CVE-2023-35685

CVE-2023-35685 describes a logic error in DevmemIntMapPages within the file devicemem_server.c that can cause a physical page use-after-free. This USE-After-FREE condition could enable local privilege escalation in the kernel without requiring additional execution privileges or user interaction. ...

PT-2025-4363

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a null pointer dereference in the Linux kernel's bnxt driver. This occurs when the XDP eXpress Data Path is detached, and the features are not recalculated, leadi...

CVE-2024-56765

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/vas: Add close callback in vasvmops struct The mapping VMA address is saved in VAS window struct when the paste address is mapped. This VMA address is used during migration to unmap the paste address if the window...

CVE-2024-5594

OpenVPN before 2.6.11 does not santize PUSHREPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs...

CVE-2024-5594

OpenVPN before 2.6.11 does not santize PUSHREPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs...

CVE-2023-47778

CVE-2023-47778 concerns LuckyWP Scripts Control for WordPress. The vulnerability is a Missing Authorization/Broken Access Control issue in LuckyWP Scripts Control versions

CVE-2023-47807

CVE-2023-47807 — Missing Authorization in WordPress plugin 10WebAnalytics (

CVE-2023-48739

CVE-2023-48739 affects the Porto Theme - Functionality WordPress plugin (pre-2.12.1). The issue is a Missing/Broken Access Control vulnerability allowing unauthenticated access due to incorrectly configured authorization. The CVSSv3.1 base score is 5.3 (Medium) with Low availability impact per Pa...

CVE-2023-48758

CVE-2023-48758 affects Crocoblock JetEngine WordPress plugin. Versions

CVE-2023-47692

CVE-2023-47692 is a WordPress Flo Forms plugin vulnerability (affected versions

CVE-2023-47693

CVE-2023-47693 affects Themefic Ultimate Addons for Contact Form 7 (plugin:Ultimate Addons for Contact Form 7) up to version 3.2.6. The issue is a Broken Access Control allowing unauthenticated access due to misconfigured authorization. CVSS v3.1 base score cited as 7.5 (HIGH). Patch guidance fro...

CVE-2023-47689

CVE-2023-47689 corresponds to a Missing Authorization (Broken Access Control) issue in the WordPress Animator plugin (versions <= 3.0.10) where unauthenticated users can change plugin settings. The vulnerability is documented with CVSS 3.1/6.5 (Medium) and is explicitly mitigated by a fix in v...

CVE-2023-47648

CVE-2023-47648: WordPress plugin EazyDocs (Spider Themes)

CVE-2023-47661

CVE-2023-47661 affects Dragfy Addons for Elementor (WordPress) and is a Missing Authorization/Broken Access Control issue. Affected versions are Dragfy Addons for Elementor

CVE-2023-47557

CVE-2023-47557 refers to a Missing Authorization vulnerability in the WordPress plugin Visitors Traffic Real Time Statistics (versions

CVE-2023-47647

CVE-2023-47647 corresponds to a Missing Authorization (Broken Access Control) vulnerability in LearningTimes BadgeOS, affecting BadgeOS up to version 3.7.1.6. The issue originates from misconfigured access control levels, enabling unauthorized actions. Reported CVSS 3.1 base score 4.3 (Medium). C...

CVE-2023-47515

CVE-2023-47515 concerns the WordPress plugin “Seers – GDPR & CCPA Cookie Consent & Compliance”. Connected sources confirm a Missing Authorization/Broken Access Control issue affecting Seers versions up to 8.1.1, allowing unauthenticated access to configured security levels. The root cause is insu...

CVE-2023-47241

CVE-2023-47241 relates to a Missing Authorization / Broken Access Control vulnerability in the CoCart – Headless ecommerce plugin (WordPress) up to version 3.11.2. Public sources (Patchstack, RH, NVD) confirm unauthenticated access level with an attacker able to exploit improper access control. T...

CVE-2023-47224

CVE-2023-47224 relates to a Missing Authorization vulnerability in the WordPress plugin WP Travel (WP Travel)

CVE-2023-47188

CVE-2023-47188 affects the WordPress plugin Simple Job Board (versions