130 matches found
CVE-2026-24885
Kanboard (Kanban project management software) is affected by a CSRF flaw in the ProjectPermissionController prior to version 1.2.50. The root cause is the server not strictly enforcing Content-Type: application/json for the changeUserRole action, accepting text/plain despite a JSON body. This all...
CVE-2025-14866 Melapress Role Editor <= 1.1.1 - Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment
The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'savesecondaryrolesfield' function. This makes it possible for authenticated attackers, with Subscriber-level...
WordPress Melapress Role Editor plugin <= 1.1.1 - Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment vulnerability
Improper Authorization to Authenticated Subscriber+ Privilege Escalation via Secondary Role Assignment vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Melapress Role Editor versions = 1.1.1...
PT-2026-2979
Name of the Vulnerable Software and Affected Versions Drupal Role Delegation versions 1.3.0 through 1.4.9 Description A privilege escalation issue exists in the Role Delegation module. The module allows site administrators to grant specific roles the authority to assign selected roles to users,...
CVE-2023-25569
Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Cooki...
CVE-2025-13619 Flex Store Users <= 1.1.0 - Unauthenticated Privilege Escalation
The Flex Store Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.0. This is due to the 'fsUserHandle::signup' and the 'fsSellerRole::addroleseller' functions not restricting what user roles a user can register with. This makes it possible f...
CVE-2025-62617
Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can explo...
CVE-2025-62617
Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can explo...
GHSA-2V5M-CQ9W-FC33 Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality
Summary An authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can exploit this vulnerability to execute arbitrary SQL commands. This can lea...
Duplicate
This advisory duplicates another...
EUVD-2016-2693
Malware in sbrugna...
EUVD-2004-0469
Malware in sbrugna...
EUVD-2011-4232
Malware in sbrugna...
EUVD-2020-0096
Malware in sbrugna...
EUVD-2015-1632
Malware in sbrugna...
EUVD-2019-5955
Malware in sbrugna...
EUVD-2021-9152
Malicious code in bioql PyPI...
EUVD-2022-3932
Malicious code in bioql PyPI...
EUVD-2024-43288
Malicious code in bioql PyPI...
EUVD-2025-10958
Malicious code in bioql PyPI...