CVE-2026-47846

Bitnami Cassandra container images are affected by a retained default superuser vulnerability: when CASSANDRA_USER is customized, the init script creates a new superuser but may not drop the built-in cassandra account, leaving cassandra:cassandra active as an unintended access path. This can allo...

EUVD-2026-17671

APTRS Automated Penetration Testing Reporting System is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. Prior to version 2.0.1, the edituser endpoint POST /api/auth/edituser/ allows Any user who can reach that endpoint and submit...

CVE-2026-34406

APTRS (Automated Penetration Testing Reporting System) is a Python/Django-based tool. Before v2.0.1, the edit_user endpoint (POST /api/auth/edituser/) lets any reachable user grant themselves or another account superuser by sending is_superuser: true. Root cause: CustomUserSerializer includes is_...

EUVD-2025-38110

Unrestricted Upload of File with Dangerous Type vulnerability in Addify Custom User Registration Fields for WooCommerce user-registration-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Custom User Registration Fields for WooCommerce: from n/a through = 2.1.2...

CVE-2025-60207 WordPress Custom User Registration Fields for WooCommerce plugin <= 2.1.2 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Addify Custom User Registration Fields for WooCommerce user-registration-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Custom User Registration Fields for WooCommerce: from n/a through = 2.1.2...

EUVD-2021-27006

Malware in sbrugna...

EUVD-2022-39374

Malicious code in bioql PyPI...

WordPress Custom User Registration Fields for WooCommerce plugin <= 2.1.2 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Custom User Registration Fields for WooCommerce versions = 2.1.2...

CVE-2023-6391

The Custom User CSS WordPress plugin through 0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2023-6187

The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'pmpropaypalexpresssessionvarsforuserfields' function in versions up to, and including, 2.12.3. This makes it possible for authenticated attackers with subscriber...

CVE-2022-36672

Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session...

CVE-2024-6624

The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.9.3. This is due to improper controls on custom user meta fields. This makes it possible for unauthenticated attackers to register as administrators on the site. The plugin require...

Symfony 授权问题漏洞

Symfony is a PHP framework for web and console applications and a set of reusable PHP components from Symfony, Inc. A security vulnerability exists in Symfony that stems from the fact that a custom userchecker on the firewall is not invoked when logging in programmatically using the Security::log...

PT-2024-34151 · Symfony +2 · Symfony/Securitybundle +2

Name of the Vulnerable Software and Affected Versions: symfony/security-bundle versions prior to 6.4.10 symfony/security-bundle versions prior to 7.0.10 symfony/security-bundle versions prior to 7.1.3 Description: The custom user checker defined on a firewall is not called when logging in...

CVE-2024-20274 Cisco Secure Firewall Management Center HTML Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due ...

WordPress plugin JSON API User security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-37753 · WordPress · Json Api User +1

Name of the Vulnerable Software and Affected Versions: JSON API User plugin for WordPress versions up to, and including, 3.9.3 Description: The issue is due to improper controls on custom user meta fields, making it possible for unauthenticated attackers to register as administrators on the site...

Mattermost Security Vulnerabilities

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from the inability to prevent the specification of a RemoteId when creating a new user, allowing an attacker to specify both a RemoteId and a us...

GHSA-6MX3-9QFH-77GJ Mattermost denial of service through long emoji value

Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the server...

PT-2024-2031 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions prior to v8.1.9 Description: The issue is related to uncontrolled resource consumption. An attacker can exploit this by setting a custom user status with an emoji value as a very long string, causing high resource...