CVE-2026-44170

Disclaimer: This data contains information about vulnerable...

CVE-2026-44171

Disclaimer: This data contains information about vulnerable...

CVE-2023-32256

The CVE-2023-32256 entry describes a race condition in the Linux kernel ksmbd component where a race between smb2 close and logoff on multichannel connections can cause a use-after-free. This affects the Linux kernel ksmbd implementation; the vulnerability details include the potential for a secu...

CVE-2023-7195

CVE-2023-7195 affects the WP-Reply Notify WordPress plugin (v

CVE-2023-7196

CVE-2023-7196 affects the WordPress plugin Ultimate Noindex Nofollow Tool (versions

CVE-2023-47180

CVE-2023-47180 affects the WordPress plugin Finale Lite (XLPlugins Finale Lite) with Missing Authorization, allowing unauthenticated users to delete content due to incorrectly configured access control. Public sources in the Connected Documents confirm the vulnerable range as Finale Lite versions...

CVE-2023-47838

CVE-2023-47838 affects the WordPress plugin Conditional Fields for Contact Form 7 (cf7-conditional-fields). Root cause: Missing Authorization / Broken Access Control due to incorrectly configured access control levels, allowing exploitation by low-privilege users. Affected versions:

CVE-2017-18307

CVE-2017-18307 is linked to Qualcomm chipsets (notably qcacld-3.0) and is described as an information-disclosure vulnerability that can occur during audio playback. The Red Hat and CVE listings corroborate an information leak, with Qualcomm’s product-security notes showing a local attack vector a...

CVE-2022-20853

CVE-2022-20853 concerns Cisco Expressway Series and Cisco TelePresence VCS. The issue is a CSRF vulnerability in the REST API/web-based management interface caused by insufficient CSRF protections, allowing an unauthenticated, remote attacker to persuade a logged-in user to follow a crafted link,...

CVE-2024-3447

CVE-2024-3447 — QEMU SDHCI heap-based buffer overflow A heap overflow in the SDHCI device emulation of QEMU is triggered when both s->data_count and the size of s->fifo_buffer are 0x200, causing an out-of-bounds access. A malicious guest could crash the QEMU process on the host, resulting i...

CVE-2023-1973

CVE-2023-1973 is an Undertow vulnerability that allows a remote attacker to cause a Denial of Service by exploiting FormAuthenticationMechanism, leading to OutOfMemory on the server. The connected records (e.g., Red Hat RHSA-2025-9583) confirm this issue and indicate remediation via security upda...

CVE-2024-32608

The CVE-2024-32608 entry applies to the HDF5 library up to version 1.14.3, where memory corruption in H5A__close can corrupt the instruction pointer and lead to denial of service or potential code execution. Public references indicate a fix in HDF5 1.14.4, so upgrading to 1.14.4 or later mitigate...

CVE-2024-22232

CVE-2024-22232 describes a directory traversal in Salt’s file server triggered by a specially crafted URL. The underlying issue is input validation that allows traversal sequences, enabling a malicious user to read arbitrary files from a Salt master’s filesystem. Affected component: Salt master/f...

CVE-2023-35049

CVE-2023-35049 affects the WordPress WooCommerce Stripe Payment Gateway plugin

CVE-2024-1204

The CVE-2024-1204 issue affects the Meta Box WordPress Custom Fields Framework (versions prior to 5.9.4). It allows users with at least the Contributor role to access arbitrary custom fields assigned to other users’ posts, indicating a broken access control vulnerability. Remediation, per multipl...

CVE-2024-2341

CVE-2024-2341 refers to the WordPress plugin Appointment Booking Calendar — Simply Schedule Appointments (plugin) with SQL Injection via the keys parameter in all versions up to 1.6.7.7, allowing authenticated subscribers to append queries and potentially exfiltrate data. Red Hat and NVD entries ...

CVE-2024-1990

CVE-2024-1990 concerns the RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress. The connected sources confirm a blind SQL Injection via the id parameter in the RM_Form shortcode, exploitable in all versions up to 5.3.1.0 due to insufficie...

CAN-2004-0017

CVE-2004-0017 is for phpGroupWare and covers multiple SQL injection vulnerabilities in the calendar and infolog modules caused by insufficient sanitization/non-escaping of user-supplied data. Affected software is phpGroupWare (around version 0.9.14). Debian DSA-419-1 notes fixes in woody (0.9.14-...

CAN-2004-0755

CVE-2004-0755 relates to Ruby CGI::Session's FileStore creating session files with insecure permissions, potentially allowing session information leakage. The JVN entry describes the issue, noting improper file permissions in CGI::Session FileStore. Fedo ra advisories mention a security fix and p...

CAN-2004-0645

CVE-2004-0645 affects abiword via a vulnerability in the wv library (buffer overflow) that could allow arbitrary code execution. The connected advisories (Debian DSA-579-1, Debian DSA-579-1 variants, and Gentoo/OpenVAS entries) confirm the issue and indicate the vulnerable component as abiword wi...