CVE-2023-25610

Fortinet CVE-2023-25610 is a buffer underwrite in the FortiOS/FortiProxy administrative interface that allows remote, unauthenticated execution of code via crafted requests. Affected firmware ranges include FortiOS 7.2.0–7.2.3, 7.0.0–7.0.6, 6.4.0–6.4.11, 6.2.12 and below, FortiProxy 7.2.0–7.2.2, ...

CVE-2023-45633

CVE-2023-45633 describes a Missing Authorization vulnerability (Broken Access Control) in WordPress IMPress Listings plugin (versions n/a–2.6.2). The root cause is incorrectly configured access control security levels, enabling unauthenticated users to access restricted functionality. Reported CV...

CVE-2022-21505

CVE-2022-21505: In the Linux kernel IMA, enabling appraisal with ima_appraise=log can bypass lockdown on systems where Secure Boot is disabled or unavailable. IMA blocks ima_appraise=log via boot params when Secure Boot is enabled, but this protection does not cover lockdown used without Secure B...

CVE-2023-47869

The CVE-2023-47869 issue concerns the WordPress plugin wpForo Forum, affected up to version 2.2.5. Connected data indicates a Content Injection/Broken Access Control vulnerability arising from improper handling of script-related HTML in web pages, enabling code injection. Patchstack specifies tha...

CVE-2022-20634

Cisco Enterprise Chat and Email (ECE) Web-based management interface vulnerability (CVE-2022-20634) allows an unauthenticated, remote attacker to cause user redirection to a malicious URL via crafted links. Root cause: improper input validation of URL parameters in HTTP requests. Affects Cisco EC...

CVE-2023-30583

fs.openAsBlob can bypass the experimental permission model when using the file system read restriction with the --allow-fs-read flag in Node.js 20. This flaw arises from a missing check in the fs.openAsBlob API. Please note that at the time this CVE was issued, the permission model is an...

CVE-2024-22298

CVE-2024-22298 describes a Missing Authorization (Broken Access Control) vulnerability in the WordPress plugin Amelia Booking. The affected versions are Amelia Booking ≤ 1.0.98, with unauthenticated attackers able to access restricted actions due to missing authorization checks. Patchstack notes ...

CVE-2024-22145

CVE-2024-22145 : InstaWP Connect plugin for WordPress (= 0.1.0.9.

CVE-2103-7470

Technical details for CVE-2103-7470 are not publicly available in the provided documents. Monitor for updates.

CVE-2018-1709

Jazz for Service Management (IBM) versions 1.1.0–1.1.3 are affected by CVE-2018-1709. The IBM bulletin describes a cross-site scripting vulnerability in the Dashboard Application Services Hub that can allow arbitrary JavaScript in the web UI and potential credentials disclosure within a trusted s...

CVE-2021-0830

CVE-2021-0830 is listed under the Android 12 release notes in the Framework component, classified as an Elevation of Privilege (EoP) issue with Moderate severity. The entry confirms affected area as Android Framework and indicates fixes were addressed as part of the Android 12 release. The Androi...

CVE-2021-0801

CVE-2021-0801 is listed in the Android 12 security release notes under the Framework category with Type ID and Severity Moderate. The provided documents do not expose the exact root cause, affected subcomponent, exploit details, or remediation/patch information for this CVE. No public technical d...

CVE-2021-0709

Android 12 Security Release Notes include CVE-2021-0709: listed under Framework with Type Elevation of Privilege (EoP) and Severity Moderate. No specific exploit details or remediation information are provided in the document beyond its inclusion in the Framework section.

CVE-2020-0436

CVE-2020-0436 entry is rejected/withdrawn and does not represent an active vulnerability.