CVE-2022-41688

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to th...

CVE-2022-39355

Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. On sites with Patreon login enabled, an improper authentication vulnerability could be used to take control of a victim's forum account. This vulnerability is patched in commit number...

CVE-2024-47524

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is inside the name of...

CVE-2024-49619

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in acespritech Social Link Groups social-link-groups allows Blind SQL Injection.This issue affects Social Link Groups: from n/a through = 1.1.0...

[SECURITY] Fedora 40 Update: ovn-24.09.2-4.fc40

OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups...

CVE-2024-48032

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sumitsurai Featured Posts with Multiple Custom Groups FPMCG featured-posts-with-multiple-custom-groups-fpmcg allows Reflected XSS.This issue affects Featured Posts with Multiple Custom Groups FPMCG...

CVE-2024-8349

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for authenticated attackers, with group...

CVE-2024-56197

Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the "PM tags allowed for groups" option is enabled, the other user is a member of a group added to this option, and the PM has been tagged. This issue has been patched in the late...

PT-2025-2961 · Easyvirt · Easyvirt Dcscope +1

Name of the Vulnerable Software and Affected Versions: EasyVirt DCScope versions 8.6.0 and earlier EasyVirt CO2Scope versions 1.3.0 and earlier Description: The issue allows remote authenticated attackers with low privileges to perform various actions, including adding admin users, modifying user...

CVE-2025-24538

Cross-Site Request Forgery CSRF vulnerability in Slava Abakumov BuddyPress Groups Extras buddypress-groups-extras allows Cross Site Request Forgery.This issue affects BuddyPress Groups Extras: from n/a through = 3.6.10...

CVE-2025-24538 WordPress BuddyPress Groups Extras plugin <= 3.6.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Slava Abakumov BuddyPress Groups Extras buddypress-groups-extras allows Cross Site Request Forgery.This issue affects BuddyPress Groups Extras: from n/a through = 3.6.10...

CVE-2025-24538

The CVE-2025-24538 issue is a CSRF vulnerability in the WordPress plugin slaFFik BuddyPress Groups Extras, affecting versions up to and including 3.6.10. The connected sources consistently identify this as a cross-site request forgery risk within BuddyPress Groups Extras, with no explicit public ...

CVE-2025-24538 WordPress BuddyPress Groups Extras plugin <= 3.6.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Slava Abakumov BuddyPress Groups Extras buddypress-groups-extras allows Cross Site Request Forgery.This issue affects BuddyPress Groups Extras: from n/a through = 3.6.10...

The 2024 Ransomware Landscape: Looking back on another painful year

The ransomware landscape in 2024 continued to evolve at a rapid pace, outgrowing many of the trends we saw in 2023. Threat actors remained relentless and innovative, targeting organizations of all sizes and sectors. In this post, we’ll examine the latest data points, discuss notable groups, and...

The 2024 Ransomware Landscape: Looking back on another painful year

The ransomware landscape in 2024 continued to evolve at a rapid pace, outgrowing many of the trends we saw in 2023. Threat actors remained relentless and innovative, targeting organizations of all sizes and sectors. In this post, we’ll examine the latest data points, discuss notable groups, and...

WordPress plugin BuddyPress Groups Extras 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2025-5389 · Slaffik · Buddypress Groups Extras

Name of the Vulnerable Software and Affected Versions: slaFFik BuddyPress Groups Extras versions 3.6.10 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF problem, which allows an attacker to perform unauthorized actions on a user's account. This is a type of attac...

OESA-2025-1074 podman security update

Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in...

CVE-2025-23730 WordPress FLX Dashboard Groups plugin <= 0.0.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in flx0 FLX Dashboard Groups flx-dashboard-groups allows Reflected XSS.This issue affects FLX Dashboard Groups: from n/a through = 0.0.7...

CVE-2025-23730

CVE-2025-23730 refers to a reflected XSS in the FLX Dashboard Groups WordPress plugin. The vulnerability affects FLX Dashboard Groups versions from n/a to 0.0.7. The NVD/RH/ENISA data in the connected documents confirm a Reflected Cross-Site Scripting issue, with a CVSS v3.1 base score of 7.1 (Hi...