Live-Hack-CVE/CVE-2019-17675 WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF. CVE project by @Sn0wAlice Create: 2023-02-04 08:21:14 +0000 UTC Push: 2023-02-04 08:21:17 +0000 UTC |

Live-Hack-CVE/CVE-2019-17674 WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer. CVE project by @Sn0wAlice Create: 2023-02-04 08:21:11 +0000 UTC Push: 2023-02-04 08:21:13 +0000 UTC |

Live-Hack-CVE/CVE-2019-2924 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Suc CVE project by @Sn0wAlice Create: 2023-02-04 08:21:05 +0000 UTC Push: 2023-02-04 08:21:07 +0000 UTC |

Live-Hack-CVE/CVE-2019-2920 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 5.3.13 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successfu CVE project by @Sn0wAlice Create: 2023-02-04 08:21:01 +0000 UTC Push: 2023-02-04 08:21:03 +0000 UTC |

Live-Hack-CVE/CVE-2019-2922 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Suc CVE project by @Sn0wAlice Create: 2023-02-04 08:20:57 +0000 UTC Push: 2023-02-04 08:21:00 +0000 UTC |

Live-Hack-CVE/CVE-2019-2923 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Suc CVE project by @Sn0wAlice Create: 2023-02-04 08:20:54 +0000 UTC Push: 2023-02-04 08:20:56 +0000 UTC |

Live-Hack-CVE/CVE-2019-16095 Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c. CVE project by @Sn0wAlice Create: 2023-02-04 08:20:51 +0000 UTC Push: 2023-02-04 08:20:53 +0000 UTC |

Live-Hack-CVE/CVE-2019-16094 Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. CVE project by @Sn0wAlice Create: 2023-02-04 08:20:47 +0000 UTC Push: 2023-02-04 08:20:50 +0000 UTC |

Live-Hack-CVE/CVE-2019-16093 Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. CVE project by @Sn0wAlice Create: 2023-02-04 08:20:44 +0000 UTC Push: 2023-02-04 08:20:46 +0000 UTC |

Live-Hack-CVE/CVE-2019-16092 Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c. CVE project by @Sn0wAlice Create: 2023-02-04 08:20:41 +0000 UTC Push: 2023-02-04 08:20:43 +0000 UTC |

Live-Hack-CVE/CVE-2019-16091 Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c. CVE project by @Sn0wAlice Create: 2023-02-04 08:20:37 +0000 UTC Push: 2023-02-04 08:20:39 +0000 UTC |

Live-Hack-CVE/CVE-2023-23615 Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by deleting all embedda CVE project by @Sn0wAlice Create: 2023-02-04 08:20:33 +0000 UTC Push: 2023-02-04 08:20:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-23082 A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument. CVE project by @Sn0wAlice Create: 2023-02-04 08:20:30 +0000 UTC Push: 2023-02-04 08:20:32 +0000 UTC |

Live-Hack-CVE/CVE-2023-22746 CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the `.env` file, that key was shar CVE project by @Sn0wAlice Create: 2023-02-04 08:20:26 +0000 UTC Push: 2023-02-04 08:20:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-24895 Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers t CVE project by @Sn0wAlice Create: 2023-02-04 08:20:23 +0000 UTC Push: 2023-02-04 08:20:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-24894 Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the `AbstractSessionListener`, the response might contain a `Set CVE project by @Sn0wAlice Create: 2023-02-04 08:20:19 +0000 UTC Push: 2023-02-04 08:20:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-23498 Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including `grafana_session`. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the vulnerability you can d CVE project by @Sn0wAlice Create: 2023-02-04 08:20:16 +0000 UTC Push: 2023-02-04 08:20:18 +0000 UTC |

Live-Hack-CVE/CVE-2019-4156 IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:56 +0000 UTC Push: 2023-02-04 06:06:58 +0000 UTC |

Live-Hack-CVE/CVE-2019-4157 IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:52 +0000 UTC Push: 2023-02-04 06:06:54 +0000 UTC |

Live-Hack-CVE/CVE-2019-4250 IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust CVE project by @Sn0wAlice Create: 2023-02-04 06:06:48 +0000 UTC Push: 2023-02-04 06:06:51 +0000 UTC |