Live-Hack-CVE/CVE-2022-33277 Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command. CVE project by @Sn0wAlice Create: 2023-02-12 14:44:23 +0000 UTC Push: 2023-02-12 14:44:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-33225 Memory corruption due to use after free in trusted application environment. CVE project by @Sn0wAlice Create: 2023-02-12 14:44:19 +0000 UTC Push: 2023-02-12 14:44:21 +0000 UTC |

Live-Hack-CVE/CVE-2022-33216 Transient Denial-of-service in Automotive due to improper input validation while parsing ELF file. CVE project by @Sn0wAlice Create: 2023-02-12 14:44:16 +0000 UTC Push: 2023-02-12 14:44:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-25728 Information disclosure in modem due to buffer over-read while processing response from DNS server CVE project by @Sn0wAlice Create: 2023-02-12 14:44:12 +0000 UTC Push: 2023-02-12 14:44:14 +0000 UTC |

Live-Hack-CVE/CVE-2023-24029 In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows. CVE project by @Sn0wAlice Create: 2023-02-12 14:44:02 +0000 UTC Push: 2023-02-12 14:44:04 +0000 UTC |

Live-Hack-CVE/CVE-2022-1970 keycloak 18.0.0: open redirect in auth endpoint via the redirect_uri parameter. CVE project by @Sn0wAlice Create: 2023-02-12 14:43:54 +0000 UTC Push: 2023-02-12 14:43:56 +0000 UTC |

varelsecurity/CVE-2016-10993 CVE-2016-10993 Create: 2023-02-12 14:28:43 +0000 UTC Push: 2023-02-12 14:28:43 +0000 UTC |

varelsecurity/CVE-2022-29455 test Create: 2023-02-12 14:26:11 +0000 UTC Push: 2023-02-12 14:26:12 +0000 UTC |

Live-Hack-CVE/CVE-2021-36823 Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress Absolutely Glamorous Custom Admin plugin <= 6.8 versions. CVE project by @Sn0wAlice Create: 2023-02-12 09:16:29 +0000 UTC Push: 2023-02-12 09:16:31 +0000 UTC |

Live-Hack-CVE/CVE-2021-23150 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.31 versions. CVE project by @Sn0wAlice Create: 2023-02-12 09:16:26 +0000 UTC Push: 2023-02-12 09:16:27 +0000 UTC |

Live-Hack-CVE/CVE-2021-36826 Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager plugin <= 2.4.13 versions. CVE project by @Sn0wAlice Create: 2023-02-12 09:16:22 +0000 UTC Push: 2023-02-12 09:16:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-32595 In widevine, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446236; Issue ID: ALPS07446236. CVE project by @Sn0wAlice Create: 2023-02-12 08:07:22 +0000 UTC Push: 2023-02-12 08:07:24 +0000 UTC |

Chocapikk/CVE-2022-44877 Bash Script for Checking Command Injection Vulnerability on CentOS Web Panel [CWP] (CVE-2022-44877) Create: 2023-02-12 04:45:08 +0000 UTC Push: 2023-02-12 04:45:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-0783 A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the component PHP File Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi CVE project by @Sn0wAlice Create: 2023-02-12 03:45:34 +0000 UTC Push: 2023-02-12 03:45:36 +0000 UTC |

Live-Hack-CVE/CVE-2023-0782 A vulnerability was found in Tenda AC23 16.03.07.45 and classified as critical. Affected by this issue is the function formSetSysToolDDNS/formGetSysToolDDNS of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public an CVE project by @Sn0wAlice Create: 2023-02-12 03:45:31 +0000 UTC Push: 2023-02-12 03:45:33 +0000 UTC |

Live-Hack-CVE/CVE-2023-0127 A command injection vulnerability in the firmware_update command, in the device's restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root. CVE project by @Sn0wAlice Create: 2023-02-12 03:45:27 +0000 UTC Push: 2023-02-12 03:45:29 +0000 UTC |

Live-Hack-CVE/CVE-2019-10430 Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. CVE project by @Sn0wAlice Create: 2023-02-12 03:45:23 +0000 UTC Push: 2023-02-12 03:45:25 +0000 UTC |

Live-Hack-CVE/CVE-2015-6042 Use-after-free vulnerability in the CWindow object implementation in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." CVE project by @Sn0wAlice Create: 2023-02-12 01:35:12 +0000 UTC Push: 2023-02-12 01:35:14 +0000 UTC |

yuriisanin/CVE-2022-45771 [PoC] Privilege escalation / Code execution via LFI in PwnDoC Create: 2023-02-11 23:26:14 +0000 UTC Push: 2023-02-11 23:28:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-1253 Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release. CVE project by @Sn0wAlice Create: 2023-02-11 23:25:24 +0000 UTC Push: 2023-02-11 23:25:26 +0000 UTC |