CVE-2025-68399

ChurchCRM security advisory documents describe a Stored Cross-Site Scripting (XSS) in the GroupEditor.php page occurring in versions prior to 6.5.4 . The vulnerability allows an attacker to inject JavaScript when creating a group role, but requires the attacker to have permission to view and modi...

EUVD-2017-16341

Malware in sbrugna...

EUVD-2020-0261

Malware in sbrugna...

EUVD-2022-3298

Malicious code in bioql PyPI...

CVE-2021-24175

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user including admin by just providing the related username, as well as create accounts with...

CVE-2025-46544

In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles...

CVE-2025-46544

In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles...

CVE-2021-4360

The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator role with unrestricted access...

CVE-2024-9941

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the MJgmgtaddstaffmember function in all versions up to, and including, 67.1.0. This makes it possible for authenticated attackers, with subscriber-level...

Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled

Improper Authorization vulnerability in Apache Superset when FABADDSECURITYAPI is enabled disabled by default. Allows for lower privilege users to use this API. issue affects Apache Superset: from 2.0.0 before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue...

CVE-2024-53949 Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled

Improper Authorization vulnerability in Apache Superset when FABADDSECURITYAPI is enabled disabled by default. Allows for lower privilege users to use this API. issue affects Apache Superset: from 2.0.0 before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue...

SUSE CVE-2010-1616

Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability...

CVE-2022-4016 Booster for WooCommerce - Custom Role Creation/Deletion via CSRF

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.6, Booster Elite for WooCommerce WordPress plugin before 1.1.8 does not properly check for CSRF when creating and deleting Customer roles, allowing attackers to make logged admins...

WordPress plugin WP User Frontend 授权问题漏洞

WP User Frontend is a wordpress plugin for user frontend posting and submission. An authorization issue vulnerability exists in WordPress WP User Frontend versions prior to 3.5.29. The vulnerability stems from improper privilege management and can be exploited by an attacker to create accounts wi...

Orchard Core 安全漏洞

Orchard Core is an open source modular and multi-tenant application framework built with Asp.Net Core and a content management system Cms built on top of the framework from Orchard Core, Inc. Orchard Core is vulnerable to privilege permission and access control issues that could be exploited by a...

wildfly: XSS via admin console when creating roles in domain mode

A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack XSS. The highest threat from this vulnerability is to confidentiality and integrity...

wildfly: XSS via admin console when creating roles in domain mode

A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack XSS. The highest threat from this vulnerability is to confidentiality and integrity...

wildfly: XSS via admin console when creating roles in domain mode

A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack XSS. The highest threat from this vulnerability is to confidentiality and integrity...

wildfly: XSS via admin console when creating roles in domain mode

A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack XSS. The highest threat from this vulnerability is to confidentiality and integrity...

wildfly: XSS via admin console when creating roles in domain mode

A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack XSS. The highest threat from this vulnerability is to confidentiality and integrity...