Live-Hack-CVE/CVE-2023-23617 OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds. CVE project by @Sn0wAlice Create: 2023-01-28 10:03:15 +0000 UTC Push: 2023-01-28 10:03:17 +0000 UTC |

Live-Hack-CVE/CVE-2023-23616 Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to flood the database CVE project by @Sn0wAlice Create: 2023-01-28 10:03:11 +0000 UTC Push: 2023-01-28 10:03:13 +0000 UTC |

Live-Hack-CVE/CVE-2023-22737 wire-server provides back end services for Wire, a team communication and collaboration platform. Prior to version 2022-12-09, every member of a Conversation can remove a Bot from a Conversation due to a missing permissions check. Only Conversation admins should be able to remove Bots. Regular Conversations are not all CVE project by @Sn0wAlice Create: 2023-01-28 10:03:07 +0000 UTC Push: 2023-01-28 10:03:10 +0000 UTC |

Live-Hack-CVE/CVE-2020-13640 A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. (No 7.x versions are affected.) CVE project by @Sn0wAlice Create: 2023-01-28 10:03:04 +0000 UTC Push: 2023-01-28 10:03:06 +0000 UTC |

Live-Hack-CVE/CVE-2020-14966 An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a security-relevant impac CVE project by @Sn0wAlice Create: 2023-01-28 10:03:00 +0000 UTC Push: 2023-01-28 10:03:02 +0000 UTC |

Live-Hack-CVE/CVE-2020-14967 An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts (it decrypts modified ciphertexts without error). An attacker might prepend these bytes with the goal of triggering mem CVE project by @Sn0wAlice Create: 2023-01-28 10:02:57 +0000 UTC Push: 2023-01-28 10:02:59 +0000 UTC |

Live-Hack-CVE/CVE-2020-17366 An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate Revocation List files from th CVE project by @Sn0wAlice Create: 2023-01-28 07:53:13 +0000 UTC Push: 2023-01-28 07:53:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-48107 D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress. This vulnerability allows attackers to escalate privileges to root via a crafted payload. CVE project by @Sn0wAlice Create: 2023-01-28 07:53:09 +0000 UTC Push: 2023-01-28 07:53:11 +0000 UTC |

Live-Hack-CVE/CVE-2023-0555 The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those actions intended for admini CVE project by @Sn0wAlice Create: 2023-01-28 07:53:06 +0000 UTC Push: 2023-01-28 07:53:08 +0000 UTC |

Live-Hack-CVE/CVE-2023-0554 The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged request granted they can tri CVE project by @Sn0wAlice Create: 2023-01-28 07:53:02 +0000 UTC Push: 2023-01-28 07:53:04 +0000 UTC |

Live-Hack-CVE/CVE-2023-0553 The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, CVE project by @Sn0wAlice Create: 2023-01-28 07:52:59 +0000 UTC Push: 2023-01-28 07:53:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-0550 The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu item. This makes it poss CVE project by @Sn0wAlice Create: 2023-01-28 07:52:56 +0000 UTC Push: 2023-01-28 07:52:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-48108 D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload. CVE project by @Sn0wAlice Create: 2023-01-28 07:52:52 +0000 UTC Push: 2023-01-28 07:52:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-39380 Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The error makes it impossible to display the affe CVE project by @Sn0wAlice Create: 2023-01-28 07:52:49 +0000 UTC Push: 2023-01-28 07:52:51 +0000 UTC |

Live-Hack-CVE/CVE-2019-25053 A path traversal vulnerability exists in Sage FRP 1000 before November 2019. This allows remote unauthenticated attackers to access files outside of the web tree via a crafted URL. CVE project by @Sn0wAlice Create: 2023-01-28 07:52:45 +0000 UTC Push: 2023-01-28 07:52:47 +0000 UTC |

Live-Hack-CVE/CVE-2023-0558 The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys. CVE project by @Sn0wAlice Create: 2023-01-28 07:52:41 +0000 UTC Push: 2023-01-28 07:52:43 +0000 UTC |

Live-Hack-CVE/CVE-2023-0557 The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.5. This could allow unauthenticated attackers to obtain a nonce needed for the creation of posts. CVE project by @Sn0wAlice Create: 2023-01-28 07:52:37 +0000 UTC Push: 2023-01-28 07:52:39 +0000 UTC |

Live-Hack-CVE/CVE-2023-0556 The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to obtain the blog metadata (via the function cstu_get_metadata) that includes the plugin's co CVE project by @Sn0wAlice Create: 2023-01-28 07:52:34 +0000 UTC Push: 2023-01-28 07:52:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-4255 An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload. CVE project by @Sn0wAlice Create: 2023-01-28 07:52:30 +0000 UTC Push: 2023-01-28 07:52:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-4205 In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash. CVE project by @Sn0wAlice Create: 2023-01-28 07:52:27 +0000 UTC Push: 2023-01-28 07:52:29 +0000 UTC |