Live-Hack-CVE/CVE-2022-44137 SourceCodester Sanitization Management System 1.0 is vulnerable to SQL Injection. CVE project by @Sn0wAlice Create: 2023-01-05 15:11:57 +0000 UTC Push: 2023-01-05 15:12:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-45423 Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited). CVE project by @Sn0wAlice Create: 2023-01-05 15:11:51 +0000 UTC Push: 2023-01-05 15:11:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-45778 https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 <= 5.0.4.0 is vulnerable to Incorrect Access Control. There is a permission bypass vulnerability in the Hillstone WEB application firewall. An attacker can enter the background of the firewall with super administrator privileges through a configuration error i CVE project by @Sn0wAlice Create: 2023-01-05 15:11:47 +0000 UTC Push: 2023-01-05 15:11:50 +0000 UTC |

Live-Hack-CVE/CVE-2021-4236 Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets CVE project by @Sn0wAlice Create: 2023-01-05 15:11:42 +0000 UTC Push: 2023-01-05 15:11:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-23544 MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in `IssueProxyResourceService::getMdI CVE project by @Sn0wAlice Create: 2023-01-05 15:11:33 +0000 UTC Push: 2023-01-05 15:11:36 +0000 UTC |

nidhihcl/frameworks_base_AOSP_10_r33_CVE-2021-39696 Create: 2023-01-05 14:42:33 +0000 UTC Push: 2023-01-05 14:42:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-4876 A vulnerability was found in Kaltura mwEmbed up to 2.96.rc1 and classified as problematic. This issue affects some unknown processing of the file includes/DefaultSettings.php. The manipulation of the argument HTTP_X_FORWARDED_HOST leads to cross site scripting. The attack may be initiated remotely. Upgrading to version CVE project by @Sn0wAlice Create: 2023-01-05 09:33:13 +0000 UTC Push: 2023-01-05 09:33:16 +0000 UTC |

Live-Hack-CVE/CVE-2021-4302 A vulnerability was found in slackero phpwcms up to 1.9.26. It has been classified as problematic. This affects an unknown part of the component SVG File Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.9.27 is able to address this issue. Th CVE project by @Sn0wAlice Create: 2023-01-05 07:22:08 +0000 UTC Push: 2023-01-05 07:22:11 +0000 UTC |

Live-Hack-CVE/CVE-2023-22467 Luxon is a library for working with dates and times in JavaScript. On the 1.x branch prior to 1.38.1, the 2.x branch prior to 2.5.2, and the 3.x branch on 3.2.1, Luxon's `DateTime.fromRFC2822() has quadratic (N^2) complexity on some specific inputs. This causes a noticeable slowdown for inputs with lengths above 10k ch CVE project by @Sn0wAlice Create: 2023-01-05 07:22:03 +0000 UTC Push: 2023-01-05 07:22:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-22466 Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting `pipe_mode` will reset `reject_remote_clients` to `false`. If the application has previously configured `reject_remote_clients` to `t CVE project by @Sn0wAlice Create: 2023-01-05 07:21:59 +0000 UTC Push: 2023-01-05 07:22:02 +0000 UTC |

Live-Hack-CVE/CVE-2023-0055 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32. CVE project by @Sn0wAlice Create: 2023-01-05 07:21:55 +0000 UTC Push: 2023-01-05 07:21:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-4875 A vulnerability has been found in fossology and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument sql/VarValue leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 8e0eba001662c7eb35f045b70dd458a4643b4553. It is recommended to a CVE project by @Sn0wAlice Create: 2023-01-05 07:21:51 +0000 UTC Push: 2023-01-05 07:21:54 +0000 UTC |

Live-Hack-CVE/CVE-2021-4300 A vulnerability has been found in ghostlander Halcyon and classified as critical. Affected by this vulnerability is the function CBlock::AddToBlockIndex of the file src/main.cpp of the component Block Verification. The manipulation leads to improper access controls. The attack can be launched remotely. Upgrading to ver CVE project by @Sn0wAlice Create: 2023-01-05 07:21:46 +0000 UTC Push: 2023-01-05 07:21:49 +0000 UTC |

Live-Hack-CVE/CVE-2023-0054 Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. CVE project by @Sn0wAlice Create: 2023-01-05 05:11:43 +0000 UTC Push: 2023-01-05 05:11:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-48217 ** DISPUTED ** The tf_remapper_node component 1.1.1 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled old_tf_topic_name and/or new_tf_topic_name CVE project by @Sn0wAlice Create: 2023-01-05 05:11:39 +0000 UTC Push: 2023-01-05 05:11:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-45052 A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the imageProxy.type.php endpoint, external users are capable of accessing files on the server. CVE project by @Sn0wAlice Create: 2023-01-05 05:11:34 +0000 UTC Push: 2023-01-05 05:11:37 +0000 UTC |

Live-Hack-CVE/CVE-2022-45051 A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The module parameter on the Service.template.cls endpoint does not properly neutralise user input, resulting in the vulnerability. CVE project by @Sn0wAlice Create: 2023-01-05 05:11:29 +0000 UTC Push: 2023-01-05 05:11:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-45049 A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The url parameter on the novelist.php endpoint does not properly neutralise user input, resulting in the vulnerability. CVE project by @Sn0wAlice Create: 2023-01-05 05:11:24 +0000 UTC Push: 2023-01-05 05:11:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-46456 NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c. CVE project by @Sn0wAlice Create: 2023-01-05 04:08:44 +0000 UTC Push: 2023-01-05 04:08:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-43920 IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter. IBM X-Force ID: 241362. CVE project by @Sn0wAlice Create: 2023-01-05 04:08:40 +0000 UTC Push: 2023-01-05 04:08:43 +0000 UTC |