CVE-2023-49857

CVE-2023-49857 is a Missing Authorization/Broken Access Control vulnerability in the WordPress plugin Awesome Support . Affected versions are up to 6.1.7 ; unauthenticated users could exploit misconfigured access controls. The PatchStack entry confirms a fix in 6.1.8 . NVD/CVSS data show a 6.5 (M...

CVE-2023-50373

CVE-2023-50373 affects the WordPress Alt Manager plugin (versions

CVE-2023-50877

CVE-2023-50877 — Missing Authorization in the WordPress plugin Product Filter by WBW (WBW) affecting versions up to 2.5.0 . Root cause: Broken Access Control / Missing Authorization . Public references confirm the issue exists across multiple feeds (NVD, Red Hat, CIRCL) with a base CVSS 3.1/3.1 v...

CVE-2023-50904

CVE-2023-50904: A Missing Authorization vulnerability in WordPress Poll Maker (up to version 4.8.0) arises from incorrectly configured access control. Exploitation could allow unauthorized actions due to insufficient authorization checks. Public advisories in multiple sources confirm the issue an...

CVE-2023-51353

CVE-2023-51353 affects the WordPress Popup by Supsystic plugin up to version 1.10.19. The root cause is broken/ missing authorization (Broken Access Control), enabling unauthenticated or low-privilege users to exploit access control to sensitive information via the getWpCsvList action. Reported i...

CVE-2023-51355

CVE-2023-51355 is a Missing Authorization vulnerability in MultiVendorX WC Marketplace (MVX) for WordPress/WooCommerce. Affected versions are MVX up to 4.0.23, with the root cause described as incorrectly configured access control security levels that allow bypassing authorization checks. Public ...

CVE-2023-51359

CVE-2023-51359 affects WPDeveloper Essential Blocks for Gutenberg (

CVE-2023-51362

CVE-2023-51362 affects the WordPress plugin All-in-one Floating Contact Form – My Sticky Elements (versions ≤ 2.1.3). It describes a Missing Authorization/ improper access control vulnerability with a CVSS v3.1 base score of 5.3 (Medium). Multiple connected sources corroborate a broken access con...

CVE-2023-49845

CVE-2023-49845 is a Broken Access Control vulnerability affecting the WordPress Redirects plugin (versions up to and including 1.2.1, Loud Dog Redirects naming in some sources). The root cause described across sources is “Missing Authorization” / incorrectly configured access control, enabling an...

CVE-2018-9391

CVE-2018-9391 describes a security issue in the Mediatek GPS HAL: in gpshal_worker.c, update_gps_sv and output_vzw_debug, there is a possible out-of-bounds write due to a missing bounds check. This can lead to local escalation of privilege with System execution privileges required; exploitation i...

CVE-2018-9390

CVE-2018-9390 involves an out-of-bounds read in procfile_write within gl_proc.c caused by an incorrect bounds check, enabling local privilege escalation with SYSTEM rights. Exploitation is not user-initiated. Reports from NVD/Red Hat/CNNVD mirror a consistent description across Android Pixel devi...

CVE-2018-9386

CVE-2018-9386 concerns the HTC reboot_block driver. The reboot_block_command may trigger a stack buffer overflow due to a missing bounds check, enabling local privilege escalation to SYSTEM with no user interaction required. Connected sources (NVD, Red Hat, CVE lists) confirm the issue descriptio...

CVE-2018-9462

CVE-2018-9462 describes an out-of-bounds write in the Android kernel component ftm4_pdc.c, within the store_cmd function, caused by an incorrect bounds check. This can enable local escalation of privilege to system execution privileges, with no user interaction required. The description specifies...

CVE-2018-9439

The issue CVE-2018-9439 affects the Linux kernel’s af_packet.c, specifically in __unregister_prot_hook and packet_release. The root cause is an improper locking leading to a use-after-free scenario in the network stack. Impact described across sources is local privilege escalation with kernel-lev...

CVE-2018-9408

The CVE-2018-9408 issue affects the GPS subsystem, specifically the m3326_gps_write and m3326_gps_read handlers in gps.s. The vulnerability is described as an out-of-bounds read caused by a missing bounds check, enabling local information disclosure with system execution privileges required. Expl...

CVE-2018-9403

CVE-2018-9403 describes a stack buffer overflow in the MTK FLP MSG HAL DIAG REPORT DATA NTF handler within the flp2hal_interface.c component. The underlying issue is a missing bounds check which can allow a local attacker with System privileges to escalate to higher privileges. Exploitation is lo...

CVE-2018-9402

CVE-2018-9402: A buffer overwrite in multiple functions of gl_proc.c due to a missing bounds check could lead to kernel privilege escalation. The issue is documented across several sources (NVD/Red Hat CNVD/CNNVD/CIRCL and related Android Pixel bulletin context) with no exploitation details provi...

CVE-2018-9400

The CVE-2018-9400 issue affects Mediatek GT1151 touchscreen drivers (GT1151/gt1x_generic.c and gt1x_tools.c). Root cause: missing bounds check enabling an out-of-bounds write in gt1x_debug_write_proc and gt1x_tool_write. Impact: local escalation of privilege with System execution privileges requi...

CVE-2018-9399

CVE-2018-9399 affects the /proc/driver/wmt_dbg driver. The issue is multiple possible out-of-bounds writes in this driver, enabling local escalation of privilege with SYSTEM privileges and no user interaction required. Reported impact is local (attack vector: LOCAL) with the potential for total c...

CVE-2018-9396

CVE-2018-9396 affects the Mediatek port_rpc.c code path (drivers/misc/mediatek/eccci/port_rpc.c) where an incorrect bounds check enables an out-of-bounds write. This can lead to local escalation of privilege with SYSTEM execution privileges needed, and exploitation does not require user interacti...