CVE-2025-70982

Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges to arbitrarily import sensitive user data...

WordPress plugin Advanced Custom Fields: Extended security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-3591

A reflected cross-site scripting xss vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000820)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000820 advisory. The clearuser function in arch/arm64/lib/clearuser.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service system...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002138)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002138 advisory. The clearuser function in arch/arm64/lib/clearuser.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service system...

CVE-2023-43331

A cross-site scripting XSS vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

UBUNTU-CVE-2022-50677

In the Linux kernel, the following vulnerability has been resolved: ipmi: fix use after free in ipmidestroyuser The intffree function frees the "intf" pointer so we cannot dereference it again on the next line...

CVE-2025-6389

The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeitarticlespaginationcallback function. This is due to the function accepting user input and then passing that through calluserfunc. This makes it possible for...

CVE-2025-6389 Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution in sneeit_articles_pagination_callback

The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeitarticlespaginationcallback function. This is due to the function accepting user input and then passing that through calluserfunc. This makes it possible for...

CVE-2023-7323

Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Create User function. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2023-7323 Nagios Log Server < 2024R1 XSS via Create User Function

Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Create User function. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2023-7323

CVE-2023-7323 affects Nagios Log Server prior to 2024R1, with an XSS vulnerability caused by insufficient validation/escaping of user input in the Create User function. The impact is potential arbitrary script execution in a victim’s browser. Publicly disclosed details across Red Hat, EUVD, and v...

CVE-2023-7323 Nagios Log Server < 2024R1 XSS via Create User Function

Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Create User function. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

Nagios Log Server 安全漏洞

Nagios Log Server is a suite of centralized log management, monitoring, and analysis software from Nagios, Inc. A security vulnerability exists in Nagios Log Server versions prior to 2024R1, which stems from insufficient validation and escaping of user input in the Create User function, which cou...

CVE-2025-11485

A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function adduser of the file /admin.php of the component Manage Users Page. This manipulation of the argument firstname/lastname causes cross site scripting. The attack can be initiated remotely...

EUVD-2025-33292

A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function adduser of the file /admin.php of the component Manage Users Page. This manipulation of the argument firstname/lastname causes cross site scripting. The attack can be initiated remotely...

PT-2025-41290

Name of the Vulnerable Software and Affected Versions SourceCodester Student Grades Management System version 1.0 Description A security issue exists in SourceCodester Student Grades Management System. The add user function within the /admin.php file, specifically in the Manage Users Page...

EUVD-2019-17089

Malware in sbrugna...

EUVD-2019-13479

Malware in sbrugna...

EUVD-2018-3776

Malware in sbrugna...