Live-Hack-CVE/CVE-2022-38467 Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms – WordPress Form Builder <= 1.1.0 ver. CVE project by @Sn0wAlice Create: 2023-01-14 22:11:58 +0000 UTC Push: 2023-01-14 22:12:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-0298 Improper Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0. CVE project by @Sn0wAlice Create: 2023-01-14 19:58:23 +0000 UTC Push: 2023-01-14 19:58:26 +0000 UTC |

Live-Hack-CVE/CVE-2023-22602 When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching. CVE project by @Sn0wAlice Create: 2023-01-14 19:58:19 +0000 UTC Push: 2023-01-14 19:58:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-32325 JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. CVE project by @Sn0wAlice Create: 2023-01-14 14:31:31 +0000 UTC Push: 2023-01-14 14:31:34 +0000 UTC |

Live-Hack-CVE/CVE-2023-0297 Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. CVE project by @Sn0wAlice Create: 2023-01-14 14:31:25 +0000 UTC Push: 2023-01-14 14:31:28 +0000 UTC |

Live-Hack-CVE/CVE-2023-22469 Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There are currently no known wo CVE project by @Sn0wAlice Create: 2023-01-14 14:31:14 +0000 UTC Push: 2023-01-14 14:31:16 +0000 UTC |

Live-Hack-CVE/CVE-2023-22479 KubePi is a modern Kubernetes panel. A session fixation attack allows an attacker to hijack a legitimate user session, versions 1.6.3 and below are susceptible. A patch will be released in version 1.6.4. CVE project by @Sn0wAlice Create: 2023-01-14 14:31:10 +0000 UTC Push: 2023-01-14 14:31:13 +0000 UTC |

Live-Hack-CVE/CVE-2022-45167 An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to access the profile information of all connected users. CVE project by @Sn0wAlice Create: 2023-01-14 14:31:06 +0000 UTC Push: 2023-01-14 14:31:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-45166 An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a set of user-controlled parameters that are used to act on the data returned to the user. It allows a basic user to access data unrelated to their role. CVE project by @Sn0wAlice Create: 2023-01-14 14:31:01 +0000 UTC Push: 2023-01-14 14:31:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-38393 A denial of service vulnerability exists in the cfg_server cm_processConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. CVE project by @Sn0wAlice Create: 2023-01-14 14:30:57 +0000 UTC Push: 2023-01-14 14:31:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-38481 An issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP2. The application is prone to reflected Cross-site Scripting (XSS) in several features. CVE project by @Sn0wAlice Create: 2023-01-14 14:30:53 +0000 UTC Push: 2023-01-14 14:30:56 +0000 UTC |

Live-Hack-CVE/CVE-2022-45164 An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel (delete) a booking, created by someone else - even if this basic user is not a member of the booking CVE project by @Sn0wAlice Create: 2023-01-14 14:30:49 +0000 UTC Push: 2023-01-14 14:30:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-38482 A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4. CVE project by @Sn0wAlice Create: 2023-01-14 14:30:45 +0000 UTC Push: 2023-01-14 14:30:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-35401 An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would need to send a series of HTTP requests to exploit this vulnerability. CVE project by @Sn0wAlice Create: 2023-01-14 14:30:41 +0000 UTC Push: 2023-01-14 14:30:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-38105 An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packets can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability. CVE project by @Sn0wAlice Create: 2023-01-14 14:30:37 +0000 UTC Push: 2023-01-14 14:30:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-41721 A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent a CVE project by @Sn0wAlice Create: 2023-01-14 10:00:14 +0000 UTC Push: 2023-01-14 10:00:17 +0000 UTC |

Live-Hack-CVE/CVE-2023-21793 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792. CVE project by @Sn0wAlice Create: 2023-01-14 10:00:10 +0000 UTC Push: 2023-01-14 10:00:13 +0000 UTC |

Live-Hack-CVE/CVE-2023-21792 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21793. CVE project by @Sn0wAlice Create: 2023-01-14 10:00:05 +0000 UTC Push: 2023-01-14 10:00:08 +0000 UTC |

Live-Hack-CVE/CVE-2023-21791 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21792, CVE-2023-21793. CVE project by @Sn0wAlice Create: 2023-01-14 09:59:59 +0000 UTC Push: 2023-01-14 10:00:03 +0000 UTC |

Live-Hack-CVE/CVE-2023-21786 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792, CVE-2023-21793. CVE project by @Sn0wAlice Create: 2023-01-14 09:59:51 +0000 UTC Push: 2023-01-14 09:59:54 +0000 UTC |