CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29724
https://notcve.org/view.php?id=CVE-2023-29724
02 Jun 2023 — The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with this data to cause an escalation of privilege attack. • http://bungaakpstudio007.com •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29725
https://notcve.org/view.php?id=CVE-2023-29725
02 Jun 2023 — The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, res... • http://bungaakpstudio007.com •
CVSS: 8.5EPSS: 2%CPEs: 4EXPL: 0CVE-2023-28382
https://notcve.org/view.php?id=CVE-2023-28382
26 May 2023 — Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary file on the server. Affected products and versions are as follows: ESS REC Agent Server Edition for Linux V1.0.0 to V1.4.3, ESS REC Agent Server Edition for Solaris V1.1.0 to V1.4.0, ESS REC Agent Server Edition for HP-UX V1.1.0 to V1.4.0, and ESS REC Agent Server Edition for AIX V1.2.0 to V1.4.1 • https://customer.et-x.jp/app/answers/detail/a_id/2260 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23867 – WordPress Button Builder – Buttons X Plugin <= 0.8.6 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-23867
18 Apr 2023 — Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gautam Thapar Button Builder – Buttons X plugin <= 0.8.6 versions. The Button Builder – Buttons X plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the btnsx shortcode in versions up to, and including, 0.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers , with contributor-level access and above, to inject arbitrary web script... • https://patchstack.com/database/vulnerability/buttons-x/wordpress-button-builder-buttons-x-plugin-0-8-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0490 – f(x) TOC <= 1.1.0 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-0490
18 Apr 2023 — The f(x) TOC WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The f(x) TOC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied ... • https://wpscan.com/vulnerability/9b497d21-f075-41a9-afec-3e24034c8c63 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46021
https://notcve.org/view.php?id=CVE-2022-46021
31 Mar 2023 — X-Man 1.0 has a SQL injection vulnerability, which can cause data leakage. • https://github.com/Howard512966/x-man-injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1393 – X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-1393
30 Mar 2023 — A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. A vulnerability was found in X.Org Server. This flaw occurs if a client explicitly destroys the compositor overlay window (aka COW), where Xserver leaves a dangling pointer to that window in the CompScre... • https://gitlab.freedesktop.org/xorg/xserver/-/commit/26ef545b3502f61ca722a7a3373507e88ef64110 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47445 – WordPress Be POPIA Compliant Plugin <= 1.2.0 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2022-47445
15 Mar 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Web-X Be POPIA Compliant be-popia-compliant allows SQL Injection.This issue affects Be POPIA Compliant: from n/a through 1.2.0. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Web-X Be POPIA Compliant be-popia-compliant permite la inyección SQL. Este problema afecta Be POPIA Compliant: desde n/a hasta 1.2.0. The Be POPIA Compliant plugin... • https://patchstack.com/database/vulnerability/be-popia-compliant/wordpress-be-popia-compliant-plugin-1-2-0-sql-injection?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2023-0494 – X.Org Server DeepCopyPointerClasses Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-0494
07 Feb 2023 — A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the abilit... • https://bugzilla.redhat.com/show_bug.cgi?id=2165995 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44617 – libXpm: Runaway loop on width of 0 and enormous height
https://notcve.org/view.php?id=CVE-2022-44617
18 Jan 2023 — A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. Martin Ettl discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a deni... • https://bugzilla.redhat.com/show_bug.cgi?id=2160193 • CWE-20: Improper Input Validation CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •