CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0689 – Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_first_name' shortcode
https://notcve.org/view.php?id=CVE-2023-0689
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_first_name' shortcode in versions up to, and including, 3.3.1. • https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078 https://plugins.trac.wordpress.org/changeset/2910040 https://www.wordfence.com/threat-intel/vulnerabilities/id/356cf06e-16e7-438b-83b5-c8a52a21f903?source=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40004 – Unauth. Access Token Manipulation vulnerability in multiple ServMask WordPress plugins
https://notcve.org/view.php?id=CVE-2023-40004
This makes it possible for unauthenticated attackers to modify the access token which could result in sensitive information disclosure or unauthorized back-up restoration. • https://patchstack.com/articles/pre-auth-access-token-manipulation-in-all-in-one-wp-migration-extensions?_s_id=cve https://patchstack.com/database/vulnerability/all-in-one-wp-migration-box-extension/wordpress-all-in-one-wp-migration-box-extension-plugin-1-53-unauthenticated-access-token-manipulation-vulnerability?_s_id=cve https://patchstack.com/database/vulnerability/all-in-one-wp-migration-dropbox-extension/wordpress-all-in-one-wp-migration-dropbox-extension-plugin-3-75-unauthenticated-access-token-manipulation-vulnerability?_s& • CWE-862: Missing Authorization •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4611 – Use after free race between mbind() and vma-locked page fault
https://notcve.org/view.php?id=CVE-2023-4611
This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak. • https://access.redhat.com/security/cve/CVE-2023-4611 https://bugzilla.redhat.com/show_bug.cgi?id=2227244 https://www.spinics.net/lists/stable-commits/msg310136.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40889
https://notcve.org/view.php?id=CVE-2023-40889
Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. • https://hackmd.io/%40cspl/B1ZkFZv23 https://lists.debian.org/debian-lts-announce/2023/12/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25LZZQJGGZRPLKTRNRNOTAFQJIPS7WRP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DC7V5YCLCPB36J2KY6WLZCABFLBRB665 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40890
https://notcve.org/view.php?id=CVE-2023-40890
Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. • https://hackmd.io/%40cspl/H1PxPAUnn https://lists.debian.org/debian-lts-announce/2023/12/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25LZZQJGGZRPLKTRNRNOTAFQJIPS7WRP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DC7V5YCLCPB36J2KY6WLZCABFLBRB665 • CWE-787: Out-of-bounds Write •