CVE-2025-23820

Cross-Site Request Forgery CSRF vulnerability in thapa.laxman Content Security Policy Pro content-security-policy-pro allows Cross Site Request Forgery.This issue affects Content Security Policy Pro: from n/a through = 1.3.5...

CVE-2025-23820

Cross-Site Request Forgery CSRF vulnerability in thapa.laxman Content Security Policy Pro content-security-policy-pro allows Cross Site Request Forgery.This issue affects Content Security Policy Pro: from n/a through = 1.3.5...

CVE-2025-23820

CVE-2025-23820 is a CSRF vulnerability in Content Security Policy Pro (WordPress CSP Pro plugin) affecting versions up to 1.3.5. The issue is listed across multiple connected sources (e.g., Red Hat security page) with the same description, indicating a CSRF flaw that can enable Cross-Site Request...

CVE-2025-23820 WordPress Content Security Policy Pro plugin <= 1.3.5 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in thapa.laxman Content Security Policy Pro content-security-policy-pro allows Cross Site Request Forgery.This issue affects Content Security Policy Pro: from n/a through = 1.3.5...

SUSE-SU-2024:2376-1 Security update for kernel-firmware

This update for kernel-firmware fixes the following issues: Update AMD ucode to 20231030 bsc1215831: - CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. - CVE-2021-46774: Insufficient...

CVE-2024-23820

creationtimestamp| type| source ---|---|--- 2024-01-26 18:21:48+00:00| seen| https://t.me/ctinow/174391 2024-01-28 12:19:17+00:00| seen| https://t.me/arpsyndicate/3286 2024-02-19 20:26:38+00:00| seen| https://t.me/ctinow/187903...

CVE-2024-23820

OpenFGA, an authorization/permission engine, is vulnerable to a denial of service attack in versions prior to 1.4.3. In some scenarios that depend on the model and tuples used, a call to ListObjects may not release memory properly. So when a sufficiently high number of those calls are executed, t...

CVE-2024-23820

CVE-2024-23820 affects OpenFGA (authorization engine). A DoS can occur when repeatedly calling ListObjects, in scenarios depending on the model and tuples, due to memory not being released, potentially exhausting memory and terminating the server. A patch is available in OpenFGA v1.4.3. Other con...

SUSE: Security Advisory (SUSE-SU-2023:4665-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:4654-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:4655-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-23820

CVE-2022-23820 corresponds to a vulnerability in AMD ASP/PSP/SMM handling where failure to validate the AMD SMM communication buffer could allow an attacker to corrupt SMRAM and achieve arbitrary code execution. Public details in AMD’s bulletin AMD-SB-5001 confirm the issue and map it to multiple...

AMD Server Vulnerabilities – Nov 2023

Bulletin ID: AMD-SB-3002 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Unit SMU, AMD Secure Encrypted Virtualization SEV, AMD Secure Encrypted...

WordPress ProfilePress Plugin < 4.5.5 Multiple XSS Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:properfraction:profilepress"; if description...

CVE-2023-23820

creationtimestamp| type| source ---|---|--- 2023-05-03 16:30:58+00:00| seen| https://t.me/cibsecurity/63222...

CVE-2023-23820

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in ProfilePress Membership Team ProfilePress plugin = 4.5.4 versions...

CVE-2023-23820

The CVE-2023-23820 entry concerns the WordPress ProfilePress Plugin (Membership Team) versions &lt;= 4.5.4. The vulnerability is a stored XSS that requires authentication (contributors or higher) to exploit. The available documents specify the issue as an Auth. (contributor+) Stored Cross-Site Sc...

WordPress ProfilePress Plugin <= 4.5.4 is vulnerable to Cross Site Scripting (XSS)

Software ProfilePress Type Plugin Vulnerable versions = 4.5.4 Fixed in 4.5.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23820 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1dded0badc30 Credits Rafie Muhammad Patchstack...

CVE-2021-23820

This affects all versions of package json-pointer. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays...

CVE-2021-23820

creationtimestamp| type| source ---|---|--- 2021-11-03 21:23:24+00:00| seen| https://t.me/cibsecurity/31764...