30 matches found
CVE-2024-2643
CVE-2024-2643 affects the WordPress plugin My Sticky Bar prior to version 2.6.8. The issue is a failure to sanitize/escape certain settings, enabling stored cross-site scripting (Stored XSS) by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, such as in multisite setup...
CVE-2019-16151
Fortinet FortiOS 6.4.1 and below and FortiOS 6.2.9 and below are affected by an improper neutralization of input during web page generation (CWE-79). A remote unauthenticated attacker can exploit a crafted Host header to redirect users to malicious sites or to execute JavaScript in the victim’s b...
CVE-2023-45760
CVE-2023-45760: wpDiscuz
CVE-2020-9222
CVE-2020-9222 affects Huawei FusionCompute. The vulnerability is a privilege-escalation issue caused by insufficient verification of specific files during deserialization, enabling local attackers to elevate permissions. Affected product/component: Huawei FusionCompute; root cause: improper deser...
CVE-2023-41857
CVE-2023-41857 affects the WordPress Click To Tweet plugin up to version 2.0.14, described as a Missing Authorization / Broken Access Control vulnerability. The initial description and connected entries do not provide an explicit remediation or patched version. CVSS v3.1 base score is 5.4 (Medium...
CVE-2023-41695
CVE-2023-41695 is a WordPress plugin issue in Analytify (
CVE-2023-47838
CVE-2023-47838 affects the WordPress plugin Conditional Fields for Contact Form 7 (cf7-conditional-fields). Root cause: Missing Authorization / Broken Access Control due to incorrectly configured access control levels, allowing exploitation by low-privilege users. Affected versions:
CVE-2018-9426
CVE-2018-9426 summary (concrete details from connected docs) Root cause: In RSAKeyPairGenerator.getNumberOfIterations (RSAKeyPairGenerator.java), an incorrect implementation can produce weak RSA key pairs. Impact: Crypto vulnerability with no additional execution privileges; no user interaction r...
CVE-2018-9423
CVE-2018-9423 affects the Media framework component (ihevcd_parse_slice_header.c) where a missing bounds check allows an out-of-bounds read, leading to DoS. Exploitation requires user interaction. Several connected sources (NVD/Red Hat/Android bulletin) confirm the issue and cite the root cause. ...
CVE-2018-11922
Technical details (affected product/version, root cause, impact, fixes) for CVE-2018-11922 are not publicly available in the provided connected documents. Monitor for updates from vendors and security bulletins.
CVE-2022-20633
Cisco ECE (Enterprise Chat and Email) web-based management interface is affected by CVE-2022-20633. The issue arises from differences in authentication responses during login, enabling unauthenticated remote attackers to perform username enumeration and confirm existing user accounts. The vulnera...
CVE-2024-2884
CVE-2024-2884 describes an out-of-bounds read in V8 (Chrome’s JavaScript engine) that could be triggered by a crafted HTML page. Affected product: Google Chrome (Linux/Mac/Windows) with versions prior to 121.0.6167.139. Root cause is an out-of-bounds memory access in V8, allowing remote attackers...
CVE-2023-44234
CVE-2023-44234 affects the WordPress WP GPX Maps plugin (WP GPX Maps) up to version 1.7.08. Root cause: Missing Authorization (Broken Access Control) allows access to resources without proper permission validation. Documented severity is low (CVSS ~4.3). Public references indicate the vulnerabili...
CVE-2024-25095
CVE-2024-25095 affects WordPress plugin Easy Forms for Mailchimp (
CVE-2023-51511
CVE-2023-51511 involves Booster Elite for WooCommerce (Pluggabl LLC) with an improper authentication vulnerability that allows accessing functionality not properly constrained by ACLs. Affected software: Booster Elite for WooCommerce prior to version 7.1.3. Public references indicate a base CVSS ...
CVE-2023-41651
CVE-2023-41651 corresponds to a WordPress plugin vulnerability in the Multi-column Tag Map plugin (versions
CVE-2023-38104
CVE-2023-38104 affects GStreamer realmedia parsing: the MDPR chunk parsing path allows an integer overflow when allocating buffers, enabling remote code execution in the context of the affected process. The vulnerability is network-remote with no user authentication required and requires user int...
CVE-2020-38712
The IBM bulletin ties CVE-2020-38712 to SOAPAction spoofing in JAX-WS Web Services processing, affecting IBM WebSphere Application Server and IBM Security Verify Governance/Identity Manager component. Affected products include WebSphere Application Server versions 9.0, 8.5, 8.0, and 7.0, and the ...
CVE-2018-14578
The connected Veracode entry identifies a concrete vulnerability in yiisoft/yii2: CSRF due to unvalidated request methods in yii\web\Request::getMethod(), allowing an attacker to bypass CSRF token checks by downgrading the HTTP method to read methods such as GET, HEAD or OPTIONS.
CVE-2018-1681
CVE-2018-1681 affects IBM Data Science Experience Local. The IBM security bulletin confirms a vulnerability that could disclose highly sensitive information to a local unprivileged user. Affected versions are IBM Data Science Experience Local 1.1.0, 1.1.1, 1.1.2, 1.1.3, and 1.2.0. The remediation...