Live-Hack-CVE/CVE-2023-25163 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logged. The error message is visible when a u CVE project by @Sn0wAlice Create: 2023-02-09 07:47:30 +0000 UTC Push: 2023-02-09 07:47:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-47648 Bosch Security Systems B420 firmware 02.02.0001 employs IP based authorization in its authentication mechanism, allowing attackers to access the device as long as they are on the same network as a legitimate user. CVE project by @Sn0wAlice Create: 2023-02-09 07:47:27 +0000 UTC Push: 2023-02-09 07:47:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-45982 thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload. CVE project by @Sn0wAlice Create: 2023-02-09 07:47:24 +0000 UTC Push: 2023-02-09 07:47:26 +0000 UTC |

Live-Hack-CVE/CVE-2022-38778 A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process. CVE project by @Sn0wAlice Create: 2023-02-09 07:47:20 +0000 UTC Push: 2023-02-09 07:47:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-38777 An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. CVE project by @Sn0wAlice Create: 2023-02-09 07:47:16 +0000 UTC Push: 2023-02-09 07:47:19 +0000 UTC |

Live-Hack-CVE/CVE-2023-24508 Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validate CVE project by @Sn0wAlice Create: 2023-02-09 07:47:12 +0000 UTC Push: 2023-02-09 07:47:14 +0000 UTC |

Live-Hack-CVE/CVE-2022-26872 AMI Megarac Password reset interception via API CVE project by @Sn0wAlice Create: 2023-02-09 07:47:08 +0000 UTC Push: 2023-02-09 07:47:11 +0000 UTC |

Live-Hack-CVE/CVE-2019-15112 The wp-slimstat plugin before 4.8.1 for WordPress has XSS. CVE project by @Sn0wAlice Create: 2023-02-09 07:46:57 +0000 UTC Push: 2023-02-09 07:46:59 +0000 UTC |

Live-Hack-CVE/CVE-2017-18540 The weblibrarian plugin before 3.4.8.7 for WordPress has XSS via front-end short codes. CVE project by @Sn0wAlice Create: 2023-02-09 07:46:54 +0000 UTC Push: 2023-02-09 07:46:56 +0000 UTC |

Live-Hack-CVE/CVE-2017-18538 The weblibrarian plugin before 3.4.8.5 for WordPress has XSS via front-end short codes. CVE project by @Sn0wAlice Create: 2023-02-09 07:46:50 +0000 UTC Push: 2023-02-09 07:46:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-4304 A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulne CVE project by @Sn0wAlice Create: 2023-02-09 05:33:35 +0000 UTC Push: 2023-02-09 05:33:38 +0000 UTC |

Live-Hack-CVE/CVE-2022-34350 IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS loo CVE project by @Sn0wAlice Create: 2023-02-09 05:33:31 +0000 UTC Push: 2023-02-09 05:33:34 +0000 UTC |

Live-Hack-CVE/CVE-2023-23131 Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security (ATS) Settings. CVE project by @Sn0wAlice Create: 2023-02-09 05:33:26 +0000 UTC Push: 2023-02-09 05:33:28 +0000 UTC |

Live-Hack-CVE/CVE-2023-0617 A vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0. It has been classified as critical. This affects an unknown part of the file /wireless/guestnetwork.asp of the component httpd. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the publ CVE project by @Sn0wAlice Create: 2023-02-09 05:33:20 +0000 UTC Push: 2023-02-09 05:33:22 +0000 UTC |

Live-Hack-CVE/CVE-2023-0618 A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. It has been declared as critical. This vulnerability affects unknown code of the file cfg_op.ccp of the component Web Service. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the public and may CVE project by @Sn0wAlice Create: 2023-02-09 05:33:16 +0000 UTC Push: 2023-02-09 05:33:19 +0000 UTC |

Live-Hack-CVE/CVE-2023-23136 lmxcms v1.41 was discovered to contain an arbitrary file deletion vulnerability via BackdbAction.class.php. CVE project by @Sn0wAlice Create: 2023-02-09 05:33:09 +0000 UTC Push: 2023-02-09 05:33:11 +0000 UTC |

Live-Hack-CVE/CVE-2023-22575 Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user could potentially exploit this vulnerability, leading to information disclosure and escalation of privileges. CVE project by @Sn0wAlice Create: 2023-02-09 05:33:04 +0000 UTC Push: 2023-02-09 05:33:07 +0000 UTC |

Live-Hack-CVE/CVE-2022-46842 Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions. CVE project by @Sn0wAlice Create: 2023-02-09 05:32:54 +0000 UTC Push: 2023-02-09 05:32:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-46815 Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 versions. CVE project by @Sn0wAlice Create: 2023-02-09 05:32:51 +0000 UTC Push: 2023-02-09 05:32:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-45807 Cross-Site Request Forgery (CSRF) in WPVibes WP Mail Log plugin <= 1.0.1 versions. CVE project by @Sn0wAlice Create: 2023-02-09 05:32:47 +0000 UTC Push: 2023-02-09 05:32:50 +0000 UTC |