Live-Hack-CVE/CVE-2022-47415 LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app messaging system (both subject and message bodies). CVE project by @Sn0wAlice Create: 2023-02-08 07:25:52 +0000 UTC Push: 2023-02-08 07:25:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-47414 If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the document "note" functionality. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:48 +0000 UTC Push: 2023-02-08 07:25:51 +0000 UTC |

Live-Hack-CVE/CVE-2022-47413 Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or "Type II") XSS condition. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:44 +0000 UTC Push: 2023-02-08 07:25:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-46663 In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:41 +0000 UTC Push: 2023-02-08 07:25:43 +0000 UTC |

Live-Hack-CVE/CVE-2017-17856 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:37 +0000 UTC Push: 2023-02-08 07:25:39 +0000 UTC |

Live-Hack-CVE/CVE-2017-17857 The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:33 +0000 UTC Push: 2023-02-08 07:25:35 +0000 UTC |

Live-Hack-CVE/CVE-2017-17855 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:30 +0000 UTC Push: 2023-02-08 07:25:32 +0000 UTC |

Live-Hack-CVE/CVE-2017-18079 drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:26 +0000 UTC Push: 2023-02-08 07:25:28 +0000 UTC |

Live-Hack-CVE/CVE-2017-18075 crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by CVE project by @Sn0wAlice Create: 2023-02-08 07:25:22 +0000 UTC Push: 2023-02-08 07:25:25 +0000 UTC |

Live-Hack-CVE/CVE-2017-17854 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:18 +0000 UTC Push: 2023-02-08 07:25:21 +0000 UTC |

Live-Hack-CVE/CVE-2020-6090 An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:12 +0000 UTC Push: 2023-02-08 07:25:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-47770 Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Unauthenticated SQL Injection. CVE project by @Sn0wAlice Create: 2023-02-08 07:25:08 +0000 UTC Push: 2023-02-08 07:25:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-32518 A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert (Versions prior to V7.9.0) CVE project by @Sn0wAlice Create: 2023-02-08 06:18:18 +0000 UTC Push: 2023-02-08 06:18:21 +0000 UTC |

Live-Hack-CVE/CVE-2022-4285 An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. CVE project by @Sn0wAlice Create: 2023-02-08 06:18:12 +0000 UTC Push: 2023-02-08 06:18:16 +0000 UTC |

Live-Hack-CVE/CVE-2022-4139 An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. CVE project by @Sn0wAlice Create: 2023-02-08 06:18:09 +0000 UTC Push: 2023-02-08 06:18:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-32523 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted online data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0 CVE project by @Sn0wAlice Create: 2023-02-08 06:18:05 +0000 UTC Push: 2023-02-08 06:18:07 +0000 UTC |

Live-Hack-CVE/CVE-2023-22611 A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior t CVE project by @Sn0wAlice Create: 2023-02-08 06:17:58 +0000 UTC Push: 2023-02-08 06:18:00 +0000 UTC |

Live-Hack-CVE/CVE-2023-23609 Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to and including 4.8 are vulnerable to an out-of-bounds write that can occur in the BLE-L2CAP module. The Bluetooth Low Energy - Logical Link Control and Adaptation Layer Protocol (BLE-L2CAP) module handles fra CVE project by @Sn0wAlice Create: 2023-02-08 06:17:53 +0000 UTC Push: 2023-02-08 06:17:55 +0000 UTC |

Live-Hack-CVE/CVE-2023-25194 A possible security vulnerability has been identified in Apache Kafka Connect. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apa CVE project by @Sn0wAlice Create: 2023-02-08 06:17:45 +0000 UTC Push: 2023-02-08 06:17:48 +0000 UTC |

Live-Hack-CVE/CVE-2023-0732 A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file oews/classes/Users.php of the component POST Request Handler. The manipulation of the argument firstname/middlename/lastname/lastname/contact lea CVE project by @Sn0wAlice Create: 2023-02-08 06:17:42 +0000 UTC Push: 2023-02-08 06:17:44 +0000 UTC |