National Vulnerability Database – Page 13

CVE-2023-46211 (ultimate_addons_for_wpbakery_page_builder)

Posted on October 27, 2023 by National Vulnerability Database

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <=Â 3.19.14 versions. Continue reading CVE-2023-46211 (ultimate_addons_for_wpbakery_page_builder)→

CVE-2023-40138 (android)

Posted on October 27, 2023 by National Vulnerability Database

In FillUi of FillUi.java, there is a possible way to view another user’s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Continue reading CVE-2023-40138 (android)→

CVE-2023-40137 (android)

Posted on October 27, 2023 by National Vulnerability Database

In multiple functions of DialogFillUi.java, there is a possible way to view another user’s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed f… Continue reading CVE-2023-40137 (android)→

CVE-2023-46200 (smart_app_banner)

Posted on October 27, 2023 by National Vulnerability Database

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <=Â 1.1.3 versions. Continue reading CVE-2023-46200 (smart_app_banner)→

CVE-2023-40131 (android)

Posted on October 27, 2023 by National Vulnerability Database

In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Continue reading CVE-2023-40131 (android)→

CVE-2023-40136 (android)

Posted on October 27, 2023 by National Vulnerability Database

In setHeader of DialogFillUi.java, there is a possible way to view another user’s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploi… Continue reading CVE-2023-40136 (android)→

CVE-2023-46209 (grid-plus)

Posted on October 27, 2023 by National Vulnerability Database

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme Grid Plus â€“ Unlimited grid plugin <=Â 1.3.2 versions. Continue reading CVE-2023-46209 (grid-plus)→

CVE-2023-40121 (android)

Posted on October 27, 2023 by National Vulnerability Database

In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Continue reading CVE-2023-40121 (android)→

CVE-2023-40123 (android)

Posted on October 27, 2023 by National Vulnerability Database

In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not nee… Continue reading CVE-2023-40123 (android)→

CVE-2023-40117 (android)

Posted on October 27, 2023 by National Vulnerability Database

In resetSettingsLocked of SettingsProvider.java, there is a possible lockscreen bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for expl… Continue reading CVE-2023-40117 (android)→