CVE-2026-0549

The Groups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'groupsgroupinfo' shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress plugin Groups 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-20625

The Groups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'groups group info' shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

EUVD-2019-6500

Malware in sbrugna...

EUVD-2025-31913

Malicious code in bioql PyPI...

CVE-2023-53503

In the Linux kernel, the following vulnerability has been resolved: ext4: allow ext4getgroupinfo to fail Previously, ext4getgroupinfo would treat an invalid group number as BUG, since in theory it should never happen. However, if a malicious attaker or fuzzer modifies the superblock via the block...

CVE-2023-53503 ext4: allow ext4_get_group_info() to fail

In the Linux kernel, the following vulnerability has been resolved: ext4: allow ext4getgroupinfo to fail Previously, ext4getgroupinfo would treat an invalid group number as BUG, since in theory it should never happen. However, if a malicious attaker or fuzzer modifies the superblock via the block...

PT-2025-40210

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the ext4 filesystem implementation. Specifically, the ext4 get group info function previously triggered a kernel BUG when encountering an invalid...

CVE-2019-15514

The Privacy Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers...

CVE-2024-38402

Memory corruption while processing IOCTL call for getting group info...

kernel: ext4: allow ext4_get_group_info() to fail

In the Linux kernel, the following vulnerability has been resolved: ext4: allow ext4getgroupinfo to fail Previously, ext4getgroupinfo would treat an invalid group number as BUG, since in theory it should never happen. However, if a malicious attaker or fuzzer modifies the superblock via the block...

CVE-2024-38402

Memory corruption while processing IOCTL call for getting group info...

CVE-2024-38402

CVE-2024-38402 is a memory corruption via a refcount leak in the Qualcomm ADSPRPC DSP driver (fastrpc_get_process_gids). The vulnerability can enable use-after-free of the group_info structure, exposing kernel memory through a non-saturating refcount that can overflow with repeated calls. Disclos...

CVE-2024-38402 Use After Free in DSP Services

Memory corruption while processing IOCTL call for getting group info...

CLSA-2024-1715000325 kernel: Fix of 25 CVEs

IB/hfi1: Fix bugs with non-PAGESIZE-end multi-iovec user SDMA requests CVE-2023-52474 - afunix: Fix null-ptr-deref in unixstreamsendpage. CVE-2023-4622 - sched/rt: picknextrtentity: check listentry CVE-2023-1077 - RDMA/irdma: Prevent zero-length STAG registration CVE-2023-25775 - block: add check...

SUSE CVE-2018-10881

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4getgroupinfo function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image...

CVE-2020-13352

Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: =10.2, =13.4, =13.5, 13.5.2...

CVE-2018-11768

In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage...

Design/Logic Flaw

In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage...

CVE-2018-11768

CVE-2018-11768 affects Apache Hadoop versions: 3.1.0–3.1.1, 3.0.0-alpha1–3.0.3, 2.9.0–2.9.1, and 2.0.0-alpha–2.8.4. The vulnerability is caused by a mismatch in the size of the fields used to store user/group information between memory and disk representations in fsimage, allowing a remote attack...