Lucene search
K

59 matches found

UbuntuCve
UbuntuCve
added 2023/04/04 1:15 p.m.28 views

CVE-2023-28999

Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files,...

6.9CVSS6.7AI score0.00678EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:55 a.m.3 views

SUSE CVE-2020-16094

In imapscantreerecursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree...

7.5CVSS7.5AI score0.01781EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/02/08 2:15 a.m.2 views

CVE-2023-0724

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxaddfolder function. This makes it possible for unauthenticated attackers to invoke this function via forge...

5.4CVSS5.8AI score0.00308EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/02/08 2:15 a.m.2 views

CVE-2023-0726

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxeditfolder function. This makes it possible for unauthenticated attackers to invoke this function via forg...

5.4CVSS5.8AI score0.00308EPSS
Exploits0References4
OSV
OSV
added 2023/02/08 2:15 a.m.8 views

CVE-2023-0716

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxeditfolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

4.3CVSS6.5AI score0.00576EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/02/08 2:15 a.m.3 views

CVE-2023-0722

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavestate function. This makes it possible for unauthenticated attackers to invoke this function via forge...

5.4CVSS5.8AI score0.00308EPSS
Exploits0References4
OSV
OSV
added 2023/02/08 2:15 a.m.7 views

CVE-2023-0684

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxunassignfolders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...

4.3CVSS5.8AI score0.00576EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/02/08 2:15 a.m.4 views

CVE-2023-0685

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxunassignfolders function. This makes it possible for unauthenticated attackers to invoke this function via...

5.4CVSS5.8AI score0.00308EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/02/08 1:12 a.m.9 views

CVE-2023-0684 Wicked Folders <= 2.18.16 - Missing Authorization via ajax_unassign_folders

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxunassignfolders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...

5.4CVSS6.6AI score0.00576EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/08 1:11 a.m.11 views

CVE-2023-0715 Wicked Folders <= 2.18.16 - Missing Authorization on ajax_clone_folder

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxclonefolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke thi...

5.4CVSS6.6AI score0.00576EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/08 1:3 a.m.10 views

CVE-2023-0720

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavefolderorder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...

5.4CVSS5.2AI score0.00576EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/02/08 12:15 a.m.2 views

CVE-2023-0718

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavefolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

5.4CVSS5.9AI score0.00588EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/02/08 12:0 a.m.6 views

PT-2023-16479 · WordPress · Wicked Folders

Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is due to missing or incorrect nonce validation on the ajax add folder function, making it possible for unauthenticated attackers to invoke this...

5.4CVSS5.4AI score0.00308EPSS
Exploits0References7
Prion
Prion
added 2023/02/07 11:15 p.m.23 views

Authorization

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxmoveobject function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

4CVSS4.4AI score0.00601EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/07 10:57 p.m.8 views

CVE-2023-0712 Wicked Folders <= 2.18.16 - Missing Authorization on ajax_move_object

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxmoveobject function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

5.4CVSS6.6AI score0.00601EPSS
Exploits0References3
OSV
OSV
added 2023/02/07 10:15 p.m.6 views

CVE-2023-0728

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavefolder function. This makes it possible for unauthenticated attackers to invoke this function via forg...

4.3CVSS5.7AI score0.00314EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2023/02/07 12:0 a.m.27 views

Wicked Folders < 2.18.17 - Folder Structure Update via CSRF

The plugin does not have CSRF checks when managing its folder structure such as moving, deleting, creating etc folders, which could allow attackers to make logged admins perform such actions via CSRF attacks...

5.4CVSS5.4AI score0.00322EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2023/02/07 12:0 a.m.10 views

PT-2023-16478 · WordPress · Wicked Folders

Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is due to missing or incorrect nonce validation on the ajax move object function, making it possible for unauthenticated attackers to invoke thi...

5.4CVSS5.5AI score0.00322EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/02/07 12:0 a.m.10 views

PT-2023-16482 · WordPress · Wicked Folders

Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is due to missing or incorrect nonce validation on the ajax save folder function, making it possible for unauthenticated attackers to invoke thi...

5.4CVSS5.5AI score0.00314EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2023/02/07 12:0 a.m.36 views

Wicked Folders < 2.18.17 - Subscriber+ Folder Structure Update

The plugin does not have authorisation check when managing its folder structure such as moving, deleting, creating etc folders, which could allow any authenticated users, such as subscriber to perform such actions...

5.4CVSS5.3AI score0.00601EPSS
Exploits0Affected Software1
Rows per page
Query Builder