CVE-2024-33288

The CVE-2024-33288 entry covers a SQL injection vulnerability in Prison Management System Using PHP v1.0, exposed on the Admin login page via the username parameter. Multiple connected sources document an authentication bypass PoC and public exploits targeting admin access (e.g., by injecting adm...

CVE-2024-30547

CVE-2024-30547 is a DOM-based Cross-Site Scripting vulnerability in the WordPress plugin “Header Image Slider” where improper neutralization of input during web page generation allows DOM-based XSS. Affected: Header Image Slider versions up to 0.3. Root cause determined in connected sources as im...

CVE-2023-41656

CVE-2023-41656 is a broken access control vulnerability in the WordPress plugin Better Elementor Addons up to version 1.3.7, allowing exploitation of incorrectly configured access control security levels. The issue is categorized as Missing Authorization with a CVSSv3.1 base score of 5.4 (Medium)...

CVE-2023-28120

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input...

CVE-2023-47188

CVE-2023-47188 affects the WordPress plugin Simple Job Board (versions

CVE-2023-46611

CVE-2023-46611 concerns the WordPress YOP Poll plugin (

CVE-2022-21505

CVE-2022-21505: In the Linux kernel IMA, enabling appraisal with ima_appraise=log can bypass lockdown on systems where Secure Boot is disabled or unavailable. IMA blocks ima_appraise=log via boot params when Secure Boot is enabled, but this protection does not cover lockdown used without Secure B...

CVE-2023-47822

CVE-2023-47822 : WordPress plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar has a Missing/Broken Access Control vulnerability. Affected versions are

CVE-2023-47830

CVE-2023-47830 is a WordPress plugin vulnerability in Live Preview for Contact Form 7, affecting versions

CVE-2018-9421

CVE-2018-9421 is a local information-disclosure flaw in Android’s Media framework involving Parcel.cpp writeInplace and Binder; uninitialized data could leak across processes. Current documents confirm the issue and indicate it affects Android devices via local access with no user interaction. Th...

CVE-2020-3420

CVE-2020-3420 affects Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME). The issue is a cross-site scripting (XSS) vulnerability caused by insufficient validation of user-supplied input in the web-based management interface. An authentica...

CVE-2021-1484

Cisco SD-WAN vManage Software has a web UI vulnerability (CVE-2021-1484) allowing an authenticated, remote attacker to inject arbitrary commands via crafted device template configuration input, leading to DoS. Root cause: improper input validation of user-supplied device template inputs. Affected...

CVE-2022-31666

Harbor vulnerability CVE-2022-31666 involves failure to validate user permissions when managing Webhook policies. The issue allows authenticated users to view, update, or delete Webhook policies belonging to other users or projects, potentially enabling modification of policies configured in othe...

CVE-2024-31880

CVE-2024-31880 : IBM Db2 for Linux, UNIX and Windows (incl. Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to DoS under certain configurations when authenticated users send a crafted SQL statement, potentially crashing the server. Connected IBM bulletins/CPD advisories tie this set to IBM Db2...

CVE-2023-37154

CVE-2023-37154 affects Nagios nagios-plugins 2.4.5, where check_by_ssh allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with ${IFS}. The issue is noted as categorized both as fixed in commit e8810de and as intended behavior; exploitation details are not pr...

CVE-2024-31318

CVE-2024-31318 affects Android’s CompanionDeviceManagerService.java. The flaw is a missing permission check that could allow pairing a companion device without user acceptance, enabling local elevation of privilege with no extra execution privileges required. User interaction is not needed for ex...

CVE-2024-31317

CVE-2024-31317 is a Zygote command-injection vulnerability affecting Android 9–13, enabling a non-privileged app with WRITE_SECURE_SETTINGS to trigger code execution in the Zygote process via unsafe deserialization and manipulated Zygote arguments (e.g., runtime-flags, hidden_api_blacklist_exempt...

CVE-2024-23696

The CVE-2024-23696 issue is tied to the RGXCreateZSBufferKM function in rgxta3d.c, where a use-after-free leads to possible arbitrary code execution and local elevation of privilege in the kernel. Exploitation reportedly requires local access with no extra privileges and no user interaction. Conn...

CVE-2023-50807

CVE-2023-50807 concerns Samsung Wearable Processor and Modems (Exynos 9110; Exynos Modem 5123; Exynos Modem 5300). The issue is an out-of-bounds write on the heap in 2G, exploitable with no authentication. Multiple connected sources (NVD, Red Hat, CVE list, CNNVD, OSV) corroborate the same descri...

CVE-2023-47783

CVE-2023-47783 concerns Thrive Theme Builder (WordPress plugin) prior to version 3.24.0. The issue is described as Missing/Broken Access Control allowing authenticated users with Subscriber-level privileges to invoke a function intended for higher-privileged users, i.e., a lack of authorization c...