Live-Hack-CVE/CVE-2023-0591 ubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the process has write access to that file or directory). This is due to the fact that a node name (dent_node.name) is consider CVE project by @Sn0wAlice Create: 2023-01-31 20:16:22 +0000 UTC Push: 2023-01-31 20:16:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-44644 In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 w CVE project by @Sn0wAlice Create: 2023-01-31 20:16:18 +0000 UTC Push: 2023-01-31 20:16:21 +0000 UTC |

mistymntncop/CVE-2022-26485 Create: 2023-01-31 17:01:17 +0000 UTC Push: 2023-01-31 17:10:21 +0000 UTC |

Live-Hack-CVE/CVE-2020-8184 A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. CVE project by @Sn0wAlice Create: 2023-01-31 14:48:31 +0000 UTC Push: 2023-01-31 14:48:33 +0000 UTC |

Live-Hack-CVE/CVE-2020-8161 A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure. CVE project by @Sn0wAlice Create: 2023-01-31 14:48:27 +0000 UTC Push: 2023-01-31 14:48:30 +0000 UTC |

Live-Hack-CVE/CVE-2022-24785 Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2 CVE project by @Sn0wAlice Create: 2023-01-31 14:48:24 +0000 UTC Push: 2023-01-31 14:48:26 +0000 UTC |

Live-Hack-CVE/CVE-2022-47951 An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user ma CVE project by @Sn0wAlice Create: 2023-01-31 14:48:11 +0000 UTC Push: 2023-01-31 14:48:13 +0000 UTC |

Live-Hack-CVE/CVE-2022-44897 A cross-site scripting (XSS) vulnerability in ApolloTheme AP PageBuilder component through 2.4.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the show_number parameter. CVE project by @Sn0wAlice Create: 2023-01-31 14:48:07 +0000 UTC Push: 2023-01-31 14:48:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-30421 Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained via(local) password authentication module. CVE project by @Sn0wAlice Create: 2023-01-31 14:48:03 +0000 UTC Push: 2023-01-31 14:48:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-40258 AMI Megarac Weak password hashes for Redfish & API CVE project by @Sn0wAlice Create: 2023-01-31 14:47:59 +0000 UTC Push: 2023-01-31 14:48:01 +0000 UTC |

Live-Hack-CVE/CVE-2022-4441 Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before 04.9.1. CVE project by @Sn0wAlice Create: 2023-01-31 14:47:56 +0000 UTC Push: 2023-01-31 14:47:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-4041 Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1. CVE project by @Sn0wAlice Create: 2023-01-31 14:47:53 +0000 UTC Push: 2023-01-31 14:47:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-4898 In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was taken to prevent the possib CVE project by @Sn0wAlice Create: 2023-01-31 14:47:47 +0000 UTC Push: 2023-01-31 14:47:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-25979 Versions of the package jsuites before 5.0.1 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization in the Editor() function. CVE project by @Sn0wAlice Create: 2023-01-31 14:47:44 +0000 UTC Push: 2023-01-31 14:47:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-25881 This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library. CVE project by @Sn0wAlice Create: 2023-01-31 14:47:40 +0000 UTC Push: 2023-01-31 14:47:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-21129 Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies. CVE project by @Sn0wAlice Create: 2023-01-31 14:47:37 +0000 UTC Push: 2023-01-31 14:47:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-32517 A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. CVE project by @Sn0wAlice Create: 2023-01-31 10:17:30 +0000 UTC Push: 2023-01-31 10:17:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-48175 Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request. CVE project by @Sn0wAlice Create: 2023-01-31 10:17:27 +0000 UTC Push: 2023-01-31 10:17:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-32514 A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to gain control of the device when logging into a web page. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0 CVE project by @Sn0wAlice Create: 2023-01-31 10:17:24 +0000 UTC Push: 2023-01-31 10:17:26 +0000 UTC |

Live-Hack-CVE/CVE-2022-32748 A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise other devices in the ne CVE project by @Sn0wAlice Create: 2023-01-31 10:17:19 +0000 UTC Push: 2023-01-31 10:17:22 +0000 UTC |