unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Search
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2023-0684
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_unassign_folders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and pe CVE project by @Sn0wAlice
Create: 2023-02-08 15:12:57 +0000 UTC Push: 2023-02-08 15:12:59 +0000 UTC |
Live-Hack-CVE/CVE-2023-0739
Race Condition in Switch in GitHub repository answerdev/answer prior to 1.0.4. CVE project by @Sn0wAlice
Create: 2023-02-08 15:12:44 +0000 UTC Push: 2023-02-08 15:12:47 +0000 UTC |
daniel616/CVE-2022-21661-Demo
Demonstration of the SQL injection vulnerability in wordpress 5.8.2
Create: 2023-02-08 12:58:57 +0000 UTC Push: 2023-02-08 12:58:58 +0000 UTC |
Live-Hack-CVE/CVE-2023-23026
Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 sales management system 1.0, allows attackers to execute arbitrary code via the product_name and product_price inputs in file print.php. CVE project by @Sn0wAlice
Create: 2023-02-08 09:37:33 +0000 UTC Push: 2023-02-08 09:37:35 +0000 UTC |
Live-Hack-CVE/CVE-2023-23011
Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filter_product input to file modal_product_lookups.php. CVE project by @Sn0wAlice
Create: 2023-02-08 09:37:29 +0000 UTC Push: 2023-02-08 09:37:31 +0000 UTC |
Live-Hack-CVE/CVE-2023-0736
Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wallabag prior to 2.5.4. CVE project by @Sn0wAlice
Create: 2023-02-08 09:37:26 +0000 UTC Push: 2023-02-08 09:37:28 +0000 UTC |
Live-Hack-CVE/CVE-2023-0735
Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4. CVE project by @Sn0wAlice
Create: 2023-02-08 09:37:22 +0000 UTC Push: 2023-02-08 09:37:24 +0000 UTC |
Live-Hack-CVE/CVE-2023-0731
The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor level CVE project by @Sn0wAlice
Create: 2023-02-08 09:37:18 +0000 UTC Push: 2023-02-08 09:37:20 +0000 UTC |
Live-Hack-CVE/CVE-2023-0730
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder_order function. This makes it possible for unauthenticated attackers to invoke this function via forged request gran CVE project by @Sn0wAlice
Create: 2023-02-08 09:37:15 +0000 UTC Push: 2023-02-08 09:37:17 +0000 UTC |
Live-Hack-CVE/CVE-2023-0727
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_delete_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted CVE project by @Sn0wAlice
Create: 2023-02-08 09:37:11 +0000 UTC Push: 2023-02-08 09:37:13 +0000 UTC |
Live-Hack-CVE/CVE-2023-0723
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_move_object function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted th CVE project by @Sn0wAlice
Create: 2023-02-08 09:37:08 +0000 UTC Push: 2023-02-08 09:37:10 +0000 UTC |
Live-Hack-CVE/CVE-2023-0719
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_sort_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and per CVE project by @Sn0wAlice
Create: 2023-02-08 09:37:04 +0000 UTC Push: 2023-02-08 09:37:06 +0000 UTC |
Live-Hack-CVE/CVE-2023-0712
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_move_object function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform CVE project by @Sn0wAlice
Create: 2023-02-08 09:37:00 +0000 UTC Push: 2023-02-08 09:37:03 +0000 UTC |
Live-Hack-CVE/CVE-2022-47418
LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document version comments. CVE project by @Sn0wAlice
Create: 2023-02-08 09:36:57 +0000 UTC Push: 2023-02-08 09:36:59 +0000 UTC |
Live-Hack-CVE/CVE-2021-36471
Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html, /admin/index3.html URIs. CVE project by @Sn0wAlice
Create: 2023-02-08 09:36:53 +0000 UTC Push: 2023-02-08 09:36:55 +0000 UTC |
Live-Hack-CVE/CVE-2023-24828
Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users (or everyone if it allows self-registration) may exploit this to elevate privilege to obtain administrator per CVE project by @Sn0wAlice
Create: 2023-02-08 09:36:50 +0000 UTC Push: 2023-02-08 09:36:52 +0000 UTC |
Live-Hack-CVE/CVE-2023-0718
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform CVE project by @Sn0wAlice
Create: 2023-02-08 09:36:46 +0000 UTC Push: 2023-02-08 09:36:48 +0000 UTC |
Live-Hack-CVE/CVE-2022-45192
An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request. CVE project by @Sn0wAlice
Create: 2023-02-08 09:36:42 +0000 UTC Push: 2023-02-08 09:36:45 +0000 UTC |
Live-Hack-CVE/CVE-2022-45191
An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values. CVE project by @Sn0wAlice
Create: 2023-02-08 09:36:39 +0000 UTC Push: 2023-02-08 09:36:41 +0000 UTC |
Live-Hack-CVE/CVE-2022-45190
An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the device. CVE project by @Sn0wAlice
Create: 2023-02-08 09:36:35 +0000 UTC Push: 2023-02-08 09:36:38 +0000 UTC |
Previous
656
657
658
659
660
661
662
663
Next