CVE-2022-32203

CVE-2022-32203 describes a command-injection vulnerability in Huawei terminal printer products. The issue allows high-privilege code execution on the printer after exploitation over the network (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, base 9.8). The root cause is described as insufficient...

CVE-2022-32144

CVE-2022-32144 concerns Huawei’s Huawei CV81-WDM FW with an Insufficient Input Validation vulnerability. The core issue is input validation failing in Huawei products, enabling potential network-based abuse that could cause service abnormality. CNVD/ CNNVD/PTSecurity references identify Huawei CV...

CVE-2020-9250

CVE-2020-9250 describes an insufficient authentication vulnerability in some Huawei smartphones (HWPSIRT-2019-12302). An unauthenticated, local attacker can craft a software package to exploit due to insufficient verification, potentially impacting the service. Affected product: Huawei smartphone...

CVE-2024-2201

CVE-2024-2201 describes a cross-privilege Spectre v2 vulnerability affecting Linux kernels on Intel systems, enabling a local attacker to bypass mitigations (including Fine IBT) and potentially leak arbitrary kernel memory. The issue is grounded in the kernel’s handling of Spectre v2 defenses and...

CVE-2021-26115

CVE-2021-26115 describes an OS command injection in FortiWAN up to version 4.5.7 (and earlier) affecting the FortiWAN Command Line Interface. The flaw allows a local, authenticated, unprivileged attacker to escalate privileges to root by executing a specially crafted command due to improper input...

CVE-2020-12820

Affected software: FortiOS 6.0.10 and below and 5.6.12 and below, with the issue in the FortiClient NAC daemon (fcnacd). Root cause: stack-based buffer overflow under non-default configurations could be triggered by a large FortiClient file name, when an attacker is authenticated to the SSL VPN. ...

CVE-2024-35141

CVE-2024-35141 affects IBM Security Verify Access Docker 10.0.0–10.0.6. Root cause: execution of unnecessary privileges enables local privilege escalation. Impact: local attacker could escalate privileges (high). IBM bulletins indicate fixes in 10.0.7/FP0 or later; remediation is to upgrade to th...

CVE-2022-33954

IBM Robotic Process Automation (RPA) versions 21.0.1–21.0.3 are affected by CVE-2022-33954 due to insufficient protection of credentials, allowing a user with physical access to obtain sensitive information. The vulnerability stems from weak credential protection mechanisms and can lead to inform...

CVE-2021-39081

IBM Cognos Analytics Mobile for Android 1.1.14 is affected by CVE-2021-39081, due to weaker cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. The issue impact is limited to the Android app and could affect confidentiality (C: High) with no integrity/av...

CVE-2021-29827

CVE-2021-29827 | IBM InfoSphere Information Server 11.7 suffers a cross-frame scripting (clickjacking) vulnerability. A remote attacker could entice a user to a malicious page to hijack the user’s click actions, potentially enabling further attacks. Affected product/version: InfoSphere Informatio...

CVE-2022-44520

CVE-2022-44520 affects Adobe Acrobat/Reader: Acrobat Reader DC versions 22.001.20085 and earlier, 20.005.3031x and earlier, and 17.012.30205 and earlier. It is a use‑after‑free vulnerability that could allow arbitrary code execution in the context of the current user. Exploitation requires user i...

CVE-2022-44514

CVE-2022-44514 : Acrobat Reader DC (versions 22.001.20085 and earlier; 20.005.3031x and earlier; 17.012.30205 and earlier) is affected by a use‑after‑free vulnerability that can cause arbitrary code execution in the current user context. Exploitation requires the user to open a malicious file, en...

CVE-2023-41952

CVE-2023-41952 affects FluentForm for WordPress (

CVE-2023-41951

CVE-2023-41951 affects rtMedia for WordPress, BuddyPress and bbPress (vulnerable from n/a up to and including 4.6.14). It is a Missing Authorization/Broken Access Control vulnerability allowing exploitation via incorrectly configured access levels. Patch 4.6.15 fixes the issue; base CVSS v3.1 sco...

CVE-2023-41875

CVE-2023-41875 describes a Missing Authorization vulnerability in the WordPress plugin WP Directory Kit (versions

CVE-2023-41873

CVE-2023-41873 targets the WordPress plugin “miniOrange SAML SP Single Sign On.” The issue is a Missing Authorization vulnerability (Broken Access Control) in the plugin’s access checks, allowing exploitation of misconfigured security levels for SAML SSO. Affected: versions up to 5.0.4 (from n/a ...

CVE-2023-41866

The CVE-2023-41866 entry concerns the WordPress plugin Automatic YouTube Gallery. It describes a Missing Authorization/Broken Access Control vulnerability in which access control checks were incorrectly configured, exploitable via AJAX actions. Affected version range:

CVE-2023-41865

CVE-2023-41865 : Slider Pro (WordPress plugin) ≤ 4.8.6 has a Broken Access Control issue where missing authorization on AJAX actions could allow unauthorized access. The vulnerability’s root cause is an insufficient access check on AJAX endpoints. Impact is limited to the affected plugin version ...

CVE-2023-41857

CVE-2023-41857 affects the WordPress Click To Tweet plugin up to version 2.0.14, described as a Missing Authorization / Broken Access Control vulnerability. The initial description and connected entries do not provide an explicit remediation or patched version. CVSS v3.1 base score is 5.4 (Medium...

CVE-2023-41848

CVE-2023-41848 affects the WordPress Carousel Slider plugin, versions