CVE-2026-2994

Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam Allowlist Group Configuration via groupid parameter which can leads to a security bypass since changes are saved prior to checking the CSRF token. The Concrete CMS security team gave this vulnerabilit...

CVE-2026-1702 SourceCodester Pet Grooming Management Software User Management user.php improper authorization

A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/operation/user.php of the component User Management. Performing a manipulation of the argument groupid results in improper authorization. The attack can be...

CVE-2025-11748

CVE-2025-11748 : Groups plugin for WordPress contains an Insecure Direct Object Reference (IDOR) in the group_join function via the group_id parameter, allowing authenticated users with Subscriber level and above to join groups not specified by the shortcode. This affects versions up to and inclu...

WordPress plugin Groups 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

EUVD-2020-24936

Malware in sbrugna...

EUVD-2014-9170

Malware in sbrugna...

EUVD-2017-5755

Malware in sbrugna...

EUVD-2009-3620

Malware in sbrugna...

EUVD-2012-1022

Malware in sbrugna...

EUVD-2010-4253

Malware in sbrugna...

CVE-2025-10598

A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This issue affects some unknown processing of the file /admin/searchproduct.php. Such manipulation of the argument groupid leads to sql injection. The attack may be launched remotely. The exploit is publicly...

CVE-2025-10598 SourceCodester Pet Grooming Management Software search_product.php sql injection

A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This issue affects some unknown processing of the file /admin/searchproduct.php. Such manipulation of the argument groupid leads to sql injection. The attack may be launched remotely. The exploit is publicly...

CVE-2020-3665

A possible buffer overflow would occur while processing command from firmware due to the groupid obtained from the firmware being out of range in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon...

CVE-2014-9345

SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional aka AWP PRO 6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the groupid parameter in a listzone action to cgi/client.cgi...

FUEL CMS Security Vulnerability

FUEL CMS is a content management system CMS based on the Codelgniter framework. A security vulnerability exists in FUEL CMS version 1.5.2, which stems from a cross-site scripting XSS vulnerability. The vulnerability can be exploited to execute arbitrary code via the groupid parameter...

CVE-2022-1753 WoWonder Group requests.php access control

A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is responsible to handle group messages. The manipulation of the argument groupid allows posting messages in other groups. It is possible to launch the attack remotely but it might...

CVE-2020-13563

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template groupid parameter...

Cross site scripting

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template groupid parameter...

phpGACL template multiple cross-site scripting vulnerabilities

Summary Multiple cross-site scripting vulnerabilities exist in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability. Tested Versions phpGACL 3.3.7 OpenEMR 5.0.2...

CVE-2020-25130

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending an improper variable type of Array allows a bypass of core SQL...