EUVD-2026-21658

The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the groupblog-blogid, default-member, and groupblog-silent-add parameters from user input without proper...

CVE-2025-59714

In Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Grouper sysadmins can configure loader jobs...

CVE-2025-59714

In Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Grouper sysadmins can configure loader jobs...

CVE-2025-59714

In Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Grouper sysadmins can configure loader jobs...

CVE-2025-59714

The CVE-2025-59714 entry concerns Internet2 Grouper. Affected: Grouper versions 5.17.1 up to 5.20.4 (before 5.20.5). Issue: group admins who are not Grouper sysadmins can configure loader jobs, enabling potential unauthorized loader job creation. Root cause: mis-validation/configuration of loader...

CVE-2025-59714

In Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Grouper sysadmins can configure loader jobs...

CVE-2024-56324

GoCD is a continuous deliver server. GoCD versions prior to 24.4.0 can allow GoCD "group admins" to abuse ability to edit the raw XML configuration for groups they administer to trigger XML External Entity XXE injection on the GoCD server. Theoretically, the XXE vulnerability can result in...

CVE-2024-56324 GoCD vulnerable to XXE injection via abuse of pipeline XML "snippet" editing by group admins

GoCD is a continuous deliver server. GoCD versions prior to 24.4.0 can allow GoCD "group admins" to abuse ability to edit the raw XML configuration for groups they administer to trigger XML External Entity XXE injection on the GoCD server. Theoretically, the XXE vulnerability can result in...

CVE-2024-56324 GoCD vulnerable to XXE injection via abuse of pipeline XML "snippet" editing by group admins

GoCD is a continuous deliver server. GoCD versions prior to 24.4.0 can allow GoCD "group admins" to abuse ability to edit the raw XML configuration for groups they administer to trigger XML External Entity XXE injection on the GoCD server. Theoretically, the XXE vulnerability can result in...

CVE-2024-56324

GoCD versions prior to 24.4.0 allow group admins to abuse the ability to edit raw XML configuration for groups, triggering an XML External Entity (XXE) injection on the GoCD server. This can potentially lead to SSRF, information disclosure, and directory traversal, though exploitation specifics a...

SUSE CVE-2019-15624

Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders...

Nextcloud Server < 14.0.11, < 15.0.8 Input Validation Vulnerability (NC-SA-2019-015)

Nextcloud Server is prone to an input validation vulnerability where group admins can create users with IDs of system folders. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2019-15624

Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders...

Input validation

Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders...

CVE-2019-15624

Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders...

Group admins can create users with IDs of system folders (NC-SA-2019-015)

Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders...

Nextcloud: Group admins can remove arbitrary data from "data" directory (including admin data)

Steps to reproduce: 1. Create a new user and make him an admin of an arbitrary group 2. Log in as this new user 3. Create a new user "filesexternal", "appdatarandom-data", .. 4. Delete this user Result: The data/filesexternal / data/appdata.. folder is removed. Solution: Prevent creation of users...

ownCloud 0.1.2 User Impersonation Authorization Bypass

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: ownCloud Impersonate Vendor: ownCloud CSNC ID: CSNC-2018-015 CVE ID: N/A Subject: Authorization bypass Risk: High Effect: Remotely exploitable Author: Thierry Viaccoz Date: 29.08.2018 Introduction:...