CVE-2020-9695

CVE-2020-9695 is an out-of-bounds write vulnerability in Adobe Acrobat/Reader. Affects multiple releases (e.g., Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier) and related Acrobat products. Root cause: out-of-bounds write in the affected code pa...

CVE-2020-9711

CVE-2020-9711 describes an out-of-bounds read (CWE-125) in Adobe Acrobat/Reader. Affected products include multiple lines of Acrobat/Reader: DC Continuous and Classic channels, across 2015, 2017, 2020 release families (e.g., 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earli...

CVE-2020-9713

CVE-2020-9713 is an out-of-bounds read (CWE-125) in Adobe Acrobat and Reader. Affected are versions including 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier. The vulnerability could disclose sensitive memory and requires user interaction (vi...

CVE-2024-32729

CVE-2024-32729 concerns WordPress ChatBot Conversational Forms (QuantumCloud Conversational Forms for ChatBot)

CVE-2024-33685

Technical details for CVE-2024-33685 (WordPress Startupzy theme) are not publicly provided in the supplied documents. No confirmed affected versions, root cause, impact, or remediation are stated here; monitor official advisories for updates.

CVE-2022-44630

The CVE-2022-44630 entry pertains to the WordPress plugin YITH WooCommerce Product Slider Carousel (vulnerable:

CVE-2022-26758

CVE-2022-26758: macOS Monterey before 12.4 is affected by a memory corruption issue that may allow a malicious application to cause unexpected changes in memory shared between processes. The vulnerability is addressed in macOS Monterey 12.4 with improved state management. The CVE entry notes a lo...

CVE-2023-42344

CVE-2023-42344 – OpenCms XXE vulnerability Affected software: Alkacon OpenCms prior to 10.5.1 (OpenCms versions reportedly 9.0.0 to 10.5.0 cited in some sources). Root cause: Unauthenticated XXE via a cmis-online/query endpoint in the Chemistry servlet, enabling access to sensitive information. I...

CVE-2024-32537

CVE-2024-32537 is a CSRF vulnerability in the Flash Video Player plugin for WordPress (joshuae1974). Public description indicates the issue affects Flash Video Player versions from unspecified earliest through 5.0.4. Connected sources confirm a CSRF flaw; Red Hat and CVE feeds reiterate the same,...

CVE-2024-31088

CVE-2024-31088 affects WordPress plugin AdsPlace’r – Ad Manager, Inserter, AdSense Ads (WPShop.Ru AdsPlace’r) up to version 1.1.5. Vulnerability is DOM-based XSS due to improper input handling during web page generation, enabling cross-site scripting within the context of a user’s browser. Public...

CVE-2023-52210

CVE-2023-52210 concerns the WordPress plugin “Product Delivery Date for WooCommerce – Lite” (Tyche) with versions up to 2.7.0. Connected patchstack data indicates the root cause is broken access control that allows unauthenticated access, potentially impacting availability or operation. A fix is ...

CVE-2024-32832

The CVE-2024-32832 entry corresponds to a Broken Access Control vulnerability in the WordPress plugin Login with phone number (versions

CVE-2023-32246

CVE-2023-32246 refers to a race in ksmbd where rcu_barrier() is not invoked during module unload, potentially allowing unloading with pending RCU callbacks and unintended kernel code execution. Multiple sources indicate the vulnerability has been resolved in the Linux kernel; no exploitation deta...

CVE-2023-32256

The CVE-2023-32256 entry describes a race condition in the Linux kernel ksmbd component where a race between smb2 close and logoff on multichannel connections can cause a use-after-free. This affects the Linux kernel ksmbd implementation; the vulnerability details include the potential for a secu...

CVE-2014-6274

git-annex vulnerability CVE-2014-6274: when using S3/Glacier remotes with embedcreds=yes and encryption=pubkey or encryption=hybrid, AWS credentials were stored in the repository in plaintext rather than encrypted. Affected range: 3.20121126 through 5.20140919. Impact: anyone with a copy of the r...

CVE-2024-4025

CVE-2024-4025 describes a DoS in GitLab CE/EE across all versions up to fixed points: 7.10–16.11.4, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1, triggered by processing a crafted Markdown page. The issue's impact is high (availability loss) per CVSS; no exploitation details are provided in the...

CVE-2024-2643

CVE-2024-2643 affects the WordPress plugin My Sticky Bar prior to version 2.6.8. The issue is a failure to sanitize/escape certain settings, enabling stored cross-site scripting (Stored XSS) by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, such as in multisite setup...

CVE-2023-7239

CVE-2023-7239 affects the WordPress WP Dashboard Notes plugin prior to 1.0.11. The vulnerability arises because the wpdn_update_note AJAX action does not validate that the requesting user has access to the specified post_id, enabling users with a Contributor role or higher to update notes created...

CVE-2023-7174

CVE-2023-7174 affects the WordPress plugin aBitGone CommentSafe (versions ≤ 1.0.0). The vulnerability arises from missing CSRF checks, lack of sanitisation and escaping, enabling a logged‑in admin to store XSS payloads via CSRF. Public documentation indicates the issue is present in 1.0.0 and ear...

CVE-2024-4877

CVE-2024-4877 (OpenVPN) : A Windows vulnerability affecting OpenVPN 2.4.0–2.6.10 where an external, less-privileged process can create a named pipe that the OpenVPN GUI component connects to, enabling privilege escalation. The issue is specific to the Windows GUI interaction with the named pipe m...