Live-Hack-CVE/CVE-2015-10075 A vulnerability was found in Custom-Content-Width 1.0. It has been declared as problematic. Affected by this vulnerability is the function override_content_width/register_settings of the file custom-content-width.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has b CVE project by @Sn0wAlice Create: 2023-02-07 21:25:29 +0000 UTC Push: 2023-02-07 21:25:32 +0000 UTC |

0xFTW/CVE-2022-23935 CVE-2022-23935 exploit PoC exiftool version 12.37 written in python Create: 2023-02-07 21:02:40 +0000 UTC Push: 2023-02-07 21:02:41 +0000 UTC |

amitlttwo/CVE-2021-22986 Create: 2023-02-07 19:19:20 +0000 UTC Push: 2023-02-07 19:19:20 +0000 UTC |

Live-Hack-CVE/CVE-2023-23696 Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. A locally authenticated malicious users could potentially exploit this vulnerability in order to write arbitrary files to the system. CVE project by @Sn0wAlice Create: 2023-02-07 19:15:27 +0000 UTC Push: 2023-02-07 19:15:29 +0000 UTC |

Live-Hack-CVE/CVE-2023-22643 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to CVE project by @Sn0wAlice Create: 2023-02-07 19:15:23 +0000 UTC Push: 2023-02-07 19:15:25 +0000 UTC |

Live-Hack-CVE/CVE-2023-0706 A vulnerability, which was classified as critical, has been found in SourceCodester Medical Certificate Generator App 1.0. Affected by this issue is some unknown functionality of the file manage_record.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier o CVE project by @Sn0wAlice Create: 2023-02-07 19:15:19 +0000 UTC Push: 2023-02-07 19:15:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-31254 A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affe CVE project by @Sn0wAlice Create: 2023-02-07 19:15:15 +0000 UTC Push: 2023-02-07 19:15:18 +0000 UTC |

Live-Hack-CVE/CVE-2015-10074 A vulnerability was found in OpenSeaMap online_chart 1.2. It has been classified as problematic. Affected is the function init of the file index.php. The manipulation of the argument mtext leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version staging is able to address this i CVE project by @Sn0wAlice Create: 2023-02-07 19:15:12 +0000 UTC Push: 2023-02-07 19:15:14 +0000 UTC |

amitlttwo/CVE-2020-5902 Create: 2023-02-07 19:07:23 +0000 UTC Push: 2023-02-07 19:07:23 +0000 UTC |

Live-Hack-CVE/CVE-2023-22736 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions starting with 2.5.0-rc1 and above, prior to 2.5.8, and version 2.6.0-rc4, are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the configured allowed namespaces. Reconciled Ap CVE project by @Sn0wAlice Create: 2023-02-07 14:48:25 +0000 UTC Push: 2023-02-07 14:48:27 +0000 UTC |

Live-Hack-CVE/CVE-2023-24827 syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in the SYFT_ATTEST_PASSWORD environment variable. The `SYFT_ATTEST_PASSWORD` enviro CVE project by @Sn0wAlice Create: 2023-02-07 14:48:22 +0000 UTC Push: 2023-02-07 14:48:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-24808 PDFio is a C library for reading and writing PDF files. In versions prior to 1.1.0 a denial of service (DOS) vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. The pdf which causes this crash found in testing is about 28kb in size and was di CVE project by @Sn0wAlice Create: 2023-02-07 14:48:18 +0000 UTC Push: 2023-02-07 14:48:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-4552 The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack CVE project by @Sn0wAlice Create: 2023-02-07 14:48:14 +0000 UTC Push: 2023-02-07 14:48:16 +0000 UTC |

Live-Hack-CVE/CVE-2022-4553 The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating reseting moods which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydl_posts & lydl_poststimestamp DB tables CVE project by @Sn0wAlice Create: 2023-02-07 14:48:11 +0000 UTC Push: 2023-02-07 14:48:13 +0000 UTC |

Live-Hack-CVE/CVE-2022-4837 The CPO Companion WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. CVE project by @Sn0wAlice Create: 2023-02-07 14:48:07 +0000 UTC Push: 2023-02-07 14:48:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-4872 The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no' CVE project by @Sn0wAlice Create: 2023-02-07 14:48:04 +0000 UTC Push: 2023-02-07 14:48:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-0074 The WP Social Widget WordPress plugin before 2.2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2023-02-07 14:48:00 +0000 UTC Push: 2023-02-07 14:48:02 +0000 UTC |

Live-Hack-CVE/CVE-2023-0033 The PDF Viewer WordPress plugin before 1.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. CVE project by @Sn0wAlice Create: 2023-02-07 14:47:56 +0000 UTC Push: 2023-02-07 14:47:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-0071 The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2023-02-07 14:47:52 +0000 UTC Push: 2023-02-07 14:47:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-45854 An improper check for unusual conditions in Zyxel NWA110AX firmware verisons prior to 6.50(ABTG.0)C0, which could allow a LAN attacker to cause a temporary denial-of-service (DoS) by sending crafted VLAN frames if the MAC address of the vulnerable AP were intercepted by the attacker. CVE project by @Sn0wAlice Create: 2023-02-07 14:47:49 +0000 UTC Push: 2023-02-07 14:47:51 +0000 UTC |