EUVD-2026-9106

wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforosynchroles AJAX handler. Attackers access the usergroups admin page, accessible to any authenticated user, to obtain a nonce, then rema...

CVE-2026-28557

wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforosynchroles AJAX handler. Attackers access the usergroups admin page, accessible to any authenticated user, to obtain a nonce, then rema...

CVE-2022-31492

Cross Site scripting XSS vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroupadminadd.php Username...

EUVD-2020-29637

Malware in sbrugna...

EUVD-2020-4227

Malware in sbrugna...

EUVD-2022-52950

Malicious code in bioql PyPI...

CVE-2022-44543

The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups if there is a usergroup field on the registration form. This occurs because the usergroup.inList protection mechanism is mishandled...

CVE-2020-11891

An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of comusers allow the unauthorized editing of usergroups...

BIT-JOOMLA-2020-11891

An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of comusers allow the unauthorized editing of usergroups...

BIT-JOOMLA-2020-11890

An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration...

BIT-JOOMLA-2020-11889

An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of comusers allow the unauthorized deletion of usergroups...

CVE-2024-27631

Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php...

CVE-2024-27631

Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php...

CVE-2022-44543

The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups if there is a usergroup field on the registration form. This occurs because the usergroup.inList protection mechanism is mishandled...

CVE-2022-44543

The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups if there is a usergroup field on the registration form. This occurs because the usergroup.inList protection mechanism is mishandled...

TYPO3 Extension femanager vulnerable to Broken Access Control

The TYPO3 Extension femanager prior to versions 5.5.2, 6.3.3, and 7.0.1 is vulnerable to broken access control. The usergroup.inList validation can be bypassed resulting in new frontend users created by the extension may be members of groups that are restricted. The vulnerability is only...

GHSA-59M9-P6CM-94Q5 TYPO3 Extension femanager vulnerable to Broken Access Control

The TYPO3 Extension femanager prior to versions 5.5.2, 6.3.3, and 7.0.1 is vulnerable to broken access control. The usergroup.inList validation can be bypassed resulting in new frontend users created by the extension may be members of groups that are restricted. The vulnerability is only...

PT-2022-27229 · Typo3 · Femanager

Name of the Vulnerable Software and Affected Versions: femanager extension versions prior to 5.5.2 femanager extension versions 6.x prior to 6.3.3 femanager extension versions 7.x prior to 7.0.1 Description: The issue allows creation of frontend users in restricted groups if there is a usergroup...

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 that originates from a malicious attacker being able to bypass filtering rules and send malicious data via usergroup.inList...

Cross site scripting

Cross Site scripting XSS vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroupadminadd.php Username...