CVE-2023-45631

CVE-2023-45631 concerns the WordPress plugin “Responsive Image Gallery, Gallery Album” (wpdevart) up to version 2.0.3. Multiple connected sources confirm a Missing Authorization/Broken Access Control vulnerability allowing unauthorized actions via AJAX (no explicit exploit details provided). Affe...

CVE-2022-44512

Adobe Acrobat Reader DC is affected by out-of-bounds write (CWE-787) in parsing that could lead to arbitrary code execution in the current user context. Affected versions include 22.001.20085 and earlier, 20.005.3031x and earlier, and 17.012.30205 and earlier. Exploitation requires user interacti...

CVE-2023-41870

CVE-2023-41870 affects the WP Crowdfunding plugin by Themeum (WordPress) up to version 2.1.5. The issue is a Missing Authorization/Improper Access Control vulnerability caused by incorrectly configured access control security levels, enabling unauthorized access to restricted areas. Red Hat and P...

CVE-2023-47849

CVE-2023-47849 affects the BlossomThemes Email Newsletter WordPress plugin. The issue is a Missing Authorization / Broken Access Control in the bten_get_mailing_list workflow, allowing unauthenticated access to mailing list data for versions up to and including 2.2.4. The vulnerability’s CVSS v3....

CVE-2017-13313

CVE-2017-13313 affects the Android Media framework (ESQueue.cpp, ElementaryStreamQueue::dequeueAccessUnitMPEG4Video). The issue is an infinite loop caused by an incorrect bounds check, leading to remote denial of service with no additional privileges required. Availability impact is DoS; exploita...

CVE-2022-20634

Cisco Enterprise Chat and Email (ECE) Web-based management interface vulnerability (CVE-2022-20634) allows an unauthenticated, remote attacker to cause user redirection to a malicious URL via crafted links. Root cause: improper input validation of URL parameters in HTTP requests. Affects Cisco EC...

CVE-2020-10370

CVE-2020-10370 affects Cypress (and Broadcom) Wireless Combo chips, specifically the CYW43455. When the 2021-01-26 Bluetooth firmware update is not present, a Bluetooth outage is possible via a Spectra attack. The provided documents do not include explicit vulnerability details beyond this descri...

CVE-2024-31570

CVE-2024-31570 affects libfreeimage in FreeImage 3.4.0 through 3.18.0, where a stack-based buffer overflow occurs in PluginXPM.cpp Load when processing XPM files. The issue is triggered by a crafted XPM input and is rated critical (CVSS v3.1: 9.8, NETWORK, LOW complexity, no user interaction). Af...

CVE-2024-31326

CVE-2024-31326 affects the Android Framework. The issue is a logic error in policy migration code that can lead to local elevation of privilege without extra privileges or user interaction. The Android bulletin notes this as an EoP vulnerability with High severity, and lists updated AOSP versions...

CVE-2024-35690

CVE-2024-35690 corresponds to a WordPress Widget Options plugin vulnerability (

CVE-2023-41805

CVE-2023-41805 is a Missing Authorization (Broken Access Control) issue in Brainstorm Force Premium Starter Templates and Brainstorm Force Starter Templates astra-sites, affecting Premium Starter/Templates ≤ 3.2.5. Root cause: insufficient authorization checks enabling access to data/configs. Pat...

CVE-2023-50804

CVE-2023-50804 concerns Samsung baseband/modem software in Exynos devices where NAS (Non-Access‑Stratum) format type checking is insufficient, enabling authentication bypass in the baseband stack. The issue affects multiple Exynos SoCs (e.g., Exynos 9820/9825/980/990/850/1080/2100/2200/1280/1380/...

CVE-2023-50977

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that there was not reasonable evidence to determine the existence of a vulnerability. See also CVE-2024-36472...

CVE-2024-1438

The CVE-2024-1438 entry concerns the WordPress plugin Rolo Slider (PressFore Ro lo Slider). Technical details in connected docs show a Missing Authorization vulnerability that allows unauthorized changes to settings in Rolo Slider versions up to and including 1.0.9. Public sources consistently de...

CVE-2024-3773

Vulnerability summary: LiveJournal Shortcode

CAN-2004-0232

CVE-2004-0232 is referenced in multiple security feeds as a vulnerability in Midnight Commander (mc). Connected documents describe the issue as involving buffer overflows, format string bugs, and insecure temporary file handling within mc, with CVE-2004-0226/0231/0232 grouped together in advisori...

CAN-2004-0693

The connected records show CVE-2004-0691/0692/0693 tied to a Qt-related security issue and multiple advisories (Qt security updates across Linux distros such as SLES, Gentoo, FreeBSD ports, Slackware). These entries indicate a vulnerability in Qt that prompted security advisories and the need for...

CAN-2004-0884

CVE-2004-0884 corresponds to a Cyrus-SASL related issue. Multiple OpenVAS and vendor advisories indicate that remote systems using Cyrus SASL libraries may be affected unless updates are applied. A notable FreeBSD entry highlights a potential privilege escalation vector: libraries loaded via SASL...

CAN-2004-0886

CVE-2004-0886 concerns integer overflow bugs in libtiff used by the kdegraphics/kfax code path. The issue could allow memory corruption or arbitrary code execution when a user opens a crafted TIFF file, due to overflows in libtiff’s processing. The affected product is kdegraphics (and its kfax co...

CAN-2004-1001

CVE-2004-1001 concerns the Shadow project: a vulnerability in the passwd_check function present in Shadow 4.0.4.1 and possibly earlier versions (before 4.0.5) that can allow local users to perform unauthorized actions when pam_chauthtok error handling is faulty. Public advisories (Debian DSA-585-...