CVE-2026-4979 UsersWP <= 1.2.58 - Authenticated (Subscriber+) Server-Side Request Forgery via 'uwp_crop' Parameter

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to blind Server-Side Request Forgery in all versions up to, and including, 1.2.58. This is due to insufficient URL origin validation in the processimagecrop...

CVE-2026-4979

CVE-2026-4979 affects the UsersWP plugin for WordPress (

EUVD-2021-19778

Malware in sbrugna...

EUVD-2020-29611

Malware in sbrugna...

EUVD-2025-4926

Malicious code in bioql PyPI...

CVE-2025-9344

CVE-2025-9344 affects the WordPress plugin UsersWP (Front-end login, User Registration, User Profile & Members Directory) up to version 1.2.42. The issue is a Stored Cross-Site Scripting (XSS) vulnerability via uwp_profile and uwp_profile_header shortcodes caused by insufficient input sanitizatio...

Malicious code in test-hwp-uwp (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-11720 Malicious code in test-hwp-uwp (PyPI)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-28962

Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service...

CVE-2024-28962

Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft

Collateral Damage Collateral Damage is a kernel exploit for Xb...

CVE-2024-6265

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwpsortby’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied...

January 10, 2023—KB5022303 (OS Build 22621.1105)

January 10, 2023—KB5022303 OS Build 22621.1105 Important: For Windows Recovery Environment WinRE devices, see the updated 1/20/23 Special instructions for Windows Recovery Environment WinRE devices in the How to get this update section to address security vulnerabilities in CVE-2022-41099. For...

CVE-2022-22523

An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled...

CVE-2022-28816 Reflected XSS in Carlo Gavazzi UWP 3.0

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service...

CVE-2022-28816 Reflected XSS in Carlo Gavazzi UWP 3.0

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service...

CVE-2022-28815 SQL-Injection in Carlo Gavazzi UWP 3.0 Sentilo Proxy

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy server was discovered to contain a SQL injection vulnerability allowing an attacker to query other tables of the Sentilo service...

CVE-2022-28815 SQL-Injection in Carlo Gavazzi UWP 3.0 Sentilo Proxy

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy server was discovered to contain a SQL injection vulnerability allowing an attacker to query other tables of the Sentilo service...

CVE-2022-28814 Path traversal in Carlo Gavazzi UWP 3.0 could lead to full device access

Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device...

CVE-2022-22524 SQL-injection in Carlo Gavazzi UWP 3.0 allows for full database access

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services...