Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in PATCH /api/v3/core/users/pk/. An attacker can gain elevated privileges by assigning arbitrary groups, including those with administrator-equivalent permissions, to users they control or have access to,...

EUVD-2025-203248

The Brizy – Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.16 via the getusers function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including...

EUVD-2015-7544

Malware in sbrugna...

EUVD-2018-18304

Malware in sbrugna...

EUVD-2005-0531

Malware in sbrugna...

EUVD-2017-4238

Malware in sbrugna...

EUVD-2010-1587

Malware in sbrugna...

EUVD-2013-6263

Malware in sbrugna...

EUVD-2015-1484

Malware in sbrugna...

EUVD-2011-2289

Malware in sbrugna...

EUVD-2012-3140

Malware in sbrugna...

EUVD-2021-12013

Malware in sbrugna...

EUVD-2022-7168

Malicious code in bioql PyPI...

EUVD-2022-44936

Malicious code in bioql PyPI...

CVE-2025-7727 Gutenverse <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text and Fun Fact Blocks

The Gutenverse plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text and Fun Fact blocks in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

BIT-MARIADB-MIN-2022-31621

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dsxbstream.cc, when an error occurs streamctxt-destfile == NULL while executing the method xbstreamopen, the held lock is not released correctly, which allows local users to trigger a denial of service due to the...

CVE-2024-33302

SourceCodester Product Show Room 1.0 and before is vulnerable to Cross Site Scripting XSS via "Middle Name" under Add Users...

CVE-2024-33304

SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting XSS via "Last Name" under Add Users...

Siemens TeleControl Server Basic SQL注入漏洞

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that originates from a SQL injection in the internal method UpdateUsers, which can be exploited by an attacker to bypass...

CVE-2024-11921 Give < 3.19.0 - Reflected XSS

The GiveWP WordPress plugin before 3.19.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...