16 matches found
EUVD-2026-29952
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properly verifying that a user is authorized to perform an action via the pmsetgrouporder, pmsetgroupitem...
CVE-2026-4607
CVE-2026-4607 concerns the ProfileGrid – User Profiles, Groups and Communities WordPress plugin (versions up to 5.9.8.4). The issue is an authorization bypass in AJAX actions pm_set_group_order, pm_set_group_items, and pm_set_field_order, allowing authenticated users with Subscriber-level access ...
CVE-2026-4607 ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Group Settings Modification
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properly verifying that a user is authorized to perform an action via the pmsetgrouporder, pmsetgroupitem...
PT-2026-40609
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properly verifying that a user is authorized to perform an action via the pm set group order, pm set grou...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ffmpeg (UTSA-2025-936108)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-936108 advisory. A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filterframe at libavfilter/vffieldorder.c, which might lead to memory corruption and other potenti...
GHSA-74R5-G7VC-J2V2 zerovec-derive incorrectly uses `#[repr(packed)]`
The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...
zerovec-derive incorrectly uses `#[repr(packed)]`
The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...
RUSTSEC-2024-0346 Incorrect usage of `#[repr(packed)]`
The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...
Incorrect usage of `#[repr(packed)]`
The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...
RUSTSEC-2024-0347 Incorrect usage of `#[repr(packed)]`
The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...
Incorrect usage of `#[repr(packed)]`
The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...
SUSE CVE-2020-22022
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filterframe at libavfilter/vffieldorder.c, which might lead to memory corruption and other potential consequences...
CVE-2022-32353
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/managefieldorder.php?id=...
CVE-2022-32353
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/managefieldorder.php?id=...
Product Show Room Site SQL注入漏洞
Product Show Room Site is a product showroom site from Carlo Montero's personal developer. version 1.0 of Product Show Room Site is vulnerable to SQL injection, which originates from /psrs/admin/categories/managefieldorder. php?id=page has a SQL injection issue. No detailed vulnerability details...
DEBIAN-CVE-2020-22022
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filterframe at libavfilter/vffieldorder.c, which might lead to memory corruption and other potential consequences...