CVE Vulnerability

Home ยป CVE’s

CVE’s

CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2023-0398
Modoboa
Modoboa-dmarc
2023-01-27
N/A
6.5 MEDIUM
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.
CVE-2023-0397
Zephyr, Zephyrproject
Zephyr
2023-01-25
N/A
6.5 MEDIUM
A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete.
CVE-2023-0396
Zephyr, Zephyrproject
Zephyr
2023-02-03
N/A
6.8 MEDIUM
A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses.
CVE-2023-0394
Linux
Acrn, Audit, Dhcp6c, Direct_connect, Infiniband_hfi1_driver, Ipsec_tools_racoon_daemon, Kernel, Layer_2_tunneling_protocol, Linux_kernel, Linux_kernel_i40e/i40evf
2023-02-01
N/A
5.5 MEDIUM
A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.
CVE-2023-0385
Custom 404 Pro Project
Custom_404_pro
2023-01-27
N/A
4.3 MEDIUM
The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom_404_pro_admin_init function. This makes it possible for unauthenticated attackers to delete logs, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-0380
Easy Digital Downloads, Sandhillsdev
Easy_digital_downloads
2023-02-21
N/A
N/A
The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0379
Rebelcode, Spotlight Social Feeds
Spotlight_social_feeds
2023-02-15
N/A
5.4 MEDIUM
The Spotlight Social Feeds WordPress plugin before 1.4.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2023-0378
Greenshiftwp
Greenshift_-_animation_and_page_builder_blocks
2023-02-21
N/A
N/A
The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0375
Bootstrapped
Dynamic_widgets, Easy_affiliate_links, Visual_link_preview, Wp_recipe_maker, Wp_ultimate_recipe
2023-02-21
N/A
N/A
The Easy Affiliate Links WordPress plugin before 3.7.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0373
Smartwp
Lightweight_accordion
2023-02-15
N/A
5.4 MEDIUM
The Lightweight Accordion WordPress plugin before 1.5.15 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
1 11,233 11,234 11,235 11,236 11,237 11,258