Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-40215: WordPress demon image annotation plugin <= 5.1 - SQL Injection vulnerability - Patchstack

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1.

CVE
Open in Source
#sql#vulnerability#wordpress
CVE-2023-35910: WordPress Quasar form plugin <= 6.0 - SQL Injection vulnerability - Patchstack

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nucleus_genius Quasar form free – Contact Form Builder for WordPress allows SQL Injection.This issue affects Quasar form free – Contact Form Builder for WordPress: from n/a through 6.0.

CVE-2023-45189: Security Bulletin: A vulnerability in IBM Robotic Process Automation may result in access to client vault credentials (CVE-2023-45189).

A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752.

CVE-2023-36677: WordPress SP Project & Document Manager plugin <= 4.67 - SQL Injection - Patchstack

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67.

CVE-2023-47233: Invalid Bug ID

The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.

CVE-2023-47235: bgpd: A couple more bgpd crash fixes for malformed packets by ton31337 · Pull Request #14716 · FRRouting/frr

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.

CVE-2023-47234: bgpd: A couple more bgpd crash fixes for malformed packets by ton31337 · Pull Request #14716 · FRRouting/frr

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).

CVE-2023-41726

Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability

CVE-2022-44569: Ivanti Automation 2023.4 Release Notes

A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.

CVE-2022-3172: CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF) · Issue #112513 · kubernetes/kubernetes

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.