Live-Hack-CVE/CVE-2022-42409 This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Craf CVE project by @Sn0wAlice Create: 2023-01-28 14:35:06 +0000 UTC Push: 2023-01-28 14:35:08 +0000 UTC |

Live-Hack-CVE/CVE-2022-47015 MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer. CVE project by @Sn0wAlice Create: 2023-01-28 14:35:02 +0000 UTC Push: 2023-01-28 14:35:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-23012 Cross Site Scripting (XSS) vulnerability in craigrodway classroombookings 2.6.4 allows attackers to execute arbitrary code or other unspecified impacts via the input bgcol in file Weeks.php. CVE project by @Sn0wAlice Create: 2023-01-28 14:34:59 +0000 UTC Push: 2023-01-28 14:35:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-0101 A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. An authenticated attacker could potentially execute a specially crafted file to obtain root or NT AUTHORITY / SYSTEM privileges on the Nessus host. CVE project by @Sn0wAlice Create: 2023-01-28 14:34:54 +0000 UTC Push: 2023-01-28 14:34:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-42417 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data CVE project by @Sn0wAlice Create: 2023-01-28 14:34:51 +0000 UTC Push: 2023-01-28 14:34:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-42416 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data CVE project by @Sn0wAlice Create: 2023-01-28 14:34:48 +0000 UTC Push: 2023-01-28 14:34:50 +0000 UTC |

Live-Hack-CVE/CVE-2022-42415 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. Crafted data CVE project by @Sn0wAlice Create: 2023-01-28 14:34:44 +0000 UTC Push: 2023-01-28 14:34:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-42414 This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The CVE project by @Sn0wAlice Create: 2023-01-28 14:34:41 +0000 UTC Push: 2023-01-28 14:34:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-42423 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data CVE project by @Sn0wAlice Create: 2023-01-28 14:34:38 +0000 UTC Push: 2023-01-28 14:34:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-42421 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data CVE project by @Sn0wAlice Create: 2023-01-28 14:34:33 +0000 UTC Push: 2023-01-28 14:34:35 +0000 UTC |

Live-Hack-CVE/CVE-2022-42420 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data CVE project by @Sn0wAlice Create: 2023-01-28 14:34:30 +0000 UTC Push: 2023-01-28 14:34:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-42419 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data CVE project by @Sn0wAlice Create: 2023-01-28 14:34:26 +0000 UTC Push: 2023-01-28 14:34:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-42418 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue re CVE project by @Sn0wAlice Create: 2023-01-28 14:34:23 +0000 UTC Push: 2023-01-28 14:34:25 +0000 UTC |

Live-Hack-CVE/CVE-2023-0047 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2023. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-28 10:03:39 +0000 UTC Push: 2023-01-28 10:03:41 +0000 UTC |

Live-Hack-CVE/CVE-2022-39324 Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the r CVE project by @Sn0wAlice Create: 2023-01-28 10:03:35 +0000 UTC Push: 2023-01-28 10:03:38 +0000 UTC |

Live-Hack-CVE/CVE-2022-23552 Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.16, 9.2.10, and 9.3.4, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible because SVG files weren't properly sanitized and allowed a CVE project by @Sn0wAlice Create: 2023-01-28 10:03:32 +0000 UTC Push: 2023-01-28 10:03:34 +0000 UTC |

Live-Hack-CVE/CVE-2023-23627 Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site Scripting. When Sanitize is configured with a custom allowlist that allows `noscript` elements, attackers are able to include arbitrary HTML, resulting in XSS (cross-site scripting) or other und CVE project by @Sn0wAlice Create: 2023-01-28 10:03:29 +0000 UTC Push: 2023-01-28 10:03:31 +0000 UTC |

Live-Hack-CVE/CVE-2023-23624 Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, someone can use the `exclude_tag param` to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse site using hid CVE project by @Sn0wAlice Create: 2023-01-28 10:03:25 +0000 UTC Push: 2023-01-28 10:03:27 +0000 UTC |

Live-Hack-CVE/CVE-2023-23621 Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0.1 on the `stable` CVE project by @Sn0wAlice Create: 2023-01-28 10:03:22 +0000 UTC Push: 2023-01-28 10:03:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-23620 Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version 3.0.1 on the `stable` branch and 3.1.0.b CVE project by @Sn0wAlice Create: 2023-01-28 10:03:18 +0000 UTC Push: 2023-01-28 10:03:20 +0000 UTC |