unSafe.sh - 不安全

Live-Hack-CVE/CVE-2023-24623 Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses. CVE project by @Sn0wAlice
Create: 2023-01-30 14:39:01 +0000 UTC Push: 2023-01-30 14:39:03 +0000 UTC |

Live-Hack-CVE/CVE-2023-24622 isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF. CVE project by @Sn0wAlice
Create: 2023-01-30 14:38:57 +0000 UTC Push: 2023-01-30 14:39:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-25967 Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. **Note:** This is exploitable only for users who are rendering templates with user-defined data. CVE project by @Sn0wAlice
Create: 2023-01-30 14:38:54 +0000 UTC Push: 2023-01-30 14:38:56 +0000 UTC |

Live-Hack-CVE/CVE-2022-25936 Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable. CVE project by @Sn0wAlice
Create: 2023-01-30 14:38:51 +0000 UTC Push: 2023-01-30 14:38:53 +0000 UTC |

l00neyhacker/CVE-2023-23132 CVE-2023-23132
Create: 2023-01-30 12:17:44 +0000 UTC Push: 2023-01-30 12:17:44 +0000 UTC |

l00neyhacker/CVE-2023-23131 CVE-2023-23131
Create: 2023-01-30 12:16:08 +0000 UTC Push: 2023-01-30 12:16:09 +0000 UTC |

l00neyhacker/CVE-2023-23130 CVE-2023-23130
Create: 2023-01-30 12:15:19 +0000 UTC Push: 2023-01-30 12:15:19 +0000 UTC |

l00neyhacker/CVE-2023-23128 CVE-2023-23128
Create: 2023-01-30 12:13:36 +0000 UTC Push: 2023-01-30 12:13:36 +0000 UTC |

l00neyhacker/CVE-2023-23127 CVE-2023-23127
Create: 2023-01-30 12:12:17 +0000 UTC Push: 2023-01-30 12:12:18 +0000 UTC |

l00neyhacker/CVE-2023-23126 CVE-2023-23126
Create: 2023-01-30 12:11:14 +0000 UTC Push: 2023-01-30 12:11:15 +0000 UTC |

l00neyhacker/CVE-2022-47717 CVE-2022-47717
Create: 2023-01-30 12:09:36 +0000 UTC Push: 2023-01-30 12:09:36 +0000 UTC |

l00neyhacker/CVE-2022-47715
Create: 2023-01-30 12:02:12 +0000 UTC Push: 2023-01-30 12:02:13 +0000 UTC |

l00neyhacker/CVE-2022-47714. CVE-2022-47714.
Create: 2023-01-30 11:59:02 +0000 UTC Push: 2023-01-30 12:00:02 +0000 UTC |

l00neyhacker/CVE-2022-47714 CVE-2022-47714
Create: 2023-01-30 11:59:02 +0000 UTC Push: 2023-01-30 12:00:40 +0000 UTC |

Live-Hack-CVE/CVE-2023-0572 Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10. CVE project by @Sn0wAlice
Create: 2023-01-30 10:16:07 +0000 UTC Push: 2023-01-30 10:16:09 +0000 UTC |

Live-Hack-CVE/CVE-2021-46873 WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim's system time to a future value, e.g., because unauthenticated NTP is used. This can lead to an outcome in which one static private key becomes permanently useless. CVE project by @Sn0wAlice
Create: 2023-01-30 10:16:03 +0000 UTC Push: 2023-01-30 10:16:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-24065 NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name (of a physician, assistant, or billing user) can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for health charting. CVE project by @Sn0wAlice
Create: 2023-01-30 08:04:38 +0000 UTC Push: 2023-01-30 08:04:41 +0000 UTC |

Live-Hack-CVE/CVE-2023-0566 Static Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10. CVE project by @Sn0wAlice
Create: 2023-01-30 08:04:35 +0000 UTC Push: 2023-01-30 08:04:37 +0000 UTC |

Live-Hack-CVE/CVE-2023-0565 Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10. CVE project by @Sn0wAlice
Create: 2023-01-30 08:04:32 +0000 UTC Push: 2023-01-30 08:04:34 +0000 UTC |

Live-Hack-CVE/CVE-2016-15022 A vulnerability was found in mosbth cimage up to 0.7.18. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file check_system.php. The manipulation of the argument $_SERVER['SERVER_SOFTWARE'] leads to cross site scripting. The attack can be launched remotely. Upgradin CVE project by @Sn0wAlice
Create: 2023-01-30 05:52:53 +0000 UTC Push: 2023-01-30 05:52:55 +0000 UTC |