Live-Hack-CVE/CVE-2023-24234 A stored cross-site scripting (XSS) vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter. CVE project by @Sn0wAlice Create: 2023-02-11 01:37:04 +0000 UTC Push: 2023-02-11 01:37:07 +0000 UTC |

Live-Hack-CVE/CVE-2023-24233 A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter. CVE project by @Sn0wAlice Create: 2023-02-11 01:37:01 +0000 UTC Push: 2023-02-11 01:37:03 +0000 UTC |

Live-Hack-CVE/CVE-2023-24232 A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter. CVE project by @Sn0wAlice Create: 2023-02-11 01:36:57 +0000 UTC Push: 2023-02-11 01:36:59 +0000 UTC |

Live-Hack-CVE/CVE-2023-24231 A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/categories.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Categories Name parameter. CVE project by @Sn0wAlice Create: 2023-02-11 01:36:54 +0000 UTC Push: 2023-02-11 01:36:56 +0000 UTC |

Live-Hack-CVE/CVE-2023-24230 A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter. CVE project by @Sn0wAlice Create: 2023-02-11 01:36:50 +0000 UTC Push: 2023-02-11 01:36:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-21676 Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package starting fro CVE project by @Sn0wAlice Create: 2023-02-11 01:36:37 +0000 UTC Push: 2023-02-11 01:36:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-23639 crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was always the same as `Atomic{I,U}64`. However, the alignment of `{i,u}64` on a 32-bit target CVE project by @Sn0wAlice Create: 2023-02-11 01:36:34 +0000 UTC Push: 2023-02-11 01:36:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-23066 In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Calculation which is caused by improper implementation of sdiv instruction. This can lead to the wrong execution path, resulting in huge loss in specific cases. For example, the result of a sdiv instruction may decide whether to transfer tokens or not. CVE project by @Sn0wAlice Create: 2023-02-11 01:36:28 +0000 UTC Push: 2023-02-11 01:36:30 +0000 UTC |

Live-Hack-CVE/CVE-2022-29793 There is a configuration defect in the activation lock of mobile phones.Successful exploitation of this vulnerability may affect application availability. CVE project by @Sn0wAlice Create: 2023-02-11 01:36:22 +0000 UTC Push: 2023-02-11 01:36:25 +0000 UTC |

Live-Hack-CVE/CVE-2021-25263 Local privilege vulnerability in Yandex Browser for Windows prior to 21.9.0.390 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating files in directory with insecure permissions during Yandex Browser update process. CVE project by @Sn0wAlice Create: 2023-02-11 01:36:19 +0000 UTC Push: 2023-02-11 01:36:21 +0000 UTC |

Live-Hack-CVE/CVE-2019-19363 An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All CVE project by @Sn0wAlice Create: 2023-02-11 01:36:13 +0000 UTC Push: 2023-02-11 01:36:15 +0000 UTC |

gonzxph/CVE-2023-0748 BTCPayServer version 1.7.5 and below is vulnerable for Open Redirection attack. Create: 2023-02-11 00:32:48 +0000 UTC Push: 2023-02-11 00:41:56 +0000 UTC |

Live-Hack-CVE/CVE-2023-22832 The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolu CVE project by @Sn0wAlice Create: 2023-02-11 00:31:19 +0000 UTC Push: 2023-02-11 00:31:21 +0000 UTC |

Live-Hack-CVE/CVE-2023-22369 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-25011. Reason: This candidate is a duplicate of CVE-2023-25011. Notes: All CVE users should reference CVE-2023-25011 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE project by @Sn0wAlice Create: 2023-02-11 00:31:15 +0000 UTC Push: 2023-02-11 00:31:17 +0000 UTC |

Live-Hack-CVE/CVE-2022-34454 Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privileged malicious user could potentially exploit this vulnerability, leading to system takeover. This impacts compliance mode clusters. CVE project by @Sn0wAlice Create: 2023-02-11 00:31:11 +0000 UTC Push: 2023-02-11 00:31:13 +0000 UTC |

Live-Hack-CVE/CVE-2022-34452 PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs. CVE project by @Sn0wAlice Create: 2023-02-11 00:31:06 +0000 UTC Push: 2023-02-11 00:31:10 +0000 UTC |

Live-Hack-CVE/CVE-2022-22549 Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Validation. A unauthenticated remote attacker could potentially exploit this vulnerability, leading to a man-in-the-middle capture of administrative credentials. CVE project by @Sn0wAlice Create: 2023-02-11 00:31:02 +0000 UTC Push: 2023-02-11 00:31:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-24410 Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces. CVE project by @Sn0wAlice Create: 2023-02-11 00:30:58 +0000 UTC Push: 2023-02-11 00:31:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-0774 A vulnerability has been found in SourceCodester Medical Certificate Generator App 1.0 and classified as critical. This vulnerability affects unknown code of the file action.php. The manipulation of the argument lastname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the CVE project by @Sn0wAlice Create: 2023-02-11 00:30:55 +0000 UTC Push: 2023-02-11 00:30:57 +0000 UTC |

Live-Hack-CVE/CVE-2018-7935 There is a vulnerability in 21.328.01.00.00 version of the E5573Cs-322. Remote attackers could exploit this vulnerability to make the network where the E5573Cs-322 is running temporarily unavailable. CVE project by @Sn0wAlice Create: 2023-02-11 00:30:51 +0000 UTC Push: 2023-02-11 00:30:53 +0000 UTC |