CVE-2023-38399

CVE-2023-38399 concerns a Local File Inclusion (path traversal) in WordPress plugin Phlox Portfolio by Averta. The vulnerability affects Phlox Portfolio versions up to 2.3.1 and is exploitable without authentication due to improper limitation of a pathname to a restricted directory. Patchstack an...

CVE-2023-37888

CVE-2023-37888 affects the WordPress plugin Shortcodes and extra features for Phlox theme . It is a Path Traversal (PHP Local File Inclusion) vulnerability that allows unauthenticated attackers to include local files. Affected versions are up to and including 2.14.0; the vendor/maintainer fixed i...

CVE-2023-25050

CVE-2023-25050 affects WordPress Shortcodes Ultimate (versions n/a through 5.12.6). The vulnerability is an Improper Limitation of a Pathname to a Restricted Directory (path traversal) that enables Absolute Path Traversal. Public sources (Patchstack; CVE records; Red Hat advisory) confirm the iss...

CVE-2023-23645

CVE-2023-23645 affects the WordPress plugin MainWP Code Snippets Extension (versions

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the occurrence of a deadlock problem...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a double-release problem with net:atlantic...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from the presence of an overflow problem...

Doctrine DBAL SQL injection possibility

The identifier quoting in Doctrine DBAL has a potential security problem when user-input is passed into this function, making the security aspect of this functionality obsolete. If you make use of AbstractPlatform::quoteIdentifier or Doctrine::quoteIdentifier please upgrade immediately. The ORM...

GHSA-76W8-MQX4-WJRF Doctrine DBAL SQL injection possibility

The identifier quoting in Doctrine DBAL has a potential security problem when user-input is passed into this function, making the security aspect of this functionality obsolete. If you make use of AbstractPlatform::quoteIdentifier or Doctrine::quoteIdentifier please upgrade immediately. The ORM...

CVE-2021-32026

CVE-2021-32026 affects the NATS server (nats-server) prior to version 2.2.3. The issue arises when TLS parameters are supplied via CLI flags, which overrides the default restricted ciphersuite settings and allows negotiation of all ciphersuites supported by Go. The documented impact is potential ...

CVE-2023-33327

CVE-2023-33327 refers to a high-severity Privilege Escalation in the WordPress Leyka plugin (versions

CVE-2024-27281

CVE-2024-27281 affects Ruby/RDoc: parsing .rdoc_options as YAML allows object injection and remote code execution due to unrestrained class restoration (and also if a crafted cache is loaded). Affected RDoc versions are 6.3.3–6.6.2; fixed in RDoc 6.6.3.1 (and vendor-specific bumps: Ruby 3.0 users...

CVE-2024-27280

CVE-2024-27280 describes a buffer-overread in StringIO. The ungetbyte/ungetc methods can read past end, causing StringIO.gets to return memory values. Affected: Ruby 3.0.x up to 3.0.6 and 3.1.x up to 3.1.4; fixed in Ruby 3.0.x by stringio 3.0.1.1 for 3.0 users, and in Ruby 3.1.x by stringio 3.0.1...

CVE-2023-41651

CVE-2023-41651 corresponds to a WordPress plugin vulnerability in the Multi-column Tag Map plugin (versions

CVE-2024-0042

Technical details are not publicly available in the provided documents. No affected products/versions or remediation specifics are listed. Monitor for updates.

CVE-2024-0022

CVE-2024-0022 affects Android’s CompanionDeviceManagerService.java. The issue is improper input validation that can cause a NotificationAccessConfirmationActivity to be launched for another user profile, enabling local information disclosure without extra privileges and without user interaction. ...

CVE-2024-0027

The CVE-2024-0027 issue affects Google Android’s SnoozeHelper.java, where multiple methods can exhaust resources and cause a local boot loop/denial of service. Vulnerability details across connected sources consistently describe a DoS resulting from resource exhaustion with no extra privileges an...

CVE-2024-23694

CVE-2024-23694 is an Android Bluetooth elevation-of-privilege issue reported in Pixel/Android bulletins. The connected OSV entry details a use-after-free in a paired Bluetooth LE audio device that can enable code execution with no user interaction, on affected Pixel and non-Pixel Android devices....

CVE-2023-31234

CVE-2023-31234: Tilda Publishing WordPress plugin

Compatibility license - avoid mixed editions when renewing Universal HMC or Citrix for Private Cloud

What is the mixed edition problem? Mixed edition means combining Premium with Standard or Advanced editions, or Advanced with Standard editions on the same site. This also applies to mixing license types User/Device U/D and Concurrent CCU; for example Premium U/D with Premium CCU or Advanced U/D...