CVE-2023-52461 drm/sched: Fix bounds limiting when given a malformed entity

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix bounds limiting when given a malformed entity If we're given a malformed entity in drmschedentityinit--shouldn't happen, but we verify--with out-of-bounds priority value, we set it to an allowed value. Fix the...

CVE-2023-52461

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix bounds limiting when given a malformed entity If we're given a malformed entity in drmschedentityinit--shouldn't happen, but we verify--with out-of-bounds priority value, we set it to an allowed value. Fix the...

CVE-2023-52461 drm/sched: Fix bounds limiting when given a malformed entity

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix bounds limiting when given a malformed entity If we're given a malformed entity in drmschedentityinit--shouldn't happen, but we verify--with out-of-bounds priority value, we set it to an allowed value. Fix the...

WordPress Colibri Page Builder Plugin <= 1.0.253 is vulnerable to Cross Site Request Forgery (CSRF)

Software Colibri Page Builder Type Plugin Vulnerable versions = 1.0.253 Fixed in 1.0.260 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1361 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ba2ec46e6e74 Credits Lucio Sá...

WordPress Play.ht Plugin <= 3.6.4 is vulnerable to PHP Object Injection

Software Play.ht Type Plugin Vulnerable versions = 3.6.4 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1772 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 571b81755147 Credits Francesco Carlucci Required privilege Contribut...

CVE-2023-52461

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix bounds limiting when given a malformed entity If we're given a malformed entity in drmschedentityinit--shouldn't happen, but we verify--with out-of-bounds priority value, we set it to an allowed value. Fix the...

WordPress Ultimate Member Plugin 2.1.3-2.8.2 is vulnerable to SQL Injection

Software Ultimate Member Type Plugin Vulnerable versions 2.1.3-2.8.2 Fixed in 2.8.3 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-1071 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d52d7ae096c8 Credits Christiaan Swiers Required privilege...

WordPress Academy LMS Plugin <= 1.9.19 is vulnerable to Privilege Escalation

Software Academy LMS Type Plugin Vulnerable versions = 1.9.19 Fixed in 1.9.20 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-1505 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 65c72fe58c1f Credits Lucio Sá Required privilege...

WordPress Tutor LMS Plugin <= 2.6.0 is vulnerable to Broken Access Control

Software Tutor LMS Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1133 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f48325f20ce3 Credits drop Required privilege Subscriber...

WordPress File Manager Pro Plugin <= 8.3.4 is vulnerable to Cross Site Scripting (XSS)

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.4 Fixed in 8.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7015 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 809f77f5638f Credits Tobias Weißhaar...

WordPress Cost of Goods for WooCommerce Plugin <= 3.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Cost of Goods for WooCommerce Type Plugin Vulnerable versions = 3.2.8 Fixed in 3.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0821 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 06f40e6d3a9e Credits...

WordPress wpDataTables Plugin <= 3.4.2.4 is vulnerable to Cross Site Scripting (XSS)

Software wpDataTables Type Plugin Vulnerable versions = 3.4.2.4 Fixed in 3.4.2.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0591 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 8b3b0085c333 Credits stealthcopter Required...

WordPress Tutor LMS Plugin <= 2.6.0 is vulnerable to Content Injection

Software Tutor LMS Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.1 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-1128 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4f8a158bf40f Credits drop Required privilege Student Published 21 Februar...

WordPress Product Catalog Enquiry for WooCommerce by MultiVendorX Plugin <= 5.0.5 is vulnerable to Broken Access Control

Software Product Catalog Enquiry for WooCommerce by MultiVendorX Type Plugin Vulnerable versions = 5.0.5 Fixed in 5.0.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-25929 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID...

WordPress Oliver POS Plugin <= 2.4.2.0 is vulnerable to Broken Access Control

Software Oliver POS Type Plugin Vulnerable versions = 2.4.2.0 Fixed in 2.4.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0702 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 77e616eb4620 Credits Francesco Carlucci Required...

WordPress WPify Woo Czech Plugin <= 4.0.8 is vulnerable to Broken Access Control

Software WPify Woo Czech Type Plugin Vulnerable versions = 4.0.8 Fixed in 4.0.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1492 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e2dc6ee494b6 Credits Francesco Carlucci Required...

WordPress Coming Soon Maintenance Mode Plugin <= 1.0.5 is vulnerable to Sensitive Data Exposure

Software Coming Soon Maintenance Mode Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-1475 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6da3f77ac231 Credits Francesco...

WordPress Password Protected Plugin <= 2.6.6 is vulnerable to Cross Site Scripting (XSS)

Software Password Protected Type Plugin Vulnerable versions = 2.6.6 Fixed in 2.6.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0656 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7a68f344cd36 Credits Felipe Restrepo...

WordPress Schema & Structured Data for WP & AMP Plugin <= 1.26 is vulnerable to Broken Access Control

Software Schema & Structured Data for WP & AMP Type Plugin Vulnerable versions = 1.26 Fixed in 1.27 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1288 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID aef94ec88b0d Credits Ngô Thiên ...

CVE-2023-45918

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...