Live-Hack-CVE/CVE-2023-0373 The Lightweight Accordion WordPress plugin before 1.5.15 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks CVE project by @Sn0wAlice Create: 2023-02-16 01:52:10 +0000 UTC Push: 2023-02-16 01:52:13 +0000 UTC |

Live-Hack-CVE/CVE-2023-0360 The Location Weather WordPress plugin before 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2023-02-16 01:52:06 +0000 UTC Push: 2023-02-16 01:52:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-0333 The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not validate some of its shortcode attributes before using them to generate an HTML tag, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks CVE project by @Sn0wAlice Create: 2023-02-16 01:52:02 +0000 UTC Push: 2023-02-16 01:52:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-0275 The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2023-02-16 01:51:58 +0000 UTC Push: 2023-02-16 01:52:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-0263 The WP Yelp Review Slider WordPress plugin before 7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. CVE project by @Sn0wAlice Create: 2023-02-16 01:51:51 +0000 UTC Push: 2023-02-16 01:51:54 +0000 UTC |

Live-Hack-CVE/CVE-2023-23943 Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is upgraded to 1.15.0 or 2.2. CVE project by @Sn0wAlice Create: 2023-02-16 01:51:47 +0000 UTC Push: 2023-02-16 01:51:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-42950 An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service. CVE project by @Sn0wAlice Create: 2023-02-15 23:40:56 +0000 UTC Push: 2023-02-15 23:40:59 +0000 UTC |

Live-Hack-CVE/CVE-2022-42951 An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using defaul CVE project by @Sn0wAlice Create: 2023-02-15 23:40:52 +0000 UTC Push: 2023-02-15 23:40:55 +0000 UTC |

Live-Hack-CVE/CVE-2023-25768 A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. CVE project by @Sn0wAlice Create: 2023-02-15 23:40:45 +0000 UTC Push: 2023-02-15 23:40:48 +0000 UTC |

Live-Hack-CVE/CVE-2023-25767 A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server. CVE project by @Sn0wAlice Create: 2023-02-15 23:40:42 +0000 UTC Push: 2023-02-15 23:40:44 +0000 UTC |

Live-Hack-CVE/CVE-2023-25766 A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. CVE project by @Sn0wAlice Create: 2023-02-15 23:40:38 +0000 UTC Push: 2023-02-15 23:40:40 +0000 UTC |

Live-Hack-CVE/CVE-2023-25765 In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. CVE project by @Sn0wAlice Create: 2023-02-15 23:40:34 +0000 UTC Push: 2023-02-15 23:40:37 +0000 UTC |

Live-Hack-CVE/CVE-2023-25764 Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or change custom email templates. CVE project by @Sn0wAlice Create: 2023-02-15 23:40:30 +0000 UTC Push: 2023-02-15 23:40:33 +0000 UTC |

Live-Hack-CVE/CVE-2023-25763 Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control affected fields. CVE project by @Sn0wAlice Create: 2023-02-15 23:40:27 +0000 UTC Push: 2023-02-15 23:40:29 +0000 UTC |

Live-Hack-CVE/CVE-2023-25762 Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names. CVE project by @Sn0wAlice Create: 2023-02-15 23:40:23 +0000 UTC Push: 2023-02-15 23:40:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-25761 Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin. CVE project by @Sn0wAlice Create: 2023-02-15 23:40:19 +0000 UTC Push: 2023-02-15 23:40:22 +0000 UTC |

Live-Hack-CVE/CVE-2023-0841 A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public CVE project by @Sn0wAlice Create: 2023-02-15 23:40:15 +0000 UTC Push: 2023-02-15 23:40:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-32477 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FvbServicesRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection f CVE project by @Sn0wAlice Create: 2023-02-15 23:40:11 +0000 UTC Push: 2023-02-15 23:40:14 +0000 UTC |

Live-Hack-CVE/CVE-2022-32475 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the VariableRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This issue was fixed in the kernel, which also protected CVE project by @Sn0wAlice Create: 2023-02-15 23:40:07 +0000 UTC Push: 2023-02-15 23:40:10 +0000 UTC |

Live-Hack-CVE/CVE-2022-32469 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the PnpSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI run CVE project by @Sn0wAlice Create: 2023-02-15 23:40:03 +0000 UTC Push: 2023-02-15 23:40:06 +0000 UTC |