Live-Hack-CVE/CVE-2022-37892 A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the CVE project by @Sn0wAlice Create: 2022-12-28 19:38:30 +0000 UTC Push: 2022-12-28 19:38:32 +0000 UTC |

Live-Hack-CVE/CVE-2020-10029 The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2 CVE project by @Sn0wAlice Create: 2022-12-28 18:57:08 +0000 UTC Push: 2022-12-28 18:57:11 +0000 UTC |

Live-Hack-CVE/CVE-2016-4285 Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-427 CVE project by @Sn0wAlice Create: 2022-12-28 18:15:47 +0000 UTC Push: 2022-12-28 18:15:50 +0000 UTC |

Live-Hack-CVE/CVE-2022-39036 The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service. CVE project by @Sn0wAlice Create: 2022-12-28 17:33:40 +0000 UTC Push: 2022-12-28 17:33:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-36384 Unquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice Create: 2022-12-28 16:51:54 +0000 UTC Push: 2022-12-28 16:51:56 +0000 UTC |

Live-Hack-CVE/CVE-2016-7876 Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Clipboard class related to data handling functionality. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice Create: 2022-12-28 16:10:21 +0000 UTC Push: 2022-12-28 16:10:24 +0000 UTC |

Live-Hack-CVE/CVE-2018-19992 A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php. CVE project by @Sn0wAlice Create: 2022-12-28 15:28:46 +0000 UTC Push: 2022-12-28 15:28:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-21723 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This CVE project by @Sn0wAlice Create: 2022-12-28 14:47:26 +0000 UTC Push: 2022-12-28 14:47:28 +0000 UTC |

nidhi7598/frameworks_minikin_AOSP_10_r33_CVE-2022-20472 Create: 2022-12-28 14:23:26 +0000 UTC Push: 2022-12-28 14:23:26 +0000 UTC |

Live-Hack-CVE/CVE-2022-44413 Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/manage_mechanic.php?id=. CVE project by @Sn0wAlice Create: 2022-12-28 14:05:33 +0000 UTC Push: 2022-12-28 14:05:35 +0000 UTC |

Live-Hack-CVE/CVE-2020-15115 etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort. CVE project by @Sn0wAlice Create: 2022-12-28 13:24:13 +0000 UTC Push: 2022-12-28 13:24:16 +0000 UTC |

zangcc/CVE-2022-22965-rexbb springboot core 命令执行漏洞，CVE-2022-22965漏洞利用工具，基于JavaFx开发，图形化操作更简单，提高效率。 Create: 2022-12-28 12:50:16 +0000 UTC Push: 2022-12-28 12:50:17 +0000 UTC |

Live-Hack-CVE/CVE-2022-45422 When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005. CVE project by @Sn0wAlice Create: 2022-12-28 12:43:03 +0000 UTC Push: 2022-12-28 12:43:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-42896 There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within CVE project by @Sn0wAlice Create: 2022-12-28 12:01:33 +0000 UTC Push: 2022-12-28 12:01:35 +0000 UTC |

Live-Hack-CVE/CVE-2020-26184 Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation vulnerability. CVE project by @Sn0wAlice Create: 2022-12-28 11:19:59 +0000 UTC Push: 2022-12-28 11:20:01 +0000 UTC |

Live-Hack-CVE/CVE-2022-4087 A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability affects the function tls_new_ciphertext of the file src/net/tls.c of the component TLS. The manipulation of the argument pad_len leads to information exposure through discrepancy. The name of the patch is 186306d6199096b7a7c4b457 CVE project by @Sn0wAlice Create: 2022-12-28 10:38:21 +0000 UTC Push: 2022-12-28 10:38:23 +0000 UTC |

Live-Hack-CVE/CVE-2022-44038 Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerability via the scriptRunner.cgi component. CVE project by @Sn0wAlice Create: 2022-12-28 09:57:04 +0000 UTC Push: 2022-12-28 09:57:06 +0000 UTC |

Live-Hack-CVE/CVE-2021-26707 The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library. CVE project by @Sn0wAlice Create: 2022-12-28 09:15:33 +0000 UTC Push: 2022-12-28 09:15:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-31003 Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more CVE project by @Sn0wAlice Create: 2022-12-28 08:33:53 +0000 UTC Push: 2022-12-28 08:33:55 +0000 UTC |

Live-Hack-CVE/CVE-2021-3521 There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public ke CVE project by @Sn0wAlice Create: 2022-12-28 08:33:49 +0000 UTC Push: 2022-12-28 08:33:51 +0000 UTC |