Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low)
NVD-CWE-Other
CVE-2023-0744
Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.
CVE-2023-0777
Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.
CVE-2023-0581
The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it possible for unauthenticated attackers to bypass any login restrictions that may prevent a brute force attack.
CVE-2023-0435
Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41.
CVE-2023-0451
All versions of Econolite EOS traffic control software are vulnerable to CWE-284: Improper Access Control, and lack a password requirement for gaining “READONLY” access to log files, as well as certain database and configuration files. One such file contains tables with message-digest algorithm 5 (MD5) hashes and usernames for all defined users in the control software, including administrators and technicians.