Live-Hack-CVE/CVE-2023-0713 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_add_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform CVE project by @Sn0wAlice Create: 2023-02-08 07:26:08 +0000 UTC Push: 2023-02-08 07:26:10 +0000 UTC |

Live-Hack-CVE/CVE-2022-47419 An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system. CVE project by @Sn0wAlice Create: 2023-02-08 07:26:03 +0000 UTC Push: 2023-02-08 07:26:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-47417 LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document file name. CVE project by @Sn0wAlice Create: 2023-02-08 07:26:00 +0000 UTC Push: 2023-02-08 07:26:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-47416 LogicalDOC Enterprise is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app chat system. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:56 +0000 UTC Push: 2023-02-08 07:25:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-47415 LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app messaging system (both subject and message bodies). CVE project by @Sn0wAlice Create: 2023-02-08 07:25:52 +0000 UTC Push: 2023-02-08 07:25:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-47414 If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the document "note" functionality. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:48 +0000 UTC Push: 2023-02-08 07:25:51 +0000 UTC |

Live-Hack-CVE/CVE-2022-47413 Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or "Type II") XSS condition. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:44 +0000 UTC Push: 2023-02-08 07:25:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-46663 In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:41 +0000 UTC Push: 2023-02-08 07:25:43 +0000 UTC |

Live-Hack-CVE/CVE-2017-17856 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:37 +0000 UTC Push: 2023-02-08 07:25:39 +0000 UTC |

Live-Hack-CVE/CVE-2017-17857 The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:33 +0000 UTC Push: 2023-02-08 07:25:35 +0000 UTC |

Live-Hack-CVE/CVE-2017-17855 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:30 +0000 UTC Push: 2023-02-08 07:25:32 +0000 UTC |

Live-Hack-CVE/CVE-2017-18079 drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:26 +0000 UTC Push: 2023-02-08 07:25:28 +0000 UTC |

Live-Hack-CVE/CVE-2017-18075 crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by CVE project by @Sn0wAlice Create: 2023-02-08 07:25:22 +0000 UTC Push: 2023-02-08 07:25:25 +0000 UTC |

Live-Hack-CVE/CVE-2017-17854 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:18 +0000 UTC Push: 2023-02-08 07:25:21 +0000 UTC |

Live-Hack-CVE/CVE-2020-6090 An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:12 +0000 UTC Push: 2023-02-08 07:25:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-47770 Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Unauthenticated SQL Injection. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:08 +0000 UTC Push: 2023-02-08 07:25:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-32518 A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert (Versions prior to V7.9.0) CVE project by @Sn0wAlice Create: 2023-02-08 06:18:18 +0000 UTC Push: 2023-02-08 06:18:21 +0000 UTC |

Live-Hack-CVE/CVE-2022-4285 An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. CVE project by @Sn0wAlice Create: 2023-02-08 06:18:12 +0000 UTC Push: 2023-02-08 06:18:16 +0000 UTC |

Live-Hack-CVE/CVE-2022-4139 An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. CVE project by @Sn0wAlice Create: 2023-02-08 06:18:09 +0000 UTC Push: 2023-02-08 06:18:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-32523 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted online data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0 CVE project by @Sn0wAlice Create: 2023-02-08 06:18:05 +0000 UTC Push: 2023-02-08 06:18:07 +0000 UTC |