Vulnerabilities (CVE)

Filtered by CWE-284
Total 4437 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-6582 1 Wpmet 1 Elements Kit Elementor Addons 2026-06-17 N/A 5.3 MEDIUM
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekit_widgetarea_content function. This makes it possible for unauthenticated attackers to obtain contents of posts in draft, private or pending review status that should not be visible to the general public. This applies to posts created with Elementor only.
CVE-2023-6491 1 Wpchill 1 Strong Testimonials 2026-06-17 N/A 4.3 MEDIUM
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and above, to modify favorite views.
CVE-2023-5833 1 Mintplexlabs 1 Anythingllm 2026-06-17 N/A 8.8 HIGH
Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0.
CVE-2023-5365 1 Hp 1 Life 2026-06-17 N/A 9.8 CRITICAL
HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure.
CVE-2023-5240 1 Devolutions 1 Devolutions Server 2026-06-17 N/A 7.5 HIGH
Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request.
CVE-2023-52972 1 Huawei 2 Yutufz-5651s1, Yutufz-5651s1 Senaryaudio 2026-06-17 N/A 5.5 MEDIUM
Huawei PCs have a vulnerability that allows low-privilege users to bypass SDDL permission checks . Successful exploitation this vulnerability could lead to termination of some system processes.
CVE-2023-52801 1 Linux 1 Linux Kernel 2026-06-17 N/A 9.1 CRITICAL
In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix missing update of domains_itree after splitting iopt_area In iopt_area_split(), if the original iopt_area has filled a domain and is linked to domains_itree, pages_nodes have to be properly reinserted. Otherwise the domains_itree becomes corrupted and we will UAF.
CVE-2023-52712 1 Huawei 2 Curiem-wfg9b, Curiem-wfg9b Firmware 2026-06-17 N/A 7.8 HIGH
Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially leading code execution in SMM
CVE-2023-52711 1 Huawei 2 Curiem-wfg9b, Curiem-wfg9b Firmware 2026-06-17 N/A 7.8 HIGH
Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory thus potentially leading code execution in SMM
CVE-2023-52537 1 Huawei 2 Emui, Harmonyos 2026-06-17 N/A 7.5 HIGH
Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52375 1 Huawei 2 Emui, Harmonyos 2026-06-17 N/A 7.5 HIGH
Permission control vulnerability in the WindowManagerServices module.Successful exploitation of this vulnerability may affect availability.
CVE-2023-52367 1 Huawei 2 Emui, Harmonyos 2026-06-17 N/A 7.7 HIGH
Vulnerability of improper access control in the media library module.Successful exploitation of this vulnerability may affect service availability and integrity.
CVE-2023-52164 2026-06-17 N/A 5.1 MEDIUM
access_device.cgi on Digiever DS-2105 Pro 3.1.0.71-11 devices allows arbitrary file read. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-52114 1 Huawei 2 Emui, Harmonyos 2026-06-17 N/A 7.5 HIGH
Data confidentiality vulnerability in the ScreenReader module. Successful exploitation of this vulnerability may affect service integrity.
CVE-2023-52105 1 Huawei 1 Harmonyos 2026-06-17 N/A 7.5 HIGH
The nearby module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect availability.
CVE-2023-52099 1 Huawei 2 Emui, Harmonyos 2026-06-17 N/A 7.5 HIGH
Vulnerability of foreground service restrictions being bypassed in the NMS module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-51786 2026-06-17 N/A 9.1 CRITICAL
An issue was discovered in Lustre versions 2.13.x, 2.14.x, and 2.15.x before 2.15.4, allows attackers to escalate privileges and obtain sensitive information via Incorrect Access Control.
CVE-2023-51774 1 Json-jwt Project 1 Json-jwt 2026-06-17 N/A 8.4 HIGH
The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode.
CVE-2023-51751 2 Microsoft, Scalefusion 2 Windows, Scalefusion 2026-06-17 N/A 6.8 MEDIUM
ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode.
CVE-2023-51644 1 Alltena 1 Allegra 2026-06-17 N/A 7.3 HIGH
Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of Struts. The issue results from improper access control. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22512.