Launchpad CVE tracker

Find CVEs by number or keywords:
Show all registered CVEs

Recently updated CVEs

CVE-2023-5217 (Candidate)
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Created and modified .

CVE-2023-5255 (Candidate)
For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked.
Created and modified .

CVE-2023-5291 (Candidate)
The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Created and modified .

CVE-2023-5349 (Candidate)
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Created and modified .

CVE-2023-5350 (Candidate)
SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1.
Created and modified .

Launchpad includes full support for the CVE framework. We update the Launchpad CVE database daily to ensure it includes details of all known vulnerabilities.