Live-Hack-CVE/CVE-2023-23751 An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs. CVE project by @Sn0wAlice Create: 2023-02-02 07:39:40 +0000 UTC Push: 2023-02-02 07:39:42 +0000 UTC |

Live-Hack-CVE/CVE-2023-23750 An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages. CVE project by @Sn0wAlice Create: 2023-02-02 07:39:37 +0000 UTC Push: 2023-02-02 07:39:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-47872 maccms10 2021.1000.2000 is vulnerable to Server-side request forgery (SSRF). CVE project by @Sn0wAlice Create: 2023-02-02 07:39:34 +0000 UTC Push: 2023-02-02 07:39:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-45783 An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution. CVE project by @Sn0wAlice Create: 2023-02-02 07:39:30 +0000 UTC Push: 2023-02-02 07:39:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-45782 An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover. CVE project by @Sn0wAlice Create: 2023-02-02 07:39:26 +0000 UTC Push: 2023-02-02 07:39:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-3913 Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the legitimate endpoint. The attac CVE project by @Sn0wAlice Create: 2023-02-02 07:39:23 +0000 UTC Push: 2023-02-02 07:39:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-37033 In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Because there is no re-validation of the r CVE project by @Sn0wAlice Create: 2023-02-02 07:39:20 +0000 UTC Push: 2023-02-02 07:39:22 +0000 UTC |

Live-Hack-CVE/CVE-2023-0619 The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image optimizations. CVE project by @Sn0wAlice Create: 2023-02-02 05:29:05 +0000 UTC Push: 2023-02-02 05:29:07 +0000 UTC |

Live-Hack-CVE/CVE-2022-46934 kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java. CVE project by @Sn0wAlice Create: 2023-02-02 05:29:01 +0000 UTC Push: 2023-02-02 05:29:03 +0000 UTC |

Live-Hack-CVE/CVE-2023-23969 In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. CVE project by @Sn0wAlice Create: 2023-02-02 05:28:57 +0000 UTC Push: 2023-02-02 05:29:00 +0000 UTC |

Live-Hack-CVE/CVE-2023-22501 An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to a User Directory and outgoing email enabled on a Jira Service Ma CVE project by @Sn0wAlice Create: 2023-02-02 05:28:54 +0000 UTC Push: 2023-02-02 05:28:56 +0000 UTC |

Live-Hack-CVE/CVE-2019-19648 In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution. CVE project by @Sn0wAlice Create: 2023-02-02 05:28:50 +0000 UTC Push: 2023-02-02 05:28:53 +0000 UTC |

Live-Hack-CVE/CVE-2023-24170 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/fromSetWirelessRepeat. CVE project by @Sn0wAlice Create: 2023-02-02 05:28:47 +0000 UTC Push: 2023-02-02 05:28:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-47073 A cross-site scripting (XSS) vulnerability in the Create Ticket page of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject parameter. CVE project by @Sn0wAlice Create: 2023-02-02 05:28:43 +0000 UTC Push: 2023-02-02 05:28:46 +0000 UTC |

Live-Hack-CVE/CVE-2023-24167 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node. CVE project by @Sn0wAlice Create: 2023-02-02 05:28:40 +0000 UTC Push: 2023-02-02 05:28:42 +0000 UTC |

Live-Hack-CVE/CVE-2023-24169 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_0007343c. CVE project by @Sn0wAlice Create: 2023-02-02 05:28:36 +0000 UTC Push: 2023-02-02 05:28:38 +0000 UTC |

Live-Hack-CVE/CVE-2019-9904 An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c. CVE project by @Sn0wAlice Create: 2023-02-02 05:28:32 +0000 UTC Push: 2023-02-02 05:28:35 +0000 UTC |

Live-Hack-CVE/CVE-2019-14465 fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-based buffer overflow. CVE project by @Sn0wAlice Create: 2023-02-02 05:28:29 +0000 UTC Push: 2023-02-02 05:28:31 +0000 UTC |

Live-Hack-CVE/CVE-2023-24166 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet. CVE project by @Sn0wAlice Create: 2023-02-02 05:28:25 +0000 UTC Push: 2023-02-02 05:28:28 +0000 UTC |

Live-Hack-CVE/CVE-2019-4716 IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094. CVE project by @Sn0wAlice Create: 2023-02-02 05:28:22 +0000 UTC Push: 2023-02-02 05:28:24 +0000 UTC |