231554 matches found
CVE-2022-41656
CVE-2022-41656 describes a Missing Authorization vulnerability in the WordPress plugin Account Manager for WooCommerce . Affected versions are up to 2.1.2 (per CVE notices) with a broken access control that allows exploiting incorrectly configured access levels. The core issue is missing authoriz...
CVE-2023-42343
OpenCMS before 10.5.1 is vulnerable to a Cross-Site Scripting (XSS) issue via the CMIS online endpoint cmis-online/type. The vulnerability is described across multiple connected sources (CVE-2023-42343, EUVD-2023-46796, NVD/NVDC, and nuclei templates) as an XSS flaw in the /opencms/cmisatom/cmis-...
CVE-2023-42344
CVE-2023-42344 – OpenCms XXE vulnerability Affected software: Alkacon OpenCms prior to 10.5.1 (OpenCms versions reportedly 9.0.0 to 10.5.0 cited in some sources). Root cause: Unauthenticated XXE via a cmis-online/query endpoint in the Chemistry servlet, enabling access to sensitive information. I...
CVE-2026-3109
creationtimestamp| type| source ---|---|--- 2026-03-27 03:00:09+00:00| seen| https://nvd.nist.gov/vuln/detail/CVE-2026-4274...
CVE-2024-31328
CVE-2024-31328 is documented in Wear OS/Android Wear context. A logic error in the function broadcastIntentLockedTraced of BroadcastController.java may allow launching arbitrary activities from the background on the paired companion phone, resulting in local elevation of privilege without additio...
Exploit for CVE-2023-1234
Poc Hunter A vulnerability/proof of concept PoC search tool...
PT-2026-1869
Name of the Vulnerable Software and Affected Versions Intelbras CFTV IP NVD 9032 R Ftd version 2.800.00IB00C.0.T Description A security issue exists in Intelbras CFTV IP NVD 9032 R Ftd version 2.800.00IB00C.0.T that allows an unauthenticated attacker to bypass the multi-factor authentication MFA...
CVE-2024-23511
CVE-2024-23511 describes a DOM-based XSS in POSIMYTH The Plus Addons for Elementor Page Builder Lite. Affected product: The Plus Addons for Elementor Page Builder Lite (WordPress plugin) with versions up to and including 5.3.3. Root cause: improper input handling during web page generation leadin...
CVE-2023-52212
CVE-2023-52212 describes a Cross-Site Request Forgery (CSRF) vulnerability in Automattic WP Job Manager, affecting versions up to 2.0.0. The connected sources identify WP Job Manager as the affected product, with the root cause being CSRF in the plugin’s handling of requests, enabling CSRF under ...
CVE-2023-50897
CVE-2023-50897 concerns the WordPress plugin Media File Renamer (WordPress plugin “Media File Renamer”). The vulnerability is described as an Unrestricted Upload of File with Dangerous Type that enables an attacker to perform an arbitrary file rename, which can lead to a Remote Code Execution (RC...
CVE-2023-49186
CVE-2023-49186 affects the WordPress plugin Machic Core (
CVE-2023-41656
CVE-2023-41656 is a broken access control vulnerability in the WordPress plugin Better Elementor Addons up to version 1.3.7, allowing exploitation of incorrectly configured access control security levels. The issue is categorized as Missing Authorization with a CVSSv3.1 base score of 5.4 (Medium)...
CVE-2024-24844
CVE-2024-24844 concerns WordPress PowerPack Pro for Elementor (plugin), where versions up to and including 2.10.6 are affected by a missing authorization issue that allows unauthenticated exploitation of misconfigured access control, enabling unauthorized changes to plugin settings. The root caus...
CVE-2023-52210
CVE-2023-52210 concerns the WordPress plugin “Product Delivery Date for WooCommerce – Lite” (Tyche) with versions up to 2.7.0. Connected patchstack data indicates the root cause is broken access control that allows unauthenticated access, potentially impacting availability or operation. A fix is ...
CVE-2023-47232
Affected software: WordPress plugin WP Affiliate Disclosure (wp-affiliate-disclosure). Vulnerability type & root cause: Broken access control exposing limited operations to subscribers due to CSRF-like issues in check_capability, as reported for versions up to 1.2.6. Impact: Unauthorized changes ...
SUSE: Security Advisory (SUSE-SU-2025:3699-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-3867
In CVE-2023-3867, the Linux kernel ksmbd SMB2 session setup function smb2_sess_setup could perform an out-of-bounds read when a compound SMB2 request contains a second payload, enabling an OOB read while processing the first payload. The issue is tied to not handling the case where smb2 session s...
CVE-2023-3866
CVE-2023-3866 : In the Linux kernel ksmbd, the compound-request handling failed to validate session and tree identifiers if the first operation is not an SMB2 ECHO. This could allow a NULL dereference when a subsequent operation accesses work->sess or work->tcon, leading to a local impact. ...
CVE-2023-3865
CVE-2023-3865 affects the ksmbd component of the Linux kernel (smb2_write). Root cause: ksmbd_smb2_check_message does not validate hdr->NextCommand; if NextCommand > Offset+Length of smb2 write, an oversized length allows an out-of-bounds read in smb2_write. Implication: out-of-bounds read ...
CVE-2023-32249
CVE-2023-32249 affects the Linux kernel ksmbd component. The issue is mitigated by a patch that returns STATUS_NOT_SUPPORTED when the binding session is a guest on multichannel, effectively disallowing guest access for that path. The NVD metrics classify the impact as locally exploitable with low...