Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-3574: Improper Authorization in "Customer automation rules" function in customer-data-framework

Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1.

CVE
Open in Source
#google#git#auth
CVE-2023-3209

The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.

CVE-2023-28953: Security Bulletin: IBM Cognos Analytics Cartridge for IBM Cloud Pak for Data 4.7.0 has addressed a security vulnerability (CVE-2023-28953)

IBM Cognos Analytics on Cloud Pak for Data 4.0 could allow an attacker to make system calls that might compromise the security of the containers due to misconfigured security context. IBM X-Force ID: 251465.

CVE-2023-22695: WordPress Custom Field Template plugin <= 2.5.8 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Field Template plugin <= 2.5.8 versions.

CVE-2023-22694: WordPress BigContact Contact Page plugin <= 1.5.8 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Arian Khosravi, Norik Davtian BigContact Contact Page plugin <= 1.5.8 versions.

CVE-2023-23787: WordPress Premmerce Redirect Manager plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Redirect Manager plugin <= 1.0.9 versions.

CVE-2023-24405: WordPress Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3 versions.

CVE-2023-25478: WordPress Weather Station plugin <= 3.8.12 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet Weather Station plugin <= 3.8.12 versions.

CVE-2023-30445: IBM Db2 denial of service CVE-2023-30445 Vulnerability Report

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253357.