CVE-2023-5802
Cross-Site Request Forgery (CSRF) vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin – WP Knowledgebase plugin <= 1.3.4 versions.
Source: CVE-2023-5802
CVE-2023-5802
Cross-Site Request Forgery (CSRF) vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin – WP Knowledgebase plugin <= 1.3.4 versions.
Source: CVE-2023-5802
CVE-2023-30492
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vark Minimum Purchase for WooCommerce plugin <=Â 2.0.0.1 versions.
Source: CVE-2023-30492
CVE-2023-46072
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin <=Â 2.0.9 versions.
Source: CVE-2023-46072
CVE-2023-46074
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Borbis Media FreshMail For WordPress plugin <=Â 2.3.2 versions.
Source: CVE-2023-46074
CVE-2023-5798
The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wp_remote_get(), which could allow users with a role as low as Editor to perform SSRF attacks
Source: CVE-2023-5798
CVE-2023-46752
An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.
Source: CVE-2023-46752
CVE-2023-46753
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.
Source: CVE-2023-46753
CVE-2023-46754
The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values.
Source: CVE-2023-46754
CVE-2023-5139
Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver
Source: CVE-2023-5139
CVE-2023-31421
It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate’s IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected.
Source: CVE-2023-31421