43 matches found
EUVD-2026-14494
AVideo vulnerable to Stored XSS via htmlentitydecode Reversing xssesc Sanitization in Channel About Field...
CVE-2026-0844 Simple User Registration <= 6.7 - Authenticated (Subscriber+) Privilege Escalation via profile_save_field
The Simple User Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7 due to insufficient restriction on the 'profilesavefield' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to...
CVE-2025-13217 Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'value'
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the YouTube Video 'value' field in all versions up to, and including, 2.11.0. This is due to insufficient input...
CVE-2025-13217
The CVE CVE-2025-13217 is an authenticated Stored XSS in Ultimate Member for WordPress, triggered via the YouTube video URL field in profile-related input. The issue arises from insufficient input sanitization and output escaping in um_profile_field_filter_hook__youtube_video(), allowing Subscrib...
CVE-2025-13217 Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'value'
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the YouTube Video 'value' field in all versions up to, and including, 2.11.0. This is due to insufficient input...
EUVD-2018-13084
Malware in sbrugna...
EUVD-2018-18608
Malware in sbrugna...
EUVD-2008-0835
Malware in sbrugna...
EUVD-2014-9095
Malware in sbrugna...
EUVD-2018-7067
Malware in sbrugna...
BIT-MOODLE-2023-28329 Moodle: authenticated sql injection via availability check
Insufficient validation of profile field availability condition resulted in an SQL injection risk by default only available to teachers and managers...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick
auto-cve-2022-44268 Automating expl...
Authentication flaw
Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app...
Moodle SQL Injection vulnerability
Insufficient validation of profile field availability condition resulted in an SQL injection risk by default only available to teachers and managers...
GHSA-72W2-J52C-7682 Moodle SQL Injection vulnerability
Insufficient validation of profile field availability condition resulted in an SQL injection risk by default only available to teachers and managers...
CVE-2023-28329
Insufficient validation of profile field availability condition resulted in an SQL injection risk by default only available to teachers and managers...
CVE-2023-28329
Insufficient validation of profile field availability condition resulted in an SQL injection risk by default only available to teachers and managers...
CVE-2023-28329
Insufficient validation of profile field availability condition resulted in an SQL injection risk by default only available to teachers and managers...
Sql injection
Insufficient validation of profile field availability condition resulted in an SQL injection risk by default only available to teachers and managers...
CVE-2023-28329
CVE-2023-28329 concerns Moodle with an authenticated SQL injection via the profile field availability check. Documented affected ranges include Moodle 3.11–3.11.14, 4.0–4.0.8, 4.1–4.1.3, and 4.2. Affected vendor notes describe insufficient validation enabling SQL injection when retrieving profile...