Live-Hack-CVE/CVE-2022-27628 Cross-Site Request Forgery (CSRF) vulnerability in AA-Team WZone – Lite Version plugin 3.1 Lite versions. CVE project by @Sn0wAlice Create: 2023-02-06 23:16:31 +0000 UTC Push: 2023-02-06 23:16:34 +0000 UTC |

Live-Hack-CVE/CVE-2022-48164 An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. CVE project by @Sn0wAlice Create: 2023-02-06 23:16:28 +0000 UTC Push: 2023-02-06 23:16:30 +0000 UTC |

Live-Hack-CVE/CVE-2022-48085 Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter. CVE project by @Sn0wAlice Create: 2023-02-06 23:16:24 +0000 UTC Push: 2023-02-06 23:16:26 +0000 UTC |

Live-Hack-CVE/CVE-2022-44343 CRMEB 4.4.4 is vulnerable to Any File download. CVE project by @Sn0wAlice Create: 2023-02-06 23:16:20 +0000 UTC Push: 2023-02-06 23:16:23 +0000 UTC |

Live-Hack-CVE/CVE-2021-36226 Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files. CVE project by @Sn0wAlice Create: 2023-02-06 23:16:16 +0000 UTC Push: 2023-02-06 23:16:19 +0000 UTC |

Live-Hack-CVE/CVE-2021-36225 Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation. CVE project by @Sn0wAlice Create: 2023-02-06 23:16:13 +0000 UTC Push: 2023-02-06 23:16:15 +0000 UTC |

Live-Hack-CVE/CVE-2021-36224 Western Digital My Cloud devices before OS5 have a nobody account with a blank password. CVE project by @Sn0wAlice Create: 2023-02-06 23:16:09 +0000 UTC Push: 2023-02-06 23:16:11 +0000 UTC |

Live-Hack-CVE/CVE-2023-24057 HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged terminology cache, NPM package, or comparison archive). CVE project by @Sn0wAlice Create: 2023-02-06 23:16:03 +0000 UTC Push: 2023-02-06 23:16:06 +0000 UTC |

Live-Hack-CVE/CVE-2021-3322 Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3 CVE project by @Sn0wAlice Create: 2023-02-06 23:15:59 +0000 UTC Push: 2023-02-06 23:16:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-47065 ** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only af CVE project by @Sn0wAlice Create: 2023-02-06 23:15:53 +0000 UTC Push: 2023-02-06 23:15:56 +0000 UTC |

Live-Hack-CVE/CVE-2021-29368 Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on November 12, 2019 allows attackers to gain access to arbitrary user sessions. CVE project by @Sn0wAlice Create: 2023-02-06 23:15:47 +0000 UTC Push: 2023-02-06 23:15:50 +0000 UTC |

Live-Hack-CVE/CVE-2023-0444 A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. A default user 'User', which is in the 'Read Only User' group, can view the password of another default user 'Administrator', which is in the 'Administrator' group. This allows any lower privileged user to log in as an CVE project by @Sn0wAlice Create: 2023-02-06 23:15:43 +0000 UTC Push: 2023-02-06 23:15:45 +0000 UTC |

Live-Hack-CVE/CVE-2022-45496 Buffer overflow vulnerability in function json_parse_string in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. CVE project by @Sn0wAlice Create: 2023-02-06 22:11:02 +0000 UTC Push: 2023-02-06 22:11:04 +0000 UTC |

Live-Hack-CVE/CVE-2022-45493 Buffer overflow vulnerability in function json_parse_key in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. CVE project by @Sn0wAlice Create: 2023-02-06 22:10:58 +0000 UTC Push: 2023-02-06 22:11:00 +0000 UTC |

Vulnmachines/imagemagick-CVE-2022-44268 Imagemagick CVE-2022-44268 Create: 2023-02-06 18:45:42 +0000 UTC Push: 2023-02-06 18:45:42 +0000 UTC |

Live-Hack-CVE/CVE-2017-20176 A vulnerability classified as problematic was found in ciubotaru share-on-diaspora 0.7.9. This vulnerability affects unknown code of the file new_window.php. The manipulation of the argument title/url leads to cross site scripting. The attack can be initiated remotely. The name of the patch is fb6fae2f8a9b146471450b5b0 CVE project by @Sn0wAlice Create: 2023-02-06 14:31:13 +0000 UTC Push: 2023-02-06 14:31:15 +0000 UTC |

Live-Hack-CVE/CVE-2014-125086 A vulnerability has been found in Gimmie Plugin 1.2.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file trigger_login.php. The manipulation of the argument userid leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is f CVE project by @Sn0wAlice Create: 2023-02-06 14:31:09 +0000 UTC Push: 2023-02-06 14:31:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-25855 All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. CVE project by @Sn0wAlice Create: 2023-02-06 14:31:06 +0000 UTC Push: 2023-02-06 14:31:08 +0000 UTC |

Live-Hack-CVE/CVE-2022-25853 All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization. CVE project by @Sn0wAlice Create: 2023-02-06 14:31:02 +0000 UTC Push: 2023-02-06 14:31:04 +0000 UTC |

Timorlover/CVE-2023-23333 There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php. Create: 2023-02-06 14:20:40 +0000 UTC Push: 2023-02-06 14:20:41 +0000 UTC |