Live-Hack-CVE/CVE-2023-0718 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform CVE project by @Sn0wAlice Create: 2023-02-08 09:36:46 +0000 UTC Push: 2023-02-08 09:36:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-45192 An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request. CVE project by @Sn0wAlice Create: 2023-02-08 09:36:42 +0000 UTC Push: 2023-02-08 09:36:45 +0000 UTC |

Live-Hack-CVE/CVE-2022-45191 An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values. CVE project by @Sn0wAlice Create: 2023-02-08 09:36:39 +0000 UTC Push: 2023-02-08 09:36:41 +0000 UTC |

Live-Hack-CVE/CVE-2022-45190 An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the device. CVE project by @Sn0wAlice Create: 2023-02-08 09:36:35 +0000 UTC Push: 2023-02-08 09:36:38 +0000 UTC |

Live-Hack-CVE/CVE-2022-40480 Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was discovered to contain an issue which allows attackers to cause a Denial of Service (DoS) via a crafted ConReq packet. CVE project by @Sn0wAlice Create: 2023-02-08 09:36:32 +0000 UTC Push: 2023-02-08 09:36:34 +0000 UTC |

0xhaggis/CVE-2021-44168 A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3. Create: 2023-02-08 07:30:52 +0000 UTC Push: 2023-10-18 17:15:55 +0000 UTC |

0xhaggis/CVE-2021-44186 A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3. Create: 2023-02-08 07:30:52 +0000 UTC Push: 2023-06-21 20:53:44 +0000 UTC |

Live-Hack-CVE/CVE-2023-0728 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted th CVE project by @Sn0wAlice Create: 2023-02-08 07:26:11 +0000 UTC Push: 2023-02-08 07:26:14 +0000 UTC |

Live-Hack-CVE/CVE-2023-0713 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_add_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform CVE project by @Sn0wAlice Create: 2023-02-08 07:26:08 +0000 UTC Push: 2023-02-08 07:26:10 +0000 UTC |

Live-Hack-CVE/CVE-2022-47419 An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system. CVE project by @Sn0wAlice Create: 2023-02-08 07:26:03 +0000 UTC Push: 2023-02-08 07:26:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-47417 LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document file name. CVE project by @Sn0wAlice Create: 2023-02-08 07:26:00 +0000 UTC Push: 2023-02-08 07:26:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-47416 LogicalDOC Enterprise is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app chat system. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:56 +0000 UTC Push: 2023-02-08 07:25:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-47415 LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app messaging system (both subject and message bodies). CVE project by @Sn0wAlice Create: 2023-02-08 07:25:52 +0000 UTC Push: 2023-02-08 07:25:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-47414 If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the document "note" functionality. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:48 +0000 UTC Push: 2023-02-08 07:25:51 +0000 UTC |

Live-Hack-CVE/CVE-2022-47413 Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or "Type II") XSS condition. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:44 +0000 UTC Push: 2023-02-08 07:25:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-46663 In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:41 +0000 UTC Push: 2023-02-08 07:25:43 +0000 UTC |

Live-Hack-CVE/CVE-2017-17856 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:37 +0000 UTC Push: 2023-02-08 07:25:39 +0000 UTC |

Live-Hack-CVE/CVE-2017-17857 The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:33 +0000 UTC Push: 2023-02-08 07:25:35 +0000 UTC |

Live-Hack-CVE/CVE-2017-17855 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:30 +0000 UTC Push: 2023-02-08 07:25:32 +0000 UTC |

Live-Hack-CVE/CVE-2017-18079 drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:26 +0000 UTC Push: 2023-02-08 07:25:28 +0000 UTC |