132 matches found
CVE-2026-7641
The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the saveextrauserprofilefields function. This is due to an incomplete blocklist that correctly restricts capability meta keys for the primary site e.g...
CVE-2026-34540 iccDEV: HBO in icMemDump()
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow HBO in icMemDump when iccDumpProfile attempts to dump/describe malformed tag contents. The issue is observable under...
CVE-2026-34535
iccDEV is affected by CVE-2026-34535 prior to version 2.3.1.6. A crafted ICC profile can trigger a segmentation fault in CIccTagArray::Cleanup(), observable under UBSan/ASan as misaligned member access and misaligned pointer loads followed by an invalid read, causing a process crash when running ...
CVE-2026-3745
A vulnerability was found in code-projects Student Web Portal 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument User results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...
CVE-2025-4521 IDonate 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_profile Function
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonatedonorprofile function in versions 2.1.5 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2024-39094
Friendica 2024.03 is vulnerable to Cross Site Scripting XSS in settings/profile via the homepage, xmpp, and matrix parameters...
CVE-2026-21685
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagLut16::Read. This vulnerability affects users of the iccDEV libra...
CVE-2024-2765
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Skype and Spotify URL parameters in all versions up to, and including, 2.8.4 due to insufficient input...
CVE-2023-53924
UliCMS 2023.1-sniffing-vicuna contains a remote code execution vulnerability that allows authenticated attackers to upload PHP files with .phar extension during profile avatar upload. Attackers can trigger code execution by visiting the uploaded file's location, enabling system command execution...
CVE-2025-67875 ChurchCRM has stored XSS via Person Property Assignment Leading to Admin Session Hijacking
ChurchCRM is an open-source church management system. A privilege escalation vulnerability exists in ChurchCRM prior to version 6.5.3. An authenticated user with specific mid-level permissions "Edit Records" and "Manage Properties and Classifications" can inject a persistent Cross-Site Scripting...
EUVD-2025-197649
A vulnerability was found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. Impacted is an unknown function of the file /editprofile. Performing manipulation of the argument firstname/lastname results in basic cross site scripting. It is possible to...
PHPGurukul Student Record System 安全漏洞
Student Record System is a software application. Student Record System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the adminname and aemailid parameters of admin-profile.php, which can be exploited to...
PT-2025-44666
Name of the Vulnerable Software and Affected Versions ELOG affected versions not specified Description The ELOG platform, an electronic logbook system, has an issue where an authenticated attacker with low privileges can modify another user's profile. Specifically, an attacker can alter a target...
CVE-2025-12303
A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. The impacted element is an unknown function of the file admin-profile.php. Executing a manipulation of the argument adminname/email can lead to cross site scripting. The attack may be launched remotely. The exploit has been...
CVE-2025-12287 Bdtask Wholesale Inventory Control and Inventory Management System edit_profile sql injection
A security vulnerability has been detected in Bdtask Wholesale Inventory Control and Inventory Management System up to 20251013. This impacts an unknown function of the file /Admindashboard/editprofile. Such manipulation of the argument firstname/lastname leads to sql injection. The attack may be...
PT-2025-41275
Name of the Vulnerable Software and Affected Versions SourceCodester Pet Grooming Management Software version 1.0 Description The software is susceptible to Cross Site Scripting XSS attacks. The issue occurs in the '/admin/profile.php' component through the fname First Name and lname Last Name...
EUVD-2016-5976
Malware in sbrugna...
EUVD-2017-7946
Malware in sbrugna...
EUVD-2007-3575
Malware in sbrugna...
EUVD-2020-18162
Malware in sbrugna...