Live-Hack-CVE/CVE-2022-48279 In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase. CVE project by @Sn0wAlice Create: 2023-02-03 00:09:57 +0000 UTC Push: 2023-02-03 00:10:00 +0000 UTC |

Live-Hack-CVE/CVE-2023-22458 Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well CVE project by @Sn0wAlice Create: 2023-02-03 00:09:52 +0000 UTC Push: 2023-02-03 00:09:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-3918 A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF ( ) injection in URLRequest headers. In this vulnerability, a client can insert one or several CRLF sequences into a URLRequest header value. When that request is sent via URLSession to an HTTP server, the server may int CVE project by @Sn0wAlice Create: 2023-02-03 00:09:48 +0000 UTC Push: 2023-02-03 00:09:51 +0000 UTC |

Live-Hack-CVE/CVE-2022-35977 Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis ver CVE project by @Sn0wAlice Create: 2023-02-03 00:09:45 +0000 UTC Push: 2023-02-03 00:09:47 +0000 UTC |

Live-Hack-CVE/CVE-2018-3962 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the CreationDate property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If CVE project by @Sn0wAlice Create: 2023-02-03 00:09:41 +0000 UTC Push: 2023-02-03 00:09:43 +0000 UTC |

Live-Hack-CVE/CVE-2019-14892 A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-02-03 00:09:37 +0000 UTC Push: 2023-02-03 00:09:40 +0000 UTC |

duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC Create: 2023-02-02 23:34:28 +0000 UTC Push: 2023-02-02 23:34:29 +0000 UTC |

Live-Hack-CVE/CVE-2023-0643 Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0. CVE project by @Sn0wAlice Create: 2023-02-02 21:57:50 +0000 UTC Push: 2023-02-02 21:57:52 +0000 UTC |

Live-Hack-CVE/CVE-2023-0642 Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex prior to 7.4.0. CVE project by @Sn0wAlice Create: 2023-02-02 21:57:46 +0000 UTC Push: 2023-02-02 21:57:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-46965 PrestaShop module, totadministrativemandate before v1.7.1 was discovered to contain a SQL injection vulnerability. CVE project by @Sn0wAlice Create: 2023-02-02 21:57:42 +0000 UTC Push: 2023-02-02 21:57:45 +0000 UTC |

Live-Hack-CVE/CVE-2020-24307 An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. CVE project by @Sn0wAlice Create: 2023-02-02 21:57:38 +0000 UTC Push: 2023-02-02 21:57:41 +0000 UTC |

Live-Hack-CVE/CVE-2022-33323 Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass through an unauthorized telnet login. As for the affected model names, controller ty CVE project by @Sn0wAlice Create: 2023-02-02 19:49:22 +0000 UTC Push: 2023-02-02 19:49:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-40269 Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a re CVE project by @Sn0wAlice Create: 2023-02-02 19:49:17 +0000 UTC Push: 2023-02-02 19:49:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-40268 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to CVE project by @Sn0wAlice Create: 2023-02-02 19:49:14 +0000 UTC Push: 2023-02-02 19:49:16 +0000 UTC |

Live-Hack-CVE/CVE-2023-0641 A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password requirements. The attack can CVE project by @Sn0wAlice Create: 2023-02-02 19:49:10 +0000 UTC Push: 2023-02-02 19:49:12 +0000 UTC |

Live-Hack-CVE/CVE-2023-0640 A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been classified as critical. Affected is an unknown function of the file ping.ccp of the component Web Interface. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and m CVE project by @Sn0wAlice Create: 2023-02-02 19:49:06 +0000 UTC Push: 2023-02-02 19:49:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-0639 A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The attack may be initiated remotely. The associa CVE project by @Sn0wAlice Create: 2023-02-02 19:49:02 +0000 UTC Push: 2023-02-02 19:49:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-0638 A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-220018 i CVE project by @Sn0wAlice Create: 2023-02-02 19:48:59 +0000 UTC Push: 2023-02-02 19:49:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-0637 A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. This affects an unknown part of the file wan.asp of the component Web Management Interface. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the pub CVE project by @Sn0wAlice Create: 2023-02-02 19:48:55 +0000 UTC Push: 2023-02-02 19:48:57 +0000 UTC |

Live-Hack-CVE/CVE-2023-0400 The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and bl CVE project by @Sn0wAlice Create: 2023-02-02 19:48:51 +0000 UTC Push: 2023-02-02 19:48:53 +0000 UTC |