CVE-2023-6596

Technical details for CVE-2023-6596 are not publicly available in the provided documents. Monitor for updates from Red Hat/OpenShift advisories.

CVE-2023-6484

CVE-2023-6484 describes a log injection flaw in Keycloak occurring when using WebAuthn in authentication form. The vulnerability arises from unsanitized text that can be injected into logs during WebAuthn login/registration, potentially affecting log integrity with a minor impact per CVSS 3.1 met...

CVE-2023-5675

CVE-2023-5675 affects Quarkus RestEasy Classic/Reactive JAX-RS endpoints where methods are declared in abstract classes or altered by extensions via annotation processors; authorization may not be enforced when quarkus.security.jaxrs.deny-unannotated-endpoints or quarkus.security.jaxrs.default-ro...

CVE-2023-52220

CVE-2023-52220 is a Missing Authorization/Broken Access Control vulnerability in the WordPress plugin Google Analytics by Monster Insights (versions

CVE-2023-51484

CVE-2023-51484 is an Improper Authentication vulnerability in the WordPress plugin Login as User or Customer (User Switching) that allows Privilege Escalation. Affected: wp-buy Login as User or Customer (User Switching) up to version 3.8. CVSS 3.1/3.1. Overall risk: 9.8 (CRITICAL) per the CVSS me...

CVE-2023-51478

CVE-2023-51478 (Build App Online) is substantiated by connected PT-secure sources: an improper authentication flaw allows unauthenticated privilege escalation leading to potential account takeover in Build App Online versions 1.0.19 and earlier. The affected software is Build App Online; exploita...

CVE-2023-6237

The CVE-2023-6237 entry concerns OpenSSL EVP_PKEY_public_check() performing an expensive verification on RSA public keys. The issue causes long delays (potential DoS) when keys of untrusted provenance are checked, notably when using the OpenSSL pkey tool with -pubin/-check. The impact is describe...

CVE-2023-20249

CVE-2023-20249 affects Cisco TelePresence Management Suite (TMS) web-based management interface. Affected component: the TMS web UI; root cause: insufficient input validation in the interface allows an authenticated, remote attacker to perform cross-site scripting (XSS). Impact: attacker can exec...

CVE-2023-20248

CVE-2023-20248 concerns Cisco TelePresence Management Suite (TMS) — Web-based management interface. The issue is an XSS vulnerability caused by insufficient input validation, exploitable by an authenticated, remote attacker who can insert malicious data in a specific data field in the interface. ...

CVE-2024-20313

CVE-2024-20313 affects Cisco IOS XE Software, specifically the OSPFv2 feature. The issue arises from improper validation of OSPF updates, allowing an unauthenticated, adjacent attacker to send a malformed OSPF update that can cause the device to reload and trigger a DoS. Connected sources corrobo...

CVE-2023-51477

CVE-2023-51477 describes an incomplete authentication flaw in the WordPress BuddyBoss Theme (v2.4.60 and earlier) that allows an unauthenticated actor to access functionality constrained by ACLs. The base metrics list a high-impact, critical-severity scenario (CVSS 3.1 vector: Network, Low attack...

CVE-2023-51425

CVE-2023-51425 affects the Rencontre – Dating Site WordPress plugin (

CVE-2023-48763

CVE-2023-48763 – JetFormBuilder Content Injection : An unauthenticated attacker can inject content via improper neutralization of script-related HTML tags in JetFormBuilder. Affected: WordPress JetFormBuilder versions up to 3.1.4. Root cause: content injection vulnerability (XSS-like) in dynamic ...

CVE-2022-45852

CVE-2022-45852 is a path traversal vulnerability in the WordPress WP-FormAssembly plugin affecting versions n/a through 2.0.5. It arises from improper limitation of a pathname to a restricted directory, allowing traversal to sensitive files. Documented impacts include (per sources) potential unau...

CVE-2023-50885

CVE-2023-50885 affects Store Locator WordPress (AGILESTORE LOCATOR) plugin for WordPress, with versions up to 1.4.14. It is an improper limitation of a pathname to a restricted directory (path traversal) vulnerability that can enable arbitrary file deletion. Red Hat and other sources corroborate ...

CVE-2023-4234

CVE-2023-4234 affects ofono (Open Source Telephony on Linux). The vulnerability is a stack-based buffer overflow triggered in decode_submit_report() during SMS decoding, with a bound check missing for the memcpy length in that function. Attack surface is plausible from a compromised modem, malici...

CVE-2023-51418

CVE-2023-51418 affects the JVM Gutenberg Rich Text Icons WordPress plugin. Public docs show a Missing Authorization vulnerability that enables authenticated users to perform unauthorized actions, including directory traversal leading to Arbitrary File Deletion or similar file operations, impactin...

CVE-2023-51500

CVE-2023-51500 affects Undsgn Uncode Core (

CVE-2023-44227

CVE-2023-44227 affects WordPress plugin Simple File List (Mitchell Bennis) up to version 6.1.9. Root cause: Missing/insufficient authorization controls allow unauthenticated users to delete arbitrary files via the plugin’s deletion functionality, enabling potential denial of service or data loss....

CVE-2023-36505

CVE-2023-36505 affects the Ninja Forms Contact Form WordPress plugin (versions