Live-Hack-CVE/CVE-2023-0086 The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save() function. This makes it possible for unauthenticated attackers to to modify the plugin's settings via a forged request granted the CVE project by @Sn0wAlice Create: 2023-01-06 05:23:07 +0000 UTC Push: 2023-01-06 05:23:10 +0000 UTC |

Live-Hack-CVE/CVE-2023-22454 Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has the "require mode CVE project by @Sn0wAlice Create: 2023-01-06 05:23:03 +0000 UTC Push: 2023-01-06 05:23:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-22453 Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, the number of times a user posted in an arbitrary topic is exposed to unauthorized users through the `/u/username.json` endpoint. The issue is patched in CVE project by @Sn0wAlice Create: 2023-01-06 05:22:58 +0000 UTC Push: 2023-01-06 05:23:01 +0000 UTC |

Live-Hack-CVE/CVE-2022-46177 Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, when a user requests for a password reset link email, then changes their primary email, the old reset email is still valid. When the old reset email is us CVE project by @Sn0wAlice Create: 2023-01-06 05:22:53 +0000 UTC Push: 2023-01-06 05:22:57 +0000 UTC |

Live-Hack-CVE/CVE-2017-20163 A vulnerability has been found in Red Snapper NView and classified as critical. This vulnerability affects the function mutate of the file src/Session.php. The manipulation of the argument session leads to sql injection. The name of the patch is cbd255f55d476b29e5680f66f48c73ddb3d416a8. It is recommended to apply a pat CVE project by @Sn0wAlice Create: 2023-01-06 05:22:49 +0000 UTC Push: 2023-01-06 05:22:52 +0000 UTC |

Live-Hack-CVE/CVE-2014-125044 A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This affects an unknown part of the file index.php. The manipulation of the argument p leads to file inclusion. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The name of the CVE project by @Sn0wAlice Create: 2023-01-06 05:22:44 +0000 UTC Push: 2023-01-06 05:22:47 +0000 UTC |

Live-Hack-CVE/CVE-2014-125043 A vulnerability, which was classified as problematic, has been found in vicamo NetworkManager. Affected by this issue is the function send_arps of the file src/devices/nm-device.c. The manipulation leads to unchecked return value. The name of the patch is 4da19b89815cbf6e063e39bc33c04fe4b3f789df. It is recommended to a CVE project by @Sn0wAlice Create: 2023-01-06 05:22:39 +0000 UTC Push: 2023-01-06 05:22:43 +0000 UTC |

Live-Hack-CVE/CVE-2014-125042 A vulnerability classified as problematic was found in vicamo NetworkManager. Affected by this vulnerability is the function nm_setting_vlan_add_priority_str/nm_utils_rsa_key_encrypt/nm_setting_vlan_add_priority_str. The manipulation leads to missing release of resource. The name of the patch is afb0e2c53c4c17dfdb89d63 CVE project by @Sn0wAlice Create: 2023-01-06 05:22:35 +0000 UTC Push: 2023-01-06 05:22:38 +0000 UTC |

Live-Hack-CVE/CVE-2023-0088 The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on several AJAX actions handling page creation and deletion among other things. This makes it possible for unauthenticated attackers to i CVE project by @Sn0wAlice Create: 2023-01-06 05:22:30 +0000 UTC Push: 2023-01-06 05:22:34 +0000 UTC |

Live-Hack-CVE/CVE-2023-0087 The Swifty Page Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘spm_plugin_options_page_tree_max_width’ parameter in versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator- CVE project by @Sn0wAlice Create: 2023-01-06 05:22:26 +0000 UTC Push: 2023-01-06 05:22:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-23549 Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta15 on the `beta` and `tests-passed` branches, users can create posts with raw body longer than the `max_length` site setting by including html comments that are not counted toward the character limit. CVE project by @Sn0wAlice Create: 2023-01-06 05:22:21 +0000 UTC Push: 2023-01-06 05:22:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-23548 Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible to XSS attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds. CVE project by @Sn0wAlice Create: 2023-01-06 05:22:17 +0000 UTC Push: 2023-01-06 05:22:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-23546 In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue. CVE project by @Sn0wAlice Create: 2023-01-06 05:22:12 +0000 UTC Push: 2023-01-06 05:22:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-4724 Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5. CVE project by @Sn0wAlice Create: 2023-01-06 05:22:04 +0000 UTC Push: 2023-01-06 05:22:07 +0000 UTC |

Live-Hack-CVE/CVE-2022-4435 A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. CVE project by @Sn0wAlice Create: 2023-01-06 04:16:50 +0000 UTC Push: 2023-01-06 04:16:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-4434 A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a local attacker with elevated privileges to cause information disclosure. CVE project by @Sn0wAlice Create: 2023-01-06 04:16:45 +0000 UTC Push: 2023-01-06 04:16:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-4433 A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. CVE project by @Sn0wAlice Create: 2023-01-06 04:16:40 +0000 UTC Push: 2023-01-06 04:16:44 +0000 UTC |

Live-Hack-CVE/CVE-2022-4432 A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. CVE project by @Sn0wAlice Create: 2023-01-06 04:16:35 +0000 UTC Push: 2023-01-06 04:16:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-46168 Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta15 on the `beta` and `tests-passed` branches, recipients of a group SMTP email could see the email addresses of all other users inside the group SMTP topic. Most of the time this is not an issue as th CVE project by @Sn0wAlice Create: 2023-01-06 04:16:31 +0000 UTC Push: 2023-01-06 04:16:34 +0000 UTC |

Live-Hack-CVE/CVE-2022-43844 IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak. IBM X-Force ID: 239081. CVE project by @Sn0wAlice Create: 2023-01-06 04:16:26 +0000 UTC Push: 2023-01-06 04:16:29 +0000 UTC |