CVE-2024-0852

coreActivity: Activity Logging plugin for WordPress (prior to 1.8.1) is vulnerable to unauthenticated Stored XSS due to insufficient escaping of certain request data when rendering in the admin logs dashboard. The issue allows an unauthenticated attacker to craft input that could execute JavaScri...

CVE-2023-5529

Affected software: Advanced Page Visit Counter WordPress plugin, prior to version 8.0.6. Root cause: plugin does not sanitise/escape certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Impact: admin-level Stored X...

CVE-2022-32203

CVE-2022-32203 describes a command-injection vulnerability in Huawei terminal printer products. The issue allows high-privilege code execution on the printer after exploitation over the network (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, base 9.8). The root cause is described as insufficient...

CVE-2023-30870

CVE-2023-30870: Vulnerability in the WordPress plugin Sharkdropship for AliExpress Dropship and Affiliate (versions

CVE-2018-9395

The CVE-2018-9395 issue affects the Mediatek WLAN driver (mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config) in drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c. It describes a possible out-of-bounds write due to a missing bounds check, enabling local...

CVE-2018-9392

CVE-2018-9392 affects the Mediatek GPS HAL: in get_binary() of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c there is a possible out-of-bounds write due to a missing bounds check. This could enable local elevation of privilege with System execution privileges, and...

CVE-2024-22032

CVE-2024-22032: Rancher’s RKE1 deployment keeps reconciling when secrets encryption is enabled, causing Kube API secret values to be written in plaintext in the cluster AppliedSpec. Affected environments include RKE1 clusters managed by Rancher; RBAC users with cluster or project scope can view t...

CVE-2024-31325

CVE-2024-31325 is listed in the Android Framework as an Elevation of Privilege (EoP) vulnerability with a local attack vector. The issue arises from a logic error that can reveal images across different users’ data, enabling local privilege escalation without additional execution privileges. Affe...

CVE-2023-52117

Technical details for CVE-2023-52117 are not provided in the connected documents. According to the initial description, this is a Missing Authorization vulnerability affecting ProfileGrid

CVE-2024-22139

CVE-2024-22139 (WordPress Manutenção) is an unauthenticated authentication bypass arising from IP spoofing, affecting WordPress Manutenção versions up to and including 1.0.6. The root cause involves insufficient validation of IP addresses in maintaining mode, enabling bypass of the maintenance re...

CVE-2023-51398

CVE-2023-51398 is an authentication‑related vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder. The issue stems from improper privilege management that enables Privilege Escalation for authenticated users (Contributor+), potentially granting higher privileges than allowed. Affec...

CVE-2023-33327

CVE-2023-33327 refers to a high-severity Privilege Escalation in the WordPress Leyka plugin (versions

CVE-2024-0022

CVE-2024-0022 affects Android’s CompanionDeviceManagerService.java. The issue is improper input validation that can cause a NotificationAccessConfirmationActivity to be launched for another user profile, enabling local information disclosure without extra privileges and without user interaction. ...

CVE-2024-1637

The CVE-2024-1637 entry concerns the 360 Javascript Viewer WordPress plugin. Affected versions are all versions up to and including 1.7.12, where an unauthorized modification of data is possible due to a missing capability check and nonce exposure on multiple AJAX actions. The vulnerability can b...

CVE-2024-27985

CVE-2024-27985 : Deserialization of untrusted data in PropertyHive (WordPress) allows PHP Object Injection in versions up to 2.0.9 (authenticated as Subscriber+). Impact details per CVSS: 8.8 (HIGH) with network attack vector, no user interaction required; affects confidentiality, integrity, and ...

CAN-2005-2971

CVE-2005-2971 affects the RTF importer in KWord/KOffice (KDE Office). The connected OpenVAS/Nessus entries confirm a buffer overflow that can lead to arbitrary code execution. Advisories across distributions document the issue and release patches or updates (e.g., Debian DSA-872-1; Gentoo GLSA 20...

CVE-2022-2205

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

CVE-2016-6041

IBM Tealeaf Customer Experience (IBM Tealeaf CX) is affected by CVE-2016-6041: the product does not properly secure session cookies, potentially allowing an authenticated user to obtain sensitive information. Affected versions include IBM Tealeaf CX v8.7 through v9.0.2. Remediation paths are prov...

CVE-2022-20139

Initial CVE-2022-20139 is reserved and no public technical details are provided in the connected documents. Technical specifics (affected products, root cause, impact, or fix) are not available here; monitor for updates as information becomes public.

CVE-2024-21679

CVE-2024-21679 (Confluence DoS) affects Atlassian Confluence Data Center and Server . Affected ranges include: 5.6–7.19.13, 8.0–8.5.0. The issue allows an unauthenticated attacker to cause a resource to become unavailable by disrupting services of a vulnerable host, with high availability impact ...