Live-Hack-CVE/CVE-2023-0727 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_delete_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted CVE project by @Sn0wAlice Create: 2023-02-08 09:37:11 +0000 UTC Push: 2023-02-08 09:37:13 +0000 UTC |

Live-Hack-CVE/CVE-2023-0723 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_move_object function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted th CVE project by @Sn0wAlice Create: 2023-02-08 09:37:08 +0000 UTC Push: 2023-02-08 09:37:10 +0000 UTC |

Live-Hack-CVE/CVE-2023-0719 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_sort_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and per CVE project by @Sn0wAlice Create: 2023-02-08 09:37:04 +0000 UTC Push: 2023-02-08 09:37:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-0712 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_move_object function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform CVE project by @Sn0wAlice Create: 2023-02-08 09:37:00 +0000 UTC Push: 2023-02-08 09:37:03 +0000 UTC |

Live-Hack-CVE/CVE-2022-47418 LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document version comments. CVE project by @Sn0wAlice Create: 2023-02-08 09:36:57 +0000 UTC Push: 2023-02-08 09:36:59 +0000 UTC |

Live-Hack-CVE/CVE-2021-36471 Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html, /admin/index3.html URIs. CVE project by @Sn0wAlice Create: 2023-02-08 09:36:53 +0000 UTC Push: 2023-02-08 09:36:55 +0000 UTC |

Live-Hack-CVE/CVE-2023-24828 Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users (or everyone if it allows self-registration) may exploit this to elevate privilege to obtain administrator per CVE project by @Sn0wAlice Create: 2023-02-08 09:36:50 +0000 UTC Push: 2023-02-08 09:36:52 +0000 UTC |

Live-Hack-CVE/CVE-2023-0718 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform CVE project by @Sn0wAlice Create: 2023-02-08 09:36:46 +0000 UTC Push: 2023-02-08 09:36:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-45192 An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request. CVE project by @Sn0wAlice Create: 2023-02-08 09:36:42 +0000 UTC Push: 2023-02-08 09:36:45 +0000 UTC |

Live-Hack-CVE/CVE-2022-45191 An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values. CVE project by @Sn0wAlice Create: 2023-02-08 09:36:39 +0000 UTC Push: 2023-02-08 09:36:41 +0000 UTC |

Live-Hack-CVE/CVE-2022-45190 An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the device. CVE project by @Sn0wAlice Create: 2023-02-08 09:36:35 +0000 UTC Push: 2023-02-08 09:36:38 +0000 UTC |

Live-Hack-CVE/CVE-2022-40480 Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was discovered to contain an issue which allows attackers to cause a Denial of Service (DoS) via a crafted ConReq packet. CVE project by @Sn0wAlice Create: 2023-02-08 09:36:32 +0000 UTC Push: 2023-02-08 09:36:34 +0000 UTC |

0xhaggis/CVE-2021-44168 A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3. Create: 2023-02-08 07:30:52 +0000 UTC Push: 2023-10-18 17:15:55 +0000 UTC |

0xhaggis/CVE-2021-44186 A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3. Create: 2023-02-08 07:30:52 +0000 UTC Push: 2023-06-21 20:53:44 +0000 UTC |

Live-Hack-CVE/CVE-2023-0728 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted th CVE project by @Sn0wAlice Create: 2023-02-08 07:26:11 +0000 UTC Push: 2023-02-08 07:26:14 +0000 UTC |

Live-Hack-CVE/CVE-2023-0713 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_add_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform CVE project by @Sn0wAlice Create: 2023-02-08 07:26:08 +0000 UTC Push: 2023-02-08 07:26:10 +0000 UTC |

Live-Hack-CVE/CVE-2022-47419 An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system. CVE project by @Sn0wAlice Create: 2023-02-08 07:26:03 +0000 UTC Push: 2023-02-08 07:26:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-47417 LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document file name. CVE project by @Sn0wAlice Create: 2023-02-08 07:26:00 +0000 UTC Push: 2023-02-08 07:26:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-47416 LogicalDOC Enterprise is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app chat system. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:56 +0000 UTC Push: 2023-02-08 07:25:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-47415 LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app messaging system (both subject and message bodies). CVE project by @Sn0wAlice Create: 2023-02-08 07:25:52 +0000 UTC Push: 2023-02-08 07:25:55 +0000 UTC |