NVD

2022-23 Change Timeline

Icon for CISA Known Exploited Vulnerabilities Catalog Announcement

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2024-0625 - The WPFront Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpfront-notification-bar-options[custom_class]’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization an... read CVE-2024-0625
Published: January 24, 2024; 10:15:07 PM -0500

V3.1: 4.8 MEDIUM
CVE-2024-0617 - The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcd_save_discount() function in all versions up to, and including, 4.12. This makes it possible for... read CVE-2024-0617
Published: January 24, 2024; 9:15:53 PM -0500

V3.1: 5.3 MEDIUM
CVE-2024-22204 - Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The `config` function in `app/routes.py` does not validate the user-controll... read CVE-2024-22204
Published: January 23, 2024; 1:15:18 PM -0500

V3.1: 5.3 MEDIUM
CVE-2023-49783 - Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ... read CVE-2023-49783
Published: January 23, 2024; 9:15:37 AM -0500

V3.1: 4.3 MEDIUM
CVE-2023-48714 - Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the ... read CVE-2023-48714
Published: January 23, 2024; 9:15:37 AM -0500

V3.1: 4.3 MEDIUM
CVE-2023-40092 - In verifyShortcutInfoPackage of ShortcutService.java, there is a possible way to see another user's image due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... read CVE-2023-40092
Published: December 04, 2023; 6:15:24 PM -0500

V3.1: 5.5 MEDIUM
CVE-2023-40091 - In onTransact of IncidentService.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: December 04, 2023; 6:15:24 PM -0500

V3.1: 7.8 HIGH
CVE-2023-40090 - In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User inte... read CVE-2023-40090
Published: December 04, 2023; 6:15:24 PM -0500

V3.1: 6.5 MEDIUM
CVE-2023-40089 - In getCredentialManagerPolicy of DevicePolicyManagerService.java, there is a possible method for users to select credential managers without permission due to a missing permission check. This could lead to local escalation of privilege with no add... read CVE-2023-40089
Published: December 04, 2023; 6:15:24 PM -0500

V3.1: 7.8 HIGH
CVE-2023-40088 - In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible memory corruption due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges nee... read CVE-2023-40088
Published: December 04, 2023; 6:15:24 PM -0500

V3.1: 8.8 HIGH
CVE-2023-40096 - In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is a possible way to record audio from the background due to a missing flag. This could lead to local escalation of privilege with User execution privileges needed. User interacti... read CVE-2023-40096
Published: December 04, 2023; 6:15:24 PM -0500

V3.1: 7.8 HIGH
CVE-2023-40097 - In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed f... read CVE-2023-40097
Published: December 04, 2023; 6:15:24 PM -0500

V3.1: 7.8 HIGH
CVE-2023-40098 - In mOnDone of NotificationConversationInfo.java, there is a possible way to access app notification data of another user due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges need... read CVE-2023-40098
Published: December 04, 2023; 6:15:24 PM -0500

V3.1: 5.5 MEDIUM
CVE-2023-40103 - In multiple locations, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: December 04, 2023; 6:15:24 PM -0500

V3.1: 7.8 HIGH
CVE-2023-45777 - In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution ... read CVE-2023-45777
Published: December 04, 2023; 6:15:26 PM -0500

V3.1: 7.8 HIGH
CVE-2023-45776 - In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e... read CVE-2023-45776
Published: December 04, 2023; 6:15:26 PM -0500

V3.1: 7.8 HIGH
CVE-2023-45775 - In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e... read CVE-2023-45775
Published: December 04, 2023; 6:15:26 PM -0500

V3.1: 7.8 HIGH
CVE-2023-45774 - In fixUpIncomingShortcutInfo of ShortcutService.java, there is a possible way to view another user's image due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ... read CVE-2023-45774
Published: December 04, 2023; 6:15:26 PM -0500

V3.1: 7.8 HIGH
CVE-2023-45773 - In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
Published: December 04, 2023; 6:15:26 PM -0500

V3.1: 7.8 HIGH
CVE-2023-40462 - The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router fu... read CVE-2023-40462
Published: December 04, 2023; 6:15:25 PM -0500

V3.1: 7.5 HIGH

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: