CVE-2026-33062 free5GC NRF Discovery EncodeGroupId Function Panics on Malformed group-id-list Parameter

free5GC is an open source 5G core network. free5GC NRF prior to version 1.4.2 has an Improper Input Validation vulnerability leading to Denial of Service. All deployments of free5GC using the NRF discovery service are affected. The EncodeGroupId function attempts to access array indices 0, 1, 2...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the groupid parameter in the Anti-Spam Allowlist Group configuration. An attacker can perform unauthorized actions by tricking a logged-in administrator into submitting a crafted request, resulting in...

PT-2026-22864

Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam Allowlist Group Configuration via group id parameter which can leads to a security bypass since changes are saved prior to checking the CSRF token. The Concrete CMS security team gave this vulnerabili...

CVE-2025-11748 Groups <= 3.7.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Group Join

The Groups plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0 via the 'groupid' parameter of the groupjoin function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

CVE-2025-10598

A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This issue affects some unknown processing of the file /admin/searchproduct.php. Such manipulation of the argument groupid leads to sql injection. The attack may be launched remotely. The exploit is publicly...

CVE-2025-10598

SourceCodester Pet Grooming Management Software 1.0 is affected by a SQL injection in /admin/search_product.php caused by improper handling of the group_id parameter. This vulnerability can be exploited remotely and has publicly available exploit code. Some connected advisories mention a practica...

PT-2025-38222

Name of the Vulnerable Software and Affected Versions: SourceCodester Pet Grooming Management Software version 1.0 Description: A vulnerability exists in SourceCodester Pet Grooming Management Software that allows for SQL injection. The issue is related to the processing of the /admin/search...

GHSA-V6XR-V2QG-H22H Liferay Portal Vulnerable to Insecure Direct Object Reference

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vulnerable to Insecure Direct Object Reference IDOR in the...

CVE-2024-25369

A reflected Cross-Site Scripting XSS vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the groupid parameter...

The vulnerability of the /admin/config_Anticrack.php file of the application security gateway, owned by NS-ASG Netentsec, allows a hacker to execute arbitrary SQL queries.

The vulnerability of the /admin/configAnticrack.php file of the application security gateway, NS-ASG Netentsec, is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using the GroupId...

CVE-2024-2022

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/listipAddressPolicy.php. The manipulation of the argument GroupId leads to sql injection. The attack can ...

CVE-2023-6981

The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'groupid' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient...

WordPress Plugin WP SMS SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exists i...

CVE-2007-6580

Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow remote attackers to execute arbitrary SQL commands via 1 the catid parameter to category.php or 2 the groupid parameter to editadgroup.php...