CVE-2023-46080

CVE-2023-46080 : WordPress plugin ApplyOnline – Application Form Builder and Manager

CVE-2023-46073

CVE-2023-46073 (DX Delete Attached Media) is a WordPress plugin vulnerability in which versions <= 2.0.5.1 expose Broken Access Control (Missing Authorization) via CSRF/bypass scenarios. The Patchstack entry confirms affected software (DX Delete Attached Media plugin), the root cause (broken a...

CVE-2023-45760

CVE-2023-45760: wpDiscuz

CVE-2023-45636

CVE-2023-45636 concerns the WordPress plugin WordPress Backup & Migration (wp-migration-duplicator)

CVE-2023-45275

The CVE-2023-45275 entry refers to a Missing Authorization / Broken Access Control issue in the WordPress Kali Forms plugin (Contact Form builder with drag & drop). Affected versions are Kali Forms through 2.3.28; the vulnerability stems from an access-control weakness that could be exploited by ...

CVE-2023-45271

The CVE-2023-45271 entry concerns the WordPress plugin ProductX – Gutenberg WooCommerce Blocks (

CVE-2023-45110

CVE-2023-45110 concerns Bold Timeline Lite (WordPress plugin) with a Missing Authorization/Broken Access Control vulnerability present up to version

CVE-2023-45101

CVE-2023-45101 affects CusRev Customer Reviews for WooCommerce (WordPress) up to version 5.36.0. The issue is described as Missing Authorization / Broken Access Control, arising from incorrectly configured access control security levels. Connected sources indicate a low-severity impact (CVSS 4.3,...

CVE-2023-45104

CVE-2023-45104 describes a Missing Authorization vulnerability in the WPDeveloper BetterLinks plugin, affecting versions

CVE-2023-45045

CVE-2023-45045 concerns the WP Custom Widget area plugin for WordPress (versions up to and including 1.2.5). The issue is a Missing Authorization (Broken Access Control) vulnerability that arises from incorrectly configured access control security levels, enabling improper access by users with su...

CVE-2023-48775

CVE-2023-48775 affects the WordPress WP Cleanfix plugin, specifically versions through 5.6.2. The root cause is a Missing Authorization / Broken Access Control vulnerability in the plugin’s access checks, enabling exploitation due to incorrectly configured security levels. The CVSSv3.1 base score...

CVE-2024-56590

A use-after-free vulnerability was found in the Linux kernel. The Bluetooth firmware isn't checked if skb contains an ACL header, otherwise the code may attempt to access some uninitialized or invalid memory past the valid skb-data. Mitigation Mitigation for this issue is either not available or...

CVE-2024-56693

In the Linux kernel, the following vulnerability has been resolved: brd: defer automatic disk creation until module initialization succeeds My colleague Wupeng found the following problems during fault injection: BUG: unable to handle page fault for address: fffffbfff809d073 PGD 6e648067 P4D...

CVE-2022-48470

CVE-2022-48470 affects Huawei HiLink AI Life; an identity authentication bypass could allow attackers to access restricted functions. This is associated with HWPSIRT-2022-42291. Documents identify the affected product and vulnerability class but do not provide explicit patch versions or detailed ...

CVE-2020-1823

CVE-2020-1823 relates to multiple out-of-bounds (OOB) read vulnerabilities in Huawei devices’ Common Open Policy Service (COPS) protocol implementation. The issue arises from the decoding function processing incoming data packets, potentially enabling disruption of service on affected devices. Th...

CVE-2020-1820

CVE-2020-1820 is part of seven Huawei-related OOB read vulnerabilities in the COPS protocol implementation. The Huawei PSIRT advisory describes multiple decoding functions that may read beyond bounds when processing an incoming COPS data packet, potentially disrupting service on affected devices....

CVE-2024-56588 scsi: hisi_sas: Create all dump files during debugfs initialization

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Create all dump files during debugfs initialization For the current debugfs of hisisas, after user triggers dump, the driver allocate memory space to save the register information and create debugfs files to displa...

CVE-2024-56587

CVE-2024-56587: In the Linux kernel, a NULL pointer dereference can occur in the LEDs class when brightness_show() accesses led->cdev attributes without proper synchronization. The issue arises during inter-process interaction when a HID device creates a led and a subsequent access from anothe...

CVE-2024-53173 NFSv4.0: Fix a use-after-free problem in the asynchronous open()

In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open Yang Erkun reports that when two threads are opening files at the same time, and are forced to abort before a reply is seen, then the call to nfsreleaseseqid in...

CVE-2020-9253

CVE-2020-9253 corresponds to a Huawei stack-overflow vulnerability in certain Huawei smartphones (HWPSIRT-2019-11030). The issue allows an attacker to craft a specific packet to tamper with information and impact availability due to insufficient input verification. Documented impact is availabili...