CVE-2020-9711

CVE-2020-9711 describes an out-of-bounds read (CWE-125) in Adobe Acrobat/Reader. Affected products include multiple lines of Acrobat/Reader: DC Continuous and Classic channels, across 2015, 2017, 2020 release families (e.g., 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earli...

CVE-2024-31119

CVE-2024-31119 is a DOM-based XSS vulnerability in the WordPress plugin Special Box for Content by Vasilis Triantafyllou. The issue is described as an improper neutralization of input during web page generation, enabling DOM‑Based XSS. Affected version range is listed as from “n/a through 1” (i.e...

CVE-2023-50897

CVE-2023-50897 concerns the WordPress plugin Media File Renamer (WordPress plugin “Media File Renamer”). The vulnerability is described as an Unrestricted Upload of File with Dangerous Type that enables an attacker to perform an arbitrary file rename, which can lead to a Remote Code Execution (RC...

CVE-2021-32584

CVE-2021-32584 describes an improper access control (CWE-284) in Fortinet FortiWLC across multiple versions (e.g., 8.6.0, 8.5.3 and below, 8.4.8 and below, 8.3.3 and below, 8.2.7 to 8.2.4, 8.1.3). An unauthenticated, remote attacker could access certain areas of the web management CGI by specifyi...

CVE-2022-26388

CVE-2022-26388 affects Hillrom Welch Allyn ELI resting electrocardiographs: ELI 380 (versions ≤ 2.6.0), ELI 280/BUR280/MLBUR 280 (≤ 2.3.1), ELI 250c/BUR 250c (≤ 2.1.2), and ELI 150c/BUR 150c/MLBUR 150c (≤ 2.2.0). Root cause is a hard-coded password used for inbound authentication or outbound comm...

CVE-2024-2878

Summary (CVE-2024-2878) : A DoS vulnerability in GitLab CE/EE affects all versions from 15.7 up to 16.9.7, 16.10 up to 16.10.5, and 16.11 up to 16.11.2. An attacker could cause service disruption by crafting unusual branch-name search terms. Impact: availability loss as described in the sources. ...

CVE-2018-9464

CVE-2018-9464 is an Elevation of Privilege in the Google Android Kernel (Taimen bootloader) identified across multiple trackers. The vulnerability arises from a missing permission check, enabling local access to read protected files and escalate privileges with no additional execution privileges ...

CVE-2023-47647

CVE-2023-47647 corresponds to a Missing Authorization (Broken Access Control) vulnerability in LearningTimes BadgeOS, affecting BadgeOS up to version 3.7.1.6. The issue originates from misconfigured access control levels, enabling unauthorized actions. Reported CVSS 3.1 base score 4.3 (Medium). C...

CVE-2023-47515

CVE-2023-47515 concerns the WordPress plugin “Seers – GDPR & CCPA Cookie Consent & Compliance”. Connected sources confirm a Missing Authorization/Broken Access Control issue affecting Seers versions up to 8.1.1, allowing unauthenticated access to configured security levels. The root cause is insu...

CVE-2023-46644

CVE-2023-46644 documents a Missing Authorization vulnerability in the WP CTA PRO WordPress CTA plugin (WordPress CTA)

CVE-2020-1823

CVE-2020-1823 relates to multiple out-of-bounds (OOB) read vulnerabilities in Huawei devices’ Common Open Policy Service (COPS) protocol implementation. The issue arises from the decoding function processing incoming data packets, potentially enabling disruption of service on affected devices. Th...

CVE-2021-26115

CVE-2021-26115 describes an OS command injection in FortiWAN up to version 4.5.7 (and earlier) affecting the FortiWAN Command Line Interface. The flaw allows a local, authenticated, unprivileged attacker to escalate privileges to root by executing a specially crafted command due to improper input...

CVE-2022-44514

CVE-2022-44514 : Acrobat Reader DC (versions 22.001.20085 and earlier; 20.005.3031x and earlier; 17.012.30205 and earlier) is affected by a use‑after‑free vulnerability that can cause arbitrary code execution in the current user context. Exploitation requires the user to open a malicious file, en...

CVE-2023-41873

CVE-2023-41873 targets the WordPress plugin “miniOrange SAML SP Single Sign On.” The issue is a Missing Authorization vulnerability (Broken Access Control) in the plugin’s access checks, allowing exploitation of misconfigured security levels for SAML SSO. Affected: versions up to 5.0.4 (from n/a ...

CVE-2023-33324

CVE-2023-33324 is a Missing Authorization/Broken Access Control vulnerability in WordPress plugin Easy Captcha (versions up to 1.0). The issue arises from insufficient access checks, enabling unauthorized entities to perform restricted actions. The vulnerability affects Easy Captcha

CVE-2023-32299

CVE-2023-32299 affects the WordPress plugin Ni WooCommerce Sales Report (Ni WooCommerce Sales Report) up to version 3.7.3, due to Missing Authorization / Broken Access Control. Attackers with subscriber-level privileges could exploit an improperly enforced access control to view sales data. The v...

CVE-2023-47756

CVE-2023-47756 is a Missing Authorization (Broken Access Control) vulnerability in the Welcome Email Editor WordPress plugin. Affected versions are

CVE-2018-9390

CVE-2018-9390 involves an out-of-bounds read in procfile_write within gl_proc.c caused by an incorrect bounds check, enabling local privilege escalation with SYSTEM rights. Exploitation is not user-initiated. Reports from NVD/Red Hat/CNNVD mirror a consistent description across Android Pixel devi...

CVE-2018-9403

CVE-2018-9403 describes a stack buffer overflow in the MTK FLP MSG HAL DIAG REPORT DATA NTF handler within the flp2hal_interface.c component. The underlying issue is a missing bounds check which can allow a local attacker with System privileges to escalate to higher privileges. Exploitation is lo...

CVE-2018-9394

The CVE-2018-9394 entry concerns the MediaTek MTK P2P driver: mtk_p2p_wext_set_key in drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_p2p.c. The vulnerability is an out-of-bounds (OOB) write caused by improper input validation, enabling local privilege escalation with System execution pr...