CVE-2023-52220

CVE-2023-52220 is a Missing Authorization/Broken Access Control vulnerability in the WordPress plugin Google Analytics by Monster Insights (versions

CVE-2023-51484

CVE-2023-51484 is an Improper Authentication vulnerability in the WordPress plugin Login as User or Customer (User Switching) that allows Privilege Escalation. Affected: wp-buy Login as User or Customer (User Switching) up to version 3.8. CVSS 3.1/3.1. Overall risk: 9.8 (CRITICAL) per the CVSS me...

CVE-2023-51478

CVE-2023-51478 (Build App Online) is substantiated by connected PT-secure sources: an improper authentication flaw allows unauthenticated privilege escalation leading to potential account takeover in Build App Online versions 1.0.19 and earlier. The affected software is Build App Online; exploita...

CVE-2023-6237

The CVE-2023-6237 entry concerns OpenSSL EVP_PKEY_public_check() performing an expensive verification on RSA public keys. The issue causes long delays (potential DoS) when keys of untrusted provenance are checked, notably when using the OpenSSL pkey tool with -pubin/-check. The impact is describe...

CVE-2023-20249

CVE-2023-20249 affects Cisco TelePresence Management Suite (TMS) web-based management interface. Affected component: the TMS web UI; root cause: insufficient input validation in the interface allows an authenticated, remote attacker to perform cross-site scripting (XSS). Impact: attacker can exec...

CVE-2023-20248

CVE-2023-20248 concerns Cisco TelePresence Management Suite (TMS) — Web-based management interface. The issue is an XSS vulnerability caused by insufficient input validation, exploitable by an authenticated, remote attacker who can insert malicious data in a specific data field in the interface. ...

CVE-2024-20313

CVE-2024-20313 affects Cisco IOS XE Software, specifically the OSPFv2 feature. The issue arises from improper validation of OSPF updates, allowing an unauthenticated, adjacent attacker to send a malformed OSPF update that can cause the device to reload and trigger a DoS. Connected sources corrobo...

CVE-2023-51477

CVE-2023-51477 describes an incomplete authentication flaw in the WordPress BuddyBoss Theme (v2.4.60 and earlier) that allows an unauthenticated actor to access functionality constrained by ACLs. The base metrics list a high-impact, critical-severity scenario (CVSS 3.1 vector: Network, Low attack...

CVE-2023-51425

CVE-2023-51425 affects the Rencontre – Dating Site WordPress plugin (

CVE-2023-51405

CVE-2023-51405 concerns the WordPress plugin BookingPress prior to version 1.0.75, where unauthenticated users could manipulate the booking price due to an improper validation in the bookingpress_confirm_booking flow. Affected versions are BookingPress up to 1.0.74; the vulnerability enables pric...

CVE-2023-48763

CVE-2023-48763 – JetFormBuilder Content Injection : An unauthenticated attacker can inject content via improper neutralization of script-related HTML tags in JetFormBuilder. Affected: WordPress JetFormBuilder versions up to 3.1.4. Root cause: content injection vulnerability (XSS-like) in dynamic ...

CVE-2022-45852

CVE-2022-45852 is a path traversal vulnerability in the WordPress WP-FormAssembly plugin affecting versions n/a through 2.0.5. It arises from improper limitation of a pathname to a restricted directory, allowing traversal to sensitive files. Documented impacts include (per sources) potential unau...

CBL Mariner 2.0 Security Update: azcopy / blobfuse2 / cert-manager / cf-cli (CVE-2024-24786)

The version of azcopy / blobfuse2 / cert-manager / cf-cli installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24786 advisory. - The protojson.Unmarshal function can enter an infinite loop when...

JADX file override vulnerability

Summary when jadx parses a resource file, there is an escape problem with the style file, which can overwrite other files in the directory when saving the decompile result. Although I don't think this vulnerability realizes path traversal in the true sense of the word , I reported it anyway Detai...

CVE-2023-50885

CVE-2023-50885 affects Store Locator WordPress (AGILESTORE LOCATOR) plugin for WordPress, with versions up to 1.4.14. It is an improper limitation of a pathname to a restricted directory (path traversal) vulnerability that can enable arbitrary file deletion. Red Hat and other sources corroborate ...

CVE-2023-4234

CVE-2023-4234 affects ofono (Open Source Telephony on Linux). The vulnerability is a stack-based buffer overflow triggered in decode_submit_report() during SMS decoding, with a bound check missing for the memcpy length in that function. Attack surface is plausible from a compromised modem, malici...

CVE-2023-51418

CVE-2023-51418 affects the JVM Gutenberg Rich Text Icons WordPress plugin. Public docs show a Missing Authorization vulnerability that enables authenticated users to perform unauthorized actions, including directory traversal leading to Arbitrary File Deletion or similar file operations, impactin...

CVE-2023-51500

CVE-2023-51500 affects Undsgn Uncode Core (

CVE-2024-26898

In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmdcfgpkts This patch is against CVE-2023-6270. The description of cve is: A flaw was found in the ATA over Ethernet AoE driver in the Linux kernel. The aoecmdcfgpkts function...

CVE-2023-44227

CVE-2023-44227 affects WordPress plugin Simple File List (Mitchell Bennis) up to version 6.1.9. Root cause: Missing/insufficient authorization controls allow unauthenticated users to delete arbitrary files via the plugin’s deletion functionality, enabling potential denial of service or data loss....