CVE-2024-33870

CVE-2024-33870 affects Artifex Ghostscript up to version 10.03.1. The issue is a path traversal vulnerability in PostScript handling that can reach arbitrary files when the current directory is within permitted paths, e.g., transforming ../../foo to ./../../foo and gaining access if ./ is allowed...

CVE-2024-33871

CVE-2024-33871 affects Artifex Ghostscript prior to 10.03.1. The issue is in contrib/opvp/gdevopvp.c where the Driver parameter for opvp (and oprp) devices can specify an arbitrary dynamic library name, which is then loaded when processing a crafted PostScript document. This allows arbitrary code...

CVE-2024-33869

Artifex Ghostscript

CVE-2024-33870

An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal via a crafted PostScript document to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ i...

CVE-2024-33869

An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur via a crafted PostScript document because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command output filename...

CVE-2024-29510

Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device...

CVE-2021-3079

Technical details for CVE-2021-3079 are not publicly available in the provided documents; monitor for updates.

CVE-2024-22231

CVE-2024-22231 affects Salt: Syndic cache directory creation is vulnerable to directory traversal during cache dir creation on the Salt master, enabling an attacker to create arbitrary directories. Reported across multiple advisories (Gentoo GLSA 202412-09; SUSE-SU-2024:1518-1; Debian/Ubuntu/NVD ...

CVE-2023-38393

CVE-2023-38393 is a vulnerability in WordPress Ninja Forms plugin versions ≤ 3.6.25, described as Missing Authorization / Broken Access Control. The issue permits a user with Subscriber/Contributor roles to perform an unauthorized action (export of all Ninja Forms submissions) due to a broken acc...

CVE-2023-38386

CVE-2023-38386 affects the WordPress Ninja Forms plugin, specifically versions up to 3.6.25, due to a Missing Authorization/Broken Access Control issue in the form submissions export feature. Root cause involves insufficient access restrictions allowing certain users to export submissions. The CV...

CVE-2023-35049

CVE-2023-35049 affects the WordPress WooCommerce Stripe Payment Gateway plugin

CVE-2023-44148

CVE-2023-44148 affects the WordPress Astra Bulk Edit plugin (

CVE-2023-44151

The CVE-2023-44151 entry corresponds to a Broken Access Control vulnerability in the WordPress Pre-Publish Checklist plugin (versions ≤ 1.1.1). The root cause is missing authorization/authentication validation, enabling access control bypass related to the Pre-Publish Checklist feature. Affected ...

CVE-2023-45658

The CVE concerns the WordPress Nexter theme (

CVE-2023-47770

CVE-2023-47770 concerns Betheme WordPress theme (Muffin Group) with a Missing Authorization vulnerability in versions up to 27.1.1. The issue is described as Broken Access Control / Missing Authorization, enabling privilege escalation for authenticated users (Contributor level and above) to acces...

CVE-2023-47771

CVE-2023-47771 affects WordPress plugin Essential Grid (ThemePunch OHG). It is a Missing Authorization vulnerability (Broken Access Control) enabling authenticated users with subscriber+ privileges to access functions intended for higher-privilege users. Affected versions: up to 3.0.18; CVSS v3.1...

CVE-2023-47783

CVE-2023-47783 is a Missing Authorization (Broken Access Control) vulnerability in Thrive Theme Builder up to version 3.23.x (before 3.24.0). The issue affects Thrive Theme Builder and is caused by a missing capability check in a function, enabling authenticated users with subscriber-level access...

CVE-2023-48759

CVE-2023-48759 is a Missing Authorization vulnerability in Crocoblock JetElements For Elementor (affected: Elementor JetElements <= 2.6.13). The issue allows unauthenticated users to download arbitrary attachments due to a missing authorization check on the download path (arbitrary attachment ...

CVE-2023-51495

CVE-2023-51495 relates to the WooCommerce Warranty Requests WordPress plugin. Affected product: WooCommerce Warranty Requests (plugin slug woocommerce-warranty) up to version 2.2.7. Description in sources: a Missing Authorization vulnerability (Broken Access Control) that could allow unauthentica...

CVE-2023-51496

CVE-2023-51496 affects the WordPress WooCommerce Warranty Requests plugin (versions up to 2.2.7). The issue is a Missing Authorization vulnerability that could allow unauthorized access to warranty requests. CVSS v3.1 base metrics reported by NVD and PatchStack indicate a Medium severity impact (...