CVE-2023-42344

CVE-2023-42344 – OpenCms XXE vulnerability Affected software: Alkacon OpenCms prior to 10.5.1 (OpenCms versions reportedly 9.0.0 to 10.5.0 cited in some sources). Root cause: Unauthenticated XXE via a cmis-online/query endpoint in the Chemistry servlet, enabling access to sensitive information. I...

CVE-2023-52210

CVE-2023-52210 concerns the WordPress plugin “Product Delivery Date for WooCommerce – Lite” (Tyche) with versions up to 2.7.0. Connected patchstack data indicates the root cause is broken access control that allows unauthenticated access, potentially impacting availability or operation. A fix is ...

CVE-2023-32246

CVE-2023-32246 refers to a race in ksmbd where rcu_barrier() is not invoked during module unload, potentially allowing unloading with pending RCU callbacks and unintended kernel code execution. Multiple sources indicate the vulnerability has been resolved in the Linux kernel; no exploitation deta...

Fedora: Security Advisory (FEDORA-2024-3c18fe0d93)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-7239

CVE-2023-7239 affects the WordPress WP Dashboard Notes plugin prior to 1.0.11. The vulnerability arises because the wpdn_update_note AJAX action does not validate that the requesting user has access to the specified post_id, enabling users with a Contributor role or higher to update notes created...

CVE-2023-7174

CVE-2023-7174 affects the WordPress plugin aBitGone CommentSafe (versions ≤ 1.0.0). The vulnerability arises from missing CSRF checks, lack of sanitisation and escaping, enabling a logged‑in admin to store XSS payloads via CSRF. Public documentation indicates the issue is present in 1.0.0 and ear...

openSUSE Security Advisory (SUSE-SU-2025:1369-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-46612

CVE-2023-46612 describes a Missing Authorization vulnerability in the Mediabay Mediabay-lite WordPress plugin. The issue is a broken/insufficient access control that could allow unauthorized actions within Mediabay’s file management/features. Technical details in connected sources confirm affecte...

CVE-2023-46083

CVE-2023-46083 concerns the Kali Forms WordPress plugin (Contact Form builder with drag & drop). Affected versions are Kali Forms

CVE-2023-46073

CVE-2023-46073 (DX Delete Attached Media) is a WordPress plugin vulnerability in which versions <= 2.0.5.1 expose Broken Access Control (Missing Authorization) via CSRF/bypass scenarios. The Patchstack entry confirms affected software (DX Delete Attached Media plugin), the root cause (broken a...

CVE-2023-41870

CVE-2023-41870 affects the WP Crowdfunding plugin by Themeum (WordPress) up to version 2.1.5. The issue is a Missing Authorization/Improper Access Control vulnerability caused by incorrectly configured access control security levels, enabling unauthorized access to restricted areas. Red Hat and P...

CVE-2023-40001

CVE-2023-40001 affects the WordPress plugin iThemes Sync (vulnerable:

CVE-2023-28689

CVE-2023-28689 : WordPress plugin JS Job Manager (versions

CVE-2023-20093

CVE-2023-20093 : Three vulnerabilities in the Cisco TelePresence CE and RoomOS CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local file system by placing a symbolic link in a specific location. Root cause: improper access controls on local files. Preconditio...

CVE-2024-36041

The CVE-2024-36041 issue affects KDE Plasma Workspace (plasma-workspace) prior to 5.27.11.1 and 6.x prior to 6.0.5.1, where KSmserver incorrectly accepts ICE connections from localhost, allowing a local attacker to gain access to the session manager and potentially execute code on the victim at t...

CVE-2023-48759

CVE-2023-48759 is a Missing Authorization vulnerability in Crocoblock JetElements For Elementor (affected: Elementor JetElements <= 2.6.13). The issue allows unauthenticated users to download arbitrary attachments due to a missing authorization check on the download path (arbitrary attachment ...

CVE-2023-52217

CVE-2023-52217 is a Missing Authorization (Broken Access Control) vulnerability in the WordPress plugin “WooCommerce Conversion Tracking.” Affected are versions up to 2.0.11; the issue stems from missing authorization controls in the plugin’s operations. The CVE entry notes a patch is available i...

CVE-2024-3555

CVE-2024-3555 affects the WordPress plugin “Social Link Pages: link-in-bio landing pages for your social media profiles”. The root cause is a missing capability check in import_link_pages() across versions up to and including 1.6.9, enabling unauthenticated attackers to create arbitrary pages and...

CVE-2024-23665

CVE-2024-23665 : FortiWeb contains multiple improper authorization vulnerabilities (CWE-285) that allow an authenticated attacker to perform unauthorized ADOM operations via crafted requests. Affected FortiWeb versions are 7.4.2 and below, 7.2.7 and below, 7.0.10 and below, 6.4.3 and below, and 6...

CVE-2024-34002

Summary (CVE-2024-34002) In Moodle, in shared hosting environments misconfigured to expose other users’ content, a user with both access to restore feedback modules and direct access to the web server outside of Moodle’s webroot can trigger a local file include (LFI). Multiple connected sources (...