Live-Hack-CVE/CVE-2022-4651 The Justified Gallery WordPress plugin before 1.7.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. CVE project by @Sn0wAlice Create: 2023-01-31 08:05:50 +0000 UTC Push: 2023-01-31 08:05:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-4776 The CC Child Pages WordPress plugin before 1.43 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. CVE project by @Sn0wAlice Create: 2023-01-31 08:05:47 +0000 UTC Push: 2023-01-31 08:05:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-4699 The MediaElement.js WordPress plugin through 4.2.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admi CVE project by @Sn0wAlice Create: 2023-01-31 08:05:43 +0000 UTC Push: 2023-01-31 08:05:45 +0000 UTC |

Live-Hack-CVE/CVE-2022-4472 The Simple Sitemap WordPress plugin before 3.5.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins CVE project by @Sn0wAlice Create: 2023-01-31 08:05:38 +0000 UTC Push: 2023-01-31 08:05:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-4496 The SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 before 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 before 20.0.7 does not validate that the redirect parameter to its SSO login endpoint points to an internal site URL, making CVE project by @Sn0wAlice Create: 2023-01-31 08:05:35 +0000 UTC Push: 2023-01-31 08:05:37 +0000 UTC |

Live-Hack-CVE/CVE-2023-20057 A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerabi CVE project by @Sn0wAlice Create: 2023-01-31 08:05:31 +0000 UTC Push: 2023-01-31 08:05:34 +0000 UTC |

Live-Hack-CVE/CVE-2022-34888 The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect. CVE project by @Sn0wAlice Create: 2023-01-31 08:05:27 +0000 UTC Push: 2023-01-31 08:05:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-34884 A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service. CVE project by @Sn0wAlice Create: 2023-01-31 08:05:23 +0000 UTC Push: 2023-01-31 08:05:25 +0000 UTC |

Live-Hack-CVE/CVE-2023-24020 Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass the brute force protection, allowing multiple attempts to force a login. CVE project by @Sn0wAlice Create: 2023-01-31 08:05:19 +0000 UTC Push: 2023-01-31 08:05:22 +0000 UTC |

Live-Hack-CVE/CVE-2023-22315 Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a proprietary local area network (LAN) protocol that does not verify updates to the device. An attacker could upload a malformed update file to the device and execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-01-31 08:05:16 +0000 UTC Push: 2023-01-31 08:05:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-48006 An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php. CVE project by @Sn0wAlice Create: 2023-01-31 08:05:12 +0000 UTC Push: 2023-01-31 08:05:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-40137 A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-01-31 08:05:08 +0000 UTC Push: 2023-01-31 08:05:10 +0000 UTC |

Live-Hack-CVE/CVE-2022-40136 An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. CVE project by @Sn0wAlice Create: 2023-01-31 08:05:05 +0000 UTC Push: 2023-01-31 08:05:07 +0000 UTC |

Live-Hack-CVE/CVE-2022-40135 An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. CVE project by @Sn0wAlice Create: 2023-01-31 08:05:01 +0000 UTC Push: 2023-01-31 08:05:03 +0000 UTC |

Live-Hack-CVE/CVE-2022-40134 An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. CVE project by @Sn0wAlice Create: 2023-01-31 08:04:57 +0000 UTC Push: 2023-01-31 08:05:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-34885 An improper input sanitization vulnerability in the Motorola MR2600 router could allow a local user with elevated permissions to execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-01-31 08:04:53 +0000 UTC Push: 2023-01-31 08:04:56 +0000 UTC |

julesbozouklian/PoC_CVE-2023-24055 Create: 2023-01-31 06:03:09 +0000 UTC Push: 2023-01-31 06:03:10 +0000 UTC |

Live-Hack-CVE/CVE-2023-20043 A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete contro CVE project by @Sn0wAlice Create: 2023-01-31 05:54:53 +0000 UTC Push: 2023-01-31 05:54:55 +0000 UTC |

Live-Hack-CVE/CVE-2017-2781 An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a specially crafted x509 certificate mu CVE project by @Sn0wAlice Create: 2023-01-31 05:54:49 +0000 UTC Push: 2023-01-31 05:54:51 +0000 UTC |

Live-Hack-CVE/CVE-2022-4475 The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admi CVE project by @Sn0wAlice Create: 2023-01-31 05:54:45 +0000 UTC Push: 2023-01-31 05:54:47 +0000 UTC |