CVE-2023-2299

CVE-2023-2299 affects the Online Booking & Scheduling Calendar for WordPress by vcita plugin. The issue is an unauthorized data modification vulnerability via the REST-API endpoint /wp-json/vcita-wordpress/v1/actions/auth, caused by a missing capability check in the processAction function. It aff...

Design/Logic Flaw

The Page Builder by AZEXO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'azhaddpost' function in versions up to, and including, 1.27.133. This makes it possible for authenticated attackers to create a post with any post type and...

CVE-2023-3053

CVE-2023-3053 affects Page Builder by AZEXO for WordPress. The vulnerability is due to a missing capability check in the azh_add_post function, present up to version 1.27.133. This Broken Access Control allows authenticated attackers to create posts with any post type and post status. The Initial...

CVE-2023-29724

The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with...

CVE-2023-29724

The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with...

The vulnerability of the Student Console component in the Faronics Insight computer network management platform allows a hacker to gain access to read, modify, or delete data.

The vulnerability of the Student Console component in the Faronics Insight computer network management platform involves bypassing the authentication process by using an alternative path or channel when handling endpoints. Exploiting this vulnerability allows a malicious actor to gain read, modif...

The vulnerability of the application software interface of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS operating systems allows a perpetrator to gain access to read, modify, and delete data.

The vulnerability of the application software interface of Cisco TelePresence Collaboration Endpoint CE control devices and Cisco RoomOS operating systems is related to insufficient verification of data entered by users. Exploiting this vulnerability can allow a malicious actor to gain access to...

MoveIT SQL注入漏洞

MoveIT is a state-of-the-art software for robotic arm movement operations from MoveIT. MoveIT has a security vulnerability that originates from the presence of a SQL injection vulnerability. An attacker could use this vulnerability to access the database and perform change or delete operations...

PT-2023-22374 · Unknown · Glitter Unicorn Wallpaper

Name of the Vulnerable Software and Affected Versions: Glitter Unicorn Wallpaper app versions 7.0 through 8.0 Description: The issue allows unauthorized apps to request permission to modify data in the database that records user personal preferences. This data is loaded into memory when the app i...

CVE-2023-29722

The Glitter Unicorn Wallpaper app for Android v7.0–v8.0 stores user personal-preference data in a database. The vulnerability lets unauthorized apps actively request permission to modify this data, which is loaded into memory when the app opens, enabling an attacker to tamper with the data and po...

CVE-2023-29747

Story Saver for Instragram - Video Downloader 1.0.6 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the...

CVE-2023-29747

Story Saver for Instragram - Video Downloader 1.0.6 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the...

CVE-2023-28348

An issue was discovered in Faronics Insight 10.0.19045 on Windows. A suitably positioned attacker could perform a man-in-the-middle attack on either a connected student or teacher, enabling them to intercept student keystrokes or modify executable files being sent from teachers to students...

PT-2023-22397 · Unknown · Story Saver For Instagram - Video Downloader

Name of the Vulnerable Software and Affected Versions: Story Saver for Instragram - Video Downloader version 1.0.6 Description: The issue allows an attacker to modify the SharedPreference file, which can lead to various attack consequences, such as ad display exceptions, depending on how the data...

CVE-2023-29747

The vulnerability CVE-2023-29747 affects Story Saver for Instagram - Video Downloader 1.0.6 on Android. An exposed component exposes a method to modify SharedPreference files; manipulated data is loaded into memory when the app opens, enabling attacker-controlled data impact. Potential outcomes i...

Important: java-11-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficul...

Code injection

SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the application is opened. Dependi...

CVE-2023-29732

SoLive for Android versions 1.6.14–1.6.20 expose a component that provides a method to modify SharedPreference files. The root cause is improper access/verification of SharedPreference data, allowing an attacker to alter data that is loaded into memory on app startup. Potential consequences inclu...

cri-o: incorrect handling of the supplementary groups

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...

CVE-2023-2494

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'processpostdata' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role...