CVE-2023-51405

Improper Authentication vulnerability in Repute Infosystems BookingPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BookingPress: from n/a through 1.0.74...

CVE-2023-32127

Missing Authorization vulnerability in Daniel Powney Multi Rating allows Functionality Misuse.This issue affects Multi Rating: from n/a through 5.0.6...

CVE-2023-32127

CVE-2023-32127 affects WordPress Multi Rating plugin (

CVE-2023-25785

Missing Authorization vulnerability in Shoaib Saleem WP Post Rating allows Functionality Misuse.This issue affects WP Post Rating: from n/a through 2.5...

CVE-2023-25785 WordPress WP Post Rating plugin <= 2.5 - Vote Manipulation Vulnerability

Missing Authorization vulnerability in Shoaib Saleem WP Post Rating allows Functionality Misuse.This issue affects WP Post Rating: from n/a through 2.5...

CVE-2023-25785

CVE-2023-25785 describes a Missing Authorization vulnerability in the WordPress plugin Shoaib Saleem WP Post Rating , enabling functionality misuse for WP Post Rating versions through 2.5. Public sources in the connected documents consistently identify this as an unauthenticated access issue lead...

CVE-2023-25785 WordPress WP Post Rating plugin <= 2.5 - Vote Manipulation Vulnerability

Missing Authorization vulnerability in Shoaib Saleem WP Post Rating allows Functionality Misuse.This issue affects WP Post Rating: from n/a through 2.5...

Advanced PWA inc Push Notifications - Critical - Access bypass - SA-CONTRIB-2024-017

Progressive web applications are web applications that load like regular web pages or websites but can offer the user functionality such as working offline, push notifications, and device hardware access traditionally available only to native applications. This module doesn't sufficiently protect...

PT-2024-12296 · Daniel Powney · Multi Rating

Name of the Vulnerable Software and Affected Versions: Multi Rating versions 5.0.6 and earlier Description: The issue is related to a Missing Authorization vulnerability in Daniel Powney Multi Rating, which allows for Functionality Misuse. Recommendations: For versions 5.0.6 and earlier, update t...

CVE-2024-28130

An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOIPList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2023-47731 IBM QRadar Suite Software cross-site scripting

IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadi...

CVE-2023-38294

Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory versionCode='7', versionName='1.8.02203101027' that allows local third-party apps to execute arbitrary shell commands in its context syst...

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Insecure Direct Object Reference Vulnerability

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability. Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it...

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Insecure Direct Object Reference Vulnerability

Elber Cleber/3 Broadcast Multi-Purpose Platform version 1.0.0 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability. Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Device Config Vendor: Elber S.r.l. Product web page:...

CVE-2023-38294

Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory versionCode='7', versionName='1.8.02203101027' that allows local third-party apps to execute arbitrary shell commands in its context syst...

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Authentication Bypass Vulnerability

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the setpwd endpoint that enables them to...

CVE-2023-38290

CVE-2023-38290 affects BLU View 2 and Sharp Rouvo V Android devices due to a vulnerable pre-installed com.evenwell.fqc app. The issue: inadequate access control lets local third-party apps execute arbitrary shell commands in the app’s system context without special permissions, enabling actions s...

CVE-2023-38294

Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory versionCode='7', versionName='1.8.02203101027' that allows local third-party apps to execute arbitrary shell commands in its context syst...

CVE-2023-38294

The CVE-2023-38294 issue affects Itel Vision 3 Turbo devices with a pre-installed vulnerable app com.transsion.autotest.factory (versionCode 7, versionName 1.8.0(220310_1027)). The root cause is inadequate access control in this component, enabling local third‑party apps to execute arbitrary shel...

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass Vulnerability

Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the setpwd endpoint that enables th...