) Order Information Exposure | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | Medium | 4.3 | 2026-04-14 07:43:04 | Deep Dive |
| CVE-2026-32492 | WordPress My Tickets plugin <= 2.1.1 - Bypass Vulnerability vulnerability | Joe Dolson | My Tickets | 中危 | - | 2026-03-25 16:14:59 | Deep Dive |
| CVE-2026-27406 | WordPress My Tickets plugin <= 2.1.0 - Sensitive Data Exposure vulnerability | Joe Dolson | My Tickets | 中危 | - | 2026-03-05 05:54:00 | Deep Dive |
| CVE-2026-2750 | Command Injection via CLAPI generatetraps | Centreon | Centreon Open Tickets on Central Server | Critical | 9.1 | 2026-02-27 14:58:29 | Deep Dive |
| CVE-2026-27744 | SPIP tickets < 4.3.3 Unauthenticated RCE | SPIP | tickets | Critical | 9.8 | 2026-02-25 03:08:25 | Deep Dive |
| CVE-2026-1655 | EventPrime <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 4.3 | 2026-02-18 07:25:40 | Deep Dive |
| CVE-2025-12356 | Tickera – WordPress Event Ticketing <= 3.5.6.4 - Missing Authorization to Authenticated (Subscriber+) Event/Post Status Update | tickera | Tickera – Sell Tickets & Manage Events | Medium | 4.3 | 2026-02-18 05:29:19 | Deep Dive |
| CVE-2026-1657 | EventPrime <= 4.2.8.4 - Missing Authorization to Unauthenticated Image Upload via 'ep_upload_file_media' AJAX Endpoint | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 5.3 | 2026-02-17 05:29:53 | Deep Dive |
| CVE-2025-68015 | WordPress Event Tickets with Ticket Scanner plugin <= 2.8.5 - Remote Code Execution (RCE) vulnerability | Vollstart | Event Tickets with Ticket Scanner | - | - | 2026-01-22 16:52:03 | Deep Dive |
| CVE-2025-14507 | EventPrime - Events Calendar, Bookings and Tickets <= 4.2.7.0 - Unauthenticated Sensitive Information Exposure via REST API | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 5.3 | 2026-01-13 13:49:13 | Deep Dive |
| CVE-2025-14657 | Eventin – Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered) <= 4.0.51 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via 'post_settings' | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | High | 7.2 | 2026-01-09 07:22:13 | Deep Dive |
| CVE-2025-12514 | A user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notification rules configuration parameters | Centreon | Infra Monitoring - Open-tickets | High | 7.2 | 2025-12-22 10:59:18 | Deep Dive |
| CVE-2025-12976 | Events Manager <= 7.2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'events_list_grouped' Shortcode | netweblogic | Events Manager – Calendar, Bookings, Tickets, and more! | Medium | 6.4 | 2025-12-18 07:20:46 | Deep Dive |
| CVE-2025-12407 | Events Manager – Calendar, Bookings, Tickets, and more! <= 7.2.2.2 - Cross-Site Request Forgery to Location Deletion | netweblogic | Events Manager – Calendar, Bookings, Tickets, and more! | Medium | 4.3 | 2025-12-12 11:15:51 | Deep Dive |
| CVE-2025-12408 | Events Manager <= 7.2.2.2 - Unauthenticated Information Exposure | netweblogic | Events Manager – Calendar, Bookings, Tickets, and more! | Medium | 5.3 | 2025-12-12 11:15:51 | Deep Dive |
| CVE-2025-64257 | WordPress My Tickets plugin <= 2.1.0 - Broken Access Control vulnerability | Joe Dolson | My Tickets | Medium | 4.3 | 2025-12-09 14:13:53 | Deep Dive |
| CVE-2025-12498 | EventPrime – Events Calendar, Bookings and Tickets <= 4.2.0.0 - Missing Authorization to Authenticated (Subscriber+) Booking Note Creation | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 4.3 | 2025-11-08 06:39:56 | Deep Dive |
| CVE-2025-62027 | WordPress Event Tickets plugin <= 5.26.3 - Broken Access Control vulnerability | StellarWP | Event Tickets | - | - | 2025-10-22 14:32:51 | Deep Dive |
| CVE-2025-11517 | Event Tickets and Registration <= 5.26.5 - Unauthenticated Ticket Payment Bypass | stellarwp | Event Tickets and Registration | High | 7.5 | 2025-10-18 06:42:44 | Deep Dive |
| CVE-2025-9875 | Event Tickets, RSVPs, Calendar <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | ticketspot | Event Tickets, RSVPs, Calendar | Medium | 6.4 | 2025-10-03 11:17:11 | Deep Dive |