unSafe.sh - 不安全

Live-Hack-CVE/CVE-2023-0472 Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE project by @Sn0wAlice
Create: 2023-01-30 20:03:23 +0000 UTC Push: 2023-01-30 20:03:25 +0000 UTC |

Live-Hack-CVE/CVE-2023-0471 Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE project by @Sn0wAlice
Create: 2023-01-30 20:03:19 +0000 UTC Push: 2023-01-30 20:03:21 +0000 UTC |

Live-Hack-CVE/CVE-2022-27596 A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QuTS hero, QTS: QuTS hero h5.0.1.2248 build 20221215 and later QTS 5.0.1.2234 build 202 CVE project by @Sn0wAlice
Create: 2023-01-30 14:39:18 +0000 UTC Push: 2023-01-30 14:39:21 +0000 UTC |

Live-Hack-CVE/CVE-2023-24612 The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option. CVE project by @Sn0wAlice
Create: 2023-01-30 14:39:09 +0000 UTC Push: 2023-01-30 14:39:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-48303 GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. CVE project by @Sn0wAlice
Create: 2023-01-30 14:39:05 +0000 UTC Push: 2023-01-30 14:39:07 +0000 UTC |

Live-Hack-CVE/CVE-2023-24623 Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses. CVE project by @Sn0wAlice
Create: 2023-01-30 14:39:01 +0000 UTC Push: 2023-01-30 14:39:03 +0000 UTC |

Live-Hack-CVE/CVE-2023-24622 isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF. CVE project by @Sn0wAlice
Create: 2023-01-30 14:38:57 +0000 UTC Push: 2023-01-30 14:39:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-25967 Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. **Note:** This is exploitable only for users who are rendering templates with user-defined data. CVE project by @Sn0wAlice
Create: 2023-01-30 14:38:54 +0000 UTC Push: 2023-01-30 14:38:56 +0000 UTC |

Live-Hack-CVE/CVE-2022-25936 Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable. CVE project by @Sn0wAlice
Create: 2023-01-30 14:38:51 +0000 UTC Push: 2023-01-30 14:38:53 +0000 UTC |

l00neyhacker/CVE-2023-23132 CVE-2023-23132
Create: 2023-01-30 12:17:44 +0000 UTC Push: 2023-01-30 12:17:44 +0000 UTC |

l00neyhacker/CVE-2023-23131 CVE-2023-23131
Create: 2023-01-30 12:16:08 +0000 UTC Push: 2023-01-30 12:16:09 +0000 UTC |

l00neyhacker/CVE-2023-23130 CVE-2023-23130
Create: 2023-01-30 12:15:19 +0000 UTC Push: 2023-01-30 12:15:19 +0000 UTC |

l00neyhacker/CVE-2023-23128 CVE-2023-23128
Create: 2023-01-30 12:13:36 +0000 UTC Push: 2023-01-30 12:13:36 +0000 UTC |

l00neyhacker/CVE-2023-23127 CVE-2023-23127
Create: 2023-01-30 12:12:17 +0000 UTC Push: 2023-01-30 12:12:18 +0000 UTC |

l00neyhacker/CVE-2023-23126 CVE-2023-23126
Create: 2023-01-30 12:11:14 +0000 UTC Push: 2023-01-30 12:11:15 +0000 UTC |

l00neyhacker/CVE-2022-47717 CVE-2022-47717
Create: 2023-01-30 12:09:36 +0000 UTC Push: 2023-01-30 12:09:36 +0000 UTC |

l00neyhacker/CVE-2022-47715
Create: 2023-01-30 12:02:12 +0000 UTC Push: 2023-01-30 12:02:13 +0000 UTC |

l00neyhacker/CVE-2022-47714. CVE-2022-47714.
Create: 2023-01-30 11:59:02 +0000 UTC Push: 2023-01-30 12:00:02 +0000 UTC |

l00neyhacker/CVE-2022-47714 CVE-2022-47714
Create: 2023-01-30 11:59:02 +0000 UTC Push: 2023-01-30 12:00:40 +0000 UTC |

Live-Hack-CVE/CVE-2023-0572 Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10. CVE project by @Sn0wAlice
Create: 2023-01-30 10:16:07 +0000 UTC Push: 2023-01-30 10:16:09 +0000 UTC |