140 matches found
CVE-2026-28766
A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication...
Gardyn 访问控制错误漏洞
Gardyn is an indoor smart hydroponic cultivation device developed by the American company Gardyn. Gardyn has a access control vulnerability, which allows certain endpoints to expose the account information of all registered users without authentication...
WWBN AVideo 跨站脚本漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from a flaw in the order of cleaning operations for the about field in user profiles, which...
CVE-2026-2356
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'registermember' function, due to missing validation on the 'memberid' user...
CVE-2026-2356 User Registration & Membership <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'registermember' function, due to missing validation on the 'memberid' user...
CVE-2026-2356 User Registration & Membership <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'registermember' function, due to missing validation on the 'memberid' user...
CVE-2025-13493 Latest Registered Users <= 1.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via User Data Export
The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due to missing authorization and nonce validation in the rndhandleformsubmit function hooked to both adminpostmysimpleform and...
CVE-2025-13493
CVE-2025-13493 concerns the WordPress plugin “Latest Registered Users.” It allows unauthenticated attackers to export complete user details (except passwords and tokens) in CSV via the action parameter, due to missing authorization and nonce validation in rnd_handle_form_submit hooked to admin_po...
WordPress Latest Registered Users plugin <= 1.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via User Data Export vulnerability
Missing Authorization to Unauthenticated Sensitive Information Exposure via User Data Export vulnerability discovered by Legion Hunter in WordPress Plugin Latest Registered Users versions = 1.4...
WordPress plugin Latest Registered Users 安全漏洞
...
PT-2026-1588
Name of the Vulnerable Software and Affected Versions The Latest Registered Users plugin for WordPress versions prior to 1.5 Description The Latest Registered Users plugin for WordPress is susceptible to unauthorized user data export. This is a result of a lack of authorization and nonce validati...
EUVD-2020-14932
Malware in sbrugna...
EUVD-2004-0604
Malware in sbrugna...
EUVD-2024-0701
Malicious code in bioql PyPI...
EUVD-2022-27269
Malicious code in bioql PyPI...
CVE-2025-43797
In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allows any registered users to become a member...
Liferay has Insecure Default Initialization of Resource issue
In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allows any registered users to become a member...
GHSA-25M3-W28P-V3V3 Liferay has Insecure Default Initialization of Resource issue
In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allows any registered users to become a member...
CVE-2025-43797
In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allows any registered users to become a member...
CVE-2025-43797
In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allows any registered users to become a member...