Live-Hack-CVE/CVE-2020-26137 urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. CVE project by @Sn0wAlice Create: 2023-02-01 07:14:11 +0000 UTC Push: 2023-02-01 07:14:13 +0000 UTC |

Live-Hack-CVE/CVE-2019-4383 When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. IBM X-Force ID: 162165. CVE project by @Sn0wAlice Create: 2023-02-01 07:14:08 +0000 UTC Push: 2023-02-01 07:14:10 +0000 UTC |

Halcy0nic/CVE-2022-36752 Proof of concept for CVE-2022-36752 Create: 2023-02-01 07:14:06 +0000 UTC Push: 2023-02-01 07:14:07 +0000 UTC |

Live-Hack-CVE/CVE-2020-26154 url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. CVE project by @Sn0wAlice Create: 2023-02-01 07:14:04 +0000 UTC Push: 2023-02-01 07:14:06 +0000 UTC |

Live-Hack-CVE/CVE-2020-5387 Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Exception Handling vulnerability. A local attacker with physical access could exploit this vulnerability to prevent the system from booting until the exploited boot device is removed. CVE project by @Sn0wAlice Create: 2023-02-01 07:14:01 +0000 UTC Push: 2023-02-01 07:14:03 +0000 UTC |

Live-Hack-CVE/CVE-2020-26164 In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack. CVE project by @Sn0wAlice Create: 2023-02-01 07:13:57 +0000 UTC Push: 2023-02-01 07:13:59 +0000 UTC |

Live-Hack-CVE/CVE-2020-26935 An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query. CVE project by @Sn0wAlice Create: 2023-02-01 07:13:53 +0000 UTC Push: 2023-02-01 07:13:56 +0000 UTC |

Live-Hack-CVE/CVE-2020-13943 If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - in CVE project by @Sn0wAlice Create: 2023-02-01 07:13:50 +0000 UTC Push: 2023-02-01 07:13:52 +0000 UTC |

Live-Hack-CVE/CVE-2020-27619 In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. CVE project by @Sn0wAlice Create: 2023-02-01 07:13:45 +0000 UTC Push: 2023-02-01 07:13:48 +0000 UTC |

Live-Hack-CVE/CVE-2020-26566 A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request. CVE project by @Sn0wAlice Create: 2023-02-01 07:13:42 +0000 UTC Push: 2023-02-01 07:13:44 +0000 UTC |

Live-Hack-CVE/CVE-2019-5609 In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 device emulation used a guest-provided value to determine the size of the on-stack buffer without validation when TCP seg CVE project by @Sn0wAlice Create: 2023-02-01 07:13:38 +0000 UTC Push: 2023-02-01 07:13:40 +0000 UTC |

Live-Hack-CVE/CVE-2019-5608 In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A re CVE project by @Sn0wAlice Create: 2023-02-01 07:13:34 +0000 UTC Push: 2023-02-01 07:13:36 +0000 UTC |

Live-Hack-CVE/CVE-2019-5610 In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user could cause an out-of- CVE project by @Sn0wAlice Create: 2023-02-01 07:13:31 +0000 UTC Push: 2023-02-01 07:13:33 +0000 UTC |

Live-Hack-CVE/CVE-2019-5611 In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the CVE project by @Sn0wAlice Create: 2023-02-01 07:13:27 +0000 UTC Push: 2023-02-01 07:13:29 +0000 UTC |

Live-Hack-CVE/CVE-2019-5612 In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the CVE project by @Sn0wAlice Create: 2023-02-01 07:13:24 +0000 UTC Push: 2023-02-01 07:13:26 +0000 UTC |

Live-Hack-CVE/CVE-2019-9921 An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user. CVE project by @Sn0wAlice Create: 2023-02-01 07:13:20 +0000 UTC Push: 2023-02-01 07:13:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-45494 Buffer overflow vulnerability in function json_parse_object in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. CVE project by @Sn0wAlice Create: 2023-02-01 07:13:16 +0000 UTC Push: 2023-02-01 07:13:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-45297 EQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnerability via the UserPwd parameter. CVE project by @Sn0wAlice Create: 2023-02-01 07:13:13 +0000 UTC Push: 2023-02-01 07:13:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-37708 Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker container can access any files within the Docker container. CVE project by @Sn0wAlice Create: 2023-02-01 07:13:09 +0000 UTC Push: 2023-02-01 07:13:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-32984 BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain sensitive information when a public Point of Sale app is exposed. The sensitive information, found in the HTML source code, includes the xpub of the store. Also, if the store isn't using the internal lightning node, the credentials of a lightning node CVE project by @Sn0wAlice Create: 2023-02-01 07:13:05 +0000 UTC Push: 2023-02-01 07:13:08 +0000 UTC |