CVE-2025-11748

The Groups plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0 via the 'groupid' parameter of the groupjoin function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

CVE-2025-11748 Groups <= 3.7.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Group Join

The Groups plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0 via the 'groupid' parameter of the groupjoin function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

CVE-2025-11748 Groups <= 3.7.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Group Join

The Groups plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0 via the 'groupid' parameter of the groupjoin function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

PT-2025-45542

Name of the Vulnerable Software and Affected Versions Groups plugin for WordPress versions prior to 6.7.1 Description The Groups plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This flaw stems from inadequate validation of a user-controlled key, specifically the...

EUVD-2010-4594

Malware in sbrugna...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an inode in the ocfs2 component not being removed from the cache when joining a group fails, resulting in a...

UBUNTU-CVE-2023-28686

Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive informati...

StoreFront propagation fails with "Access is denied" error / joining the server group fails

When attempting to join the secondary storefront server the server group fails, Below events logged in the Primary storefront server Event ID2850,2203 === "An error occurred while executing the following command: 'Remove-DSClusterMember' The access was denied. === Or When attempting to propagate...

CVE-2015-2786

Technical details about CVE-2015-2786 are not publicly available in the provided documents; no concrete affected products, versions, or fixes are described here. Monitor for updates.

Design/Logic Flaw

MyBB aka MyBulletinBoard before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to cause a denial of service resource consumption by using guest access to submit join request forms for moderated groups, related to usercp.php and managegroup.php...