Lucene search
+L

61 matches found

NVD
NVD
added 2026/03/04 3:16 a.m.8 views

CVE-2026-2994

Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam Allowlist Group Configuration via groupid parameter which can leads to a security bypass since changes are saved prior to checking the CSRF token. The Concrete CMS security team gave this vulnerabilit...

6.8CVSS0.00208EPSS
Exploits1References2
OSV
OSV
added 2026/03/04 2:18 a.m.2 views

CVE-2026-2994 Concrete CMS below 9.4.8 is vulnerable to CSRF by a Rogue Admin using the Anti-Spam Allowlist Group

Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam Allowlist Group Configuration via groupid parameter which can leads to a security bypass since changes are saved prior to checking the CSRF token. The Concrete CMS security team gave this vulnerabilit...

2.3CVSS5.9AI score0.00208EPSS
Exploits1References5
NVD
NVD
added 2026/01/30 6:15 p.m.13 views

CVE-2026-1702

A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/operation/user.php of the component User Management. Performing a manipulation of the argument groupid results in improper authorization. The attack can be...

8.8CVSS0.00358EPSS
Exploits1References5
EUVD
EUVD
added 2026/01/30 5:32 p.m.11 views

EUVD-2026-5010

A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/operation/user.php of the component User Management. Performing a manipulation of the argument groupid results in improper authorization. The attack can be...

6.5CVSS5.6AI score0.00358EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.14 views

PT-2026-5431

Name of the Vulnerable Software and Affected Versions SourceCodester Pet Grooming Management Software version 1.0 Description A flaw exists in the User Management component of the software, specifically within the file /admin/operation/user.php. Manipulation of the group id argument can lead to...

8.8CVSS6.3AI score0.00358EPSS
Exploits1References10
Microsoft CVE
Microsoft CVE
added 2026/01/15 9:4 a.m.5 views

RDMA/cm: Fix leaking the multicast GID table reference

...

5.5CVSS5.4AI score0.00114EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.6 views

EulerOS 2.0 SP10 : proftpd (EulerOS-SA-2026-1056)

According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental...

7.5CVSS7.3AI score0.02204EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/13 3:34 p.m.6 views

CVE-2025-71096 RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Check for the presence of LSNLATYPEDGID correctly The netlink response for RDMANLLSOPIPRESOLVE should always have a LSNLATYPEDGID attribute, it is invalid if it does not. Use the nl parsing logic properly and call...

5.7AI score0.00114EPSS
Exploits0References7
OSV
OSV
added 2026/01/13 3:34 p.m.9 views

CVE-2025-71084 RDMA/cm: Fix leaking the multicast GID table reference

In the Linux kernel, the following vulnerability has been resolved: RDMA/cm: Fix leaking the multicast GID table reference If the CM ID is destroyed while the CM event for multicast creating is still queued the cancelworksync will prevent the work from running which also prevents destroying the...

5.5CVSS6.3AI score0.00114EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.5 views

PT-2026-2605

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s RDMA/cm component where a reference to the multicast GID table is leaked when a CM ID is destroyed while a multicast creation CM event is still queued...

5.5CVSS5.3AI score0.00114EPSS
Exploits0
OSV
OSV
added 2025/12/24 11:15 a.m.5 views

UBUNTU-CVE-2023-54003

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix GID entry ref leak when createah fails If AH create request fails, release sgidattr to avoid GID entry referrence leak reported while releasing GID table...

6.2AI score0.00173EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/11/08 3:27 a.m.13 views

CVE-2025-11748 Groups <= 3.7.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Group Join

The Groups plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0 via the 'groupid' parameter of the groupjoin function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS0.00214EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/08 12:0 a.m.11 views

PT-2025-45542

Name of the Vulnerable Software and Affected Versions Groups plugin for WordPress versions prior to 6.7.1 Description The Groups plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This flaw stems from inadequate validation of a user-controlled key, specifically the...

4.3CVSS6.3AI score0.00214EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.3 views

SourceCodester Pet Grooming Management Software SQL注入漏洞

SourceCodester Pet Grooming Management Software is an open source pet grooming management system from SourceCodester. SourceCodester Pet Grooming Management Software version 1.0 suffers from a SQL injection vulnerability that stems from incorrect manipulation of the parameter groupid in the file...

9.8CVSS7.8AI score0.00387EPSS
Exploits1References5
CVE
CVE
added 2025/09/09 10:31 p.m.21 views

CVE-2025-59044

CVE-2025-59044 affects Himmelblau 0.9.x, where group-to-GID mapping derives numeric GIDs from Entra ID group displayName when id_attr_map = name. This can cause distinct groups sharing a displayName to collapse to the same GID on Linux, enabling privilege escalation if access is controlled by num...

4.4CVSS6.3AI score0.00132EPSS
Exploits0References3
OSV
OSV
added 2025/09/09 10:31 p.m.5 views

CVE-2025-59044 Himmelblau vulnerable to GID collision via group name-derived mapping (privilege escalation)

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau 0.9.x derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf idattrmap = name the default configuration. Because Microsoft Entra ID allows multiple groups with the same...

4.4CVSS6.8AI score0.00132EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.4 views

Himmelblau 安全漏洞

Himmelblau is an Azure Entra ID authentication module open-sourced by Himmelblau. A security vulnerability exists in Himmelblau versions 0.9.0 to 0.9.22, which stems from the derivation of a numeric GID from a group display name, which could lead to authorization bypass...

4.4CVSS6.6AI score0.00132EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.9 views

PT-2025-36998

Name of the Vulnerable Software and Affected Versions: Himmelblau versions 0.9.0 through 0.9.22 Description: Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. The software derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf id...

4.4CVSS6.5AI score0.00132EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/08/26 3:2 a.m.14 views

CVE-2025-9461 diyhi bbs File Compression FilePackageManageAction.java information disclosure

A weakness has been identified in diyhi bbs up to 6.8. The impacted element is an unknown function of the file src/main/java/cms/web/action/filePackage/FilePackageManageAction.java of the component File Compression Handler. This manipulation of the argument idGroup causes information disclosure...

5.3CVSS0.00332EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/08/18 3:30 p.m.9 views

Liferay Portal Vulnerable to Insecure Direct Object Reference

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vulnerable to Insecure Direct Object Reference IDOR in the...

4.8CVSS7.2AI score0.00231EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder