CVE-2024-26145 | Discourse discourse-calendar Private Event authorization

Inserito da Angelo Barbosa | Feb 21, 2024 | CVE

A vulnerability has been found in Discourse discourse-calendar and classified as problematic. This vulnerability affects unknown code of the component Private Event Handler. The manipulation leads to incorrect authorization.

This vulnerability was named CVE-2024-26145. The attack can be initiated remotely. There is no exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2024-26145 | Discourse discourse-calendar Private Event authorization

Post correlati

CVE-2024-8780 | SYSCOM Group OMFLOW up to 1.2.1.2 Password Hash information disclosure

CVE-2020-25730 | ZoneMinder up to 1.34.20 download.php PHP_SELF cross site scripting

CVE-2023-6749 | zephyrproject-rtos Zephyr up to 3.5 Settings Shell stack-based overflow

CVE-2024-7603 | Logsign Unified SecOps Platform path traversal (ZDI-24-1105)