Live-Hack-CVE/CVE-2022-44570 A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as CVE project by @Sn0wAlice Create: 2023-02-10 05:52:44 +0000 UTC Push: 2023-02-10 05:52:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-44566 A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in CVE project by @Sn0wAlice Create: 2023-02-10 05:52:40 +0000 UTC Push: 2023-02-10 05:52:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-43552 A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it CVE project by @Sn0wAlice Create: 2023-02-10 05:52:37 +0000 UTC Push: 2023-02-10 05:52:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-43550 A command injection vulnerability exists in Jitsi before commit 8aa7be58522f4264078d54752aae5483bfd854b2 when launching browsers on Windows which could allow an attacker to insert an arbitrary URL which opens up the opportunity to remote execution. CVE project by @Sn0wAlice Create: 2023-02-10 05:52:33 +0000 UTC Push: 2023-02-10 05:52:35 +0000 UTC |

Live-Hack-CVE/CVE-2022-48290 The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity. CVE project by @Sn0wAlice Create: 2023-02-10 03:38:57 +0000 UTC Push: 2023-02-10 03:38:59 +0000 UTC |

Live-Hack-CVE/CVE-2022-48289 The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. CVE project by @Sn0wAlice Create: 2023-02-10 03:38:53 +0000 UTC Push: 2023-02-10 03:38:56 +0000 UTC |

Live-Hack-CVE/CVE-2022-48288 The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. CVE project by @Sn0wAlice Create: 2023-02-10 03:38:50 +0000 UTC Push: 2023-02-10 03:38:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-48287 The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity. CVE project by @Sn0wAlice Create: 2023-02-10 03:38:46 +0000 UTC Push: 2023-02-10 03:38:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-48286 The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. CVE project by @Sn0wAlice Create: 2023-02-10 03:38:43 +0000 UTC Push: 2023-02-10 03:38:45 +0000 UTC |

Live-Hack-CVE/CVE-2022-30564 Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time. CVE project by @Sn0wAlice Create: 2023-02-10 03:38:39 +0000 UTC Push: 2023-02-10 03:38:41 +0000 UTC |

Live-Hack-CVE/CVE-2023-24815 Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using `StaticHandler` on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (`*`) then an attacker can exfiltrate any class path r CVE project by @Sn0wAlice Create: 2023-02-10 03:38:33 +0000 UTC Push: 2023-02-10 03:38:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-23636 In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim. CVE project by @Sn0wAlice Create: 2023-02-10 03:38:29 +0000 UTC Push: 2023-02-10 03:38:31 +0000 UTC |

Live-Hack-CVE/CVE-2022-45491 Buffer overflow vulnerability in function json_parse_value in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. CVE project by @Sn0wAlice Create: 2023-02-10 03:38:24 +0000 UTC Push: 2023-02-10 03:38:27 +0000 UTC |

Live-Hack-CVE/CVE-2022-45492 Buffer overflow vulnerability in function json_parse_number in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. CVE project by @Sn0wAlice Create: 2023-02-10 03:38:18 +0000 UTC Push: 2023-02-10 03:38:20 +0000 UTC |

Live-Hack-CVE/CVE-2021-37304 An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. CVE project by @Sn0wAlice Create: 2023-02-10 03:38:14 +0000 UTC Push: 2023-02-10 03:38:17 +0000 UTC |

Live-Hack-CVE/CVE-2021-37306 An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin. CVE project by @Sn0wAlice Create: 2023-02-10 03:38:09 +0000 UTC Push: 2023-02-10 03:38:12 +0000 UTC |

Live-Hack-CVE/CVE-2021-37305 An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin. CVE project by @Sn0wAlice Create: 2023-02-10 03:38:05 +0000 UTC Push: 2023-02-10 03:38:08 +0000 UTC |

Live-Hack-CVE/CVE-2021-36712 Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function. CVE project by @Sn0wAlice Create: 2023-02-10 03:38:02 +0000 UTC Push: 2023-02-10 03:38:04 +0000 UTC |

Live-Hack-CVE/CVE-2021-36545 Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page. CVE project by @Sn0wAlice Create: 2023-02-10 03:37:58 +0000 UTC Push: 2023-02-10 03:38:00 +0000 UTC |

Live-Hack-CVE/CVE-2021-36538 Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports. CVE project by @Sn0wAlice Create: 2023-02-10 03:37:55 +0000 UTC Push: 2023-02-10 03:37:57 +0000 UTC |