CVE-2023-0727

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxdeletefolder function. This makes it possible for unauthenticated attackers to invoke this function via...

CVE-2023-0730

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavefolderorder function. This makes it possible for unauthenticated attackers to invoke this function via...

CVE-2023-0713

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxaddfolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

CVE-2023-0715

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxclonefolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke thi...

CVE-2023-0720

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavefolderorder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...

CVE-2023-30897

A vulnerability has been identified in SIMATIC WinCC All versions V7.5.2.13. Affected applications fail to set proper access rights for their installation folder if a non-default installation path was chosen during installation. This could allow an authenticated local attacker to inject arbitrary...

CVE-2023-6554

When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers...

CVE-2023-48678

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 37391...

CVE-2023-5042

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office Windows before build 40713, Acronis True Image OEM Windows before build 42575...

CVE-2023-44157

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 Windows before build 35979...

CVE-2023-43981

Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component deleteexcludedfolder.php...

CVE-2023-41157

Multiple stored cross-site scripting XSS vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the folder name parameter while creating the folder to manage the folder tab, filter tab, and forward mail tab...

CVE-2023-30713

Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock...

CVE-2023-25765

In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller J...

CVE-2023-2445

Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name...

CVE-2023-21438

Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder...

CVE-2023-21419

An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition...

CVE-2023-20084

A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could...

CVE-2023-0716

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxeditfolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

CVE-2023-0725

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxclonefolder function. This makes it possible for unauthenticated attackers to invoke this function via...