Alex Tselegidis

10 exploits Active since Mar 2022
CVE-2026-42562 WRITEUP HIGH WRITEUP
Plainpad: Privilege Escalation via Writable Admin Field in Profile Update (Access Control)
Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allows a low-privilege authenticated user to self-escalate to administrator by submitting admin=true in PUT /api.php/v1/users/{id}. The endpoint directly persists the admin attribute from user input, and the escalated account can immediately access admin-only routes. This issue has been patched in version 1.1.1.
CVSS 8.3
CVE-2022-0482 WRITEUP CRITICAL WRITEUP
GitHub alextselegidis/easyappointments <1.4.3 - Info Disclosure
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.
CVSS 9.1
CVE-2023-1269 WRITEUP CRITICAL WRITEUP
easyappointments < 1.5.0 - Use of Hard-coded Credentials
Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVSS 9.8
CVE-2023-1367 WRITEUP LOW WRITEUP
easyappointments < 1.5.0 - Code Injection
Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVSS 3.8
CVE-2023-2102 WRITEUP MEDIUM WRITEUP
GitHub alextselegidis/easyappointments <1.5.0 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVSS 4.8
CVE-2023-2103 WRITEUP MEDIUM WRITEUP
GitHub alextselegidis/easyappointments <1.5.0 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVSS 5.4
CVE-2023-2104 WRITEUP MEDIUM WRITEUP
alextselegidis/easyappointments <1.5.0 - Info Disclosure
Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVSS 5.4
CVE-2023-2105 WRITEUP HIGH WRITEUP
alextselegidis/easyappointments <1.5.0 - Info Disclosure
Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVSS 8.8
CVE-2023-3568 WRITEUP MEDIUM WRITEUP
alextselegidis/easyappointments <1.5.0 - Open Redirect
Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVSS 6.3
CVE-2023-3700 WRITEUP MEDIUM WRITEUP
easyappointments < 1.5.0 - Authorization Bypass Through User-Controlled Key
Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVSS 6.3