CVE-2023-41664

CVE-2023-41664 corresponds to a Missing Authorization flaw in the WordPress plugin Easy Newsletter Signups (

CVE-2023-41133

CVE-2023-41133 is a WordPress plugin vulnerability in Secure Admin IP (versions

CVE-2023-41132

CVE-2023-41132 relates to the WordPress plugin Category Slider for WooCommerce (

CVE-2023-41130

CVE-2023-41130 concerns the WordPress plugin Premmerce User Roles (Premmerce) where a missing authorization check in role-management functions leads to a Broken Access Control vulnerability. Affected versions are

CVE-2023-40005

Technical details (affected product, vulnerable components, root cause, impact, and fix) are not provided in the supplied documents. Monitor for updates from official advisories and vendors for CVE-2023-40005.

CVE-2023-40003

CVE-2023-40003 is a Broken Access Control vulnerability in the WP Project Manager WordPress plugin (versions

CVE-2023-38514

CVE-2023-38514 concerns a Missing Authorization vulnerability in the WordPress plugin Social Share Icons & Social Share Buttons , affecting versions up to 3.5.7. Multiple connected sources describe a broken access-control/unauthorized action scenario, caused by a missing authorization check in th...

CVE-2023-35037

CVE-2023-35037 affects the WordPress Surfer plugin (surferseo): Broken access control in Surfer

CVE-2023-33324

CVE-2023-33324 is a Missing Authorization/Broken Access Control vulnerability in WordPress plugin Easy Captcha (versions up to 1.0). The issue arises from insufficient access checks, enabling unauthorized entities to perform restricted actions. The vulnerability affects Easy Captcha

CVE-2023-33215

CVE-2023-33215 affects the WordPress Taggbox widget/plugin, specifically versions

CBL Mariner 2.0 Security Update: kernel (CVE-2024-50154)

"The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50154 advisory. - In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in...

CVE-2024-54503

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2. Muting a call while ringing may not result in mute being enabled...

CVE-2024-47596 GHSL-2024-244: GStreamer has an OOB-read in FOURCC_SMI_ parsing

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemuxparsesvq3stsddata function within qtdemux.c. In the FOURCCSMI case, seqhsize is read from the input file without proper validation. If seqhsize is greater than the remaining...

CVE-2023-37395

CVE-2023-37395 affects IBM Aspera Faspex 5.0.0–5.0.7, where a local user could obtain sensitive information due to improper encryption of certain data. The Red Hat and other security sources corroborate an information disclosure vulnerability in Faspex 5.x, with the IBM bulletin explicitly listin...

PT-2024-10291

Name of the Vulnerable Software and Affected Versions macOS versions prior to 15.2 Description The issue is related to a configuration problem that has been addressed with additional restrictions. It allows an app to modify protected parts of the file system. The vulnerability can be exploited by...

CVE-2024-53004 Substance3D - Modeler | Out-of-bounds Read (CWE-125)

Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a...

CVE-2023-48277

CVE-2023-48277 affects the WordPress plugin Super Progressive Web Apps (up to version 2.2.21). The vulnerability is a Broken Access Control caused by missing authorization in the newsletter submission AJAX path, allowing unauthenticated users to subscribe to the plugin author’s newsletter. The ve...

CVE-2023-22701

CVE-2023-22701 affects WordPress Ebook Store plugin (≤ 5.775). The root cause is Missing Authorization / Broken Access Control allowing unauthenticated access to ebook_store_export_orders, potentially exposing order data. NVD CVSSv3.1 base score is 9.8 (CRITICAL); patch notes indicate fix in v5.7...

CVE-2023-24407 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3...

CVE-2023-25455

CVE-2023-25455 is a Missing Authorization vulnerability in the miniOrange WordPress Social Login and Register plugin (Discord, Google, Twitter, LinkedIn) affecting versions up to 7.6.0. The issue allows unauthenticated actors to perform Arbitrary Content Deletion due to incorrectly configured acc...