CVE-2024-55603 Insufficient session invalidation in Kanboard

Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler app/Core/Session/SessionHandler.php, to store the session data in a database...

CVE-2021-29827

CVE-2021-29827 | IBM InfoSphere Information Server 11.7 suffers a cross-frame scripting (clickjacking) vulnerability. A remote attacker could entice a user to a malicious page to hijack the user’s click actions, potentially enabling further attacks. Affected product/version: InfoSphere Informatio...

CVE-2022-44520

CVE-2022-44520 affects Adobe Acrobat/Reader: Acrobat Reader DC versions 22.001.20085 and earlier, 20.005.3031x and earlier, and 17.012.30205 and earlier. It is a use‑after‑free vulnerability that could allow arbitrary code execution in the context of the current user. Exploitation requires user i...

CVE-2022-44514

CVE-2022-44514 : Acrobat Reader DC (versions 22.001.20085 and earlier; 20.005.3031x and earlier; 17.012.30205 and earlier) is affected by a use‑after‑free vulnerability that can cause arbitrary code execution in the current user context. Exploitation requires the user to open a malicious file, en...

AZL-54410 CVE-2024-45338 affecting package node-problem-detector for versions less than 0.8.15-3

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

CVE-2023-36531

Missing Authorization vulnerability in LiquidPoll LiquidPoll – Advanced Polls for Creators and Brands allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LiquidPoll – Advanced Polls for Creators and Brands: from n/a through 3.3.68...

CVE-2023-41952

CVE-2023-41952 affects FluentForm for WordPress (

CVE-2023-41951

CVE-2023-41951 affects rtMedia for WordPress, BuddyPress and bbPress (vulnerable from n/a up to and including 4.6.14). It is a Missing Authorization/Broken Access Control vulnerability allowing exploitation via incorrectly configured access levels. Patch 4.6.15 fixes the issue; base CVSS v3.1 sco...

CVE-2023-41875

CVE-2023-41875 describes a Missing Authorization vulnerability in the WordPress plugin WP Directory Kit (versions

CVE-2023-41873

CVE-2023-41873 targets the WordPress plugin “miniOrange SAML SP Single Sign On.” The issue is a Missing Authorization vulnerability (Broken Access Control) in the plugin’s access checks, allowing exploitation of misconfigured security levels for SAML SSO. Affected: versions up to 5.0.4 (from n/a ...

CVE-2023-41866

The CVE-2023-41866 entry concerns the WordPress plugin Automatic YouTube Gallery. It describes a Missing Authorization/Broken Access Control vulnerability in which access control checks were incorrectly configured, exploitable via AJAX actions. Affected version range:

CVE-2023-41865

CVE-2023-41865 : Slider Pro (WordPress plugin) ≤ 4.8.6 has a Broken Access Control issue where missing authorization on AJAX actions could allow unauthorized access. The vulnerability’s root cause is an insufficient access check on AJAX endpoints. Impact is limited to the affected plugin version ...

CVE-2023-41857

CVE-2023-41857 affects the WordPress Click To Tweet plugin up to version 2.0.14, described as a Missing Authorization / Broken Access Control vulnerability. The initial description and connected entries do not provide an explicit remediation or patched version. CVSS v3.1 base score is 5.4 (Medium...

CVE-2023-41848

CVE-2023-41848 affects the WordPress Carousel Slider plugin, versions

CVE-2023-41802

CVE-2023-41802 affects WordPress Plugin Super Socializer (Team Heateor) up to version 7.13.54. It is a Missing Authorization / Broken Access Control vulnerability enabling exploitation of improperly configured access control security levels. Public sources in Connected documents confirm affected ...

CVE-2023-41695

CVE-2023-41695 is a WordPress plugin issue in Analytify (

CVE-2023-41690

CVE-2023-41690: WordPress WiserNotify Social Proof plugin <= 2.5 suffers a Broken Access Control flaw that allows unauthenticated access due to missing authorization checks. The CVE is tracked for WiserNotify Social Proof (WordPress plugin). Connected sources confirm affected versions up to 2....

CVE-2023-41688

CVE-2023-41688 affects WordPress Bulk NoIndex & NoFollow Toolkit (Mad Fish Digital) up to version 1.5, due to Broken Access Control / Missing Authorization. Public sources list a CVSS v3.1 base score of 5.4 (Medium) with network attack vector and low privileges required. Patchstack notes the fix ...

CVE-2023-41686

CVE-2023-41686: WordPress Woocommerce Support System plugin (versions

CVE-2023-41683

CVE-2023-41683 (TelSender WordPress plugin) : The vulnerability is a Missing Authorization flaw in TelSender that allows exploitation of an incorrectly configured access control security level. Affected: TelSender versions