CVE-2023-25307

nothub mrpack-install <= v0.16.2 is vulnerable to Directory Traversal.

Source: CVE-2023-25307

CVE-2023-30261

Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary commands via crafted GET request.

Source: CVE-2023-30261

CVE-2023-29438

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Martin SimpleModal Contact Form (SMCF) plugin <= 1.2.9 versions.

Source: CVE-2023-29438

CVE-2023-29437

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Steven A. Zahm Connections Business Directory plugin <= 10.4.36 versions.

Source: CVE-2023-29437

CVE-2023-36631

** DISPUTED ** Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface’s rules tab. NOTE: the vendor’s perspective is "this is intended behavior as the application can be locked using a password."

Source: CVE-2023-36631

CVE-2023-29435

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Zwaply Cryptocurrency All-in-One plugin <= 3.0.19 versions.

Source: CVE-2023-29435

CVE-2023-29434

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress plugin <= 1.3.1 versions.

Source: CVE-2023-29434

CVE-2023-3398

Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3.

Source: CVE-2023-3398

CVE-2023-29436

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Flyn San IFrame Shortcode plugin <= 1.0.5 versions.

Source: CVE-2023-29436

CVE-2023-29430

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CTHthemes TheRoof plugin <= 1.0.3 versions.

Source: CVE-2023-29430