Live-Hack-CVE/CVE-2013-0899 Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds CVE project by @Sn0wAlice Create: 2023-01-24 14:39:48 +0000 UTC Push: 2023-01-24 14:39:51 +0000 UTC |

Live-Hack-CVE/CVE-2020-15645 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getFileFromURL method of the CVE project by @Sn0wAlice Create: 2023-01-24 14:39:45 +0000 UTC Push: 2023-01-24 14:39:47 +0000 UTC |

Live-Hack-CVE/CVE-2020-8026 A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE CVE project by @Sn0wAlice Create: 2023-01-24 14:39:42 +0000 UTC Push: 2023-01-24 14:39:44 +0000 UTC |

Live-Hack-CVE/CVE-2020-15643 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the saveAsText method of the GWTT CVE project by @Sn0wAlice Create: 2023-01-24 14:39:38 +0000 UTC Push: 2023-01-24 14:39:39 +0000 UTC |

Live-Hack-CVE/CVE-2023-22484 cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.g CVE project by @Sn0wAlice Create: 2023-01-24 10:08:43 +0000 UTC Push: 2023-01-24 10:08:46 +0000 UTC |

Live-Hack-CVE/CVE-2023-22483 cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands, when piped to cmark-gf CVE project by @Sn0wAlice Create: 2023-01-24 10:08:40 +0000 UTC Push: 2023-01-24 10:08:42 +0000 UTC |

Live-Hack-CVE/CVE-2023-21796 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21795. CVE project by @Sn0wAlice Create: 2023-01-24 10:08:36 +0000 UTC Push: 2023-01-24 10:08:38 +0000 UTC |

Live-Hack-CVE/CVE-2023-21795 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21796. CVE project by @Sn0wAlice Create: 2023-01-24 10:08:32 +0000 UTC Push: 2023-01-24 10:08:33 +0000 UTC |

Live-Hack-CVE/CVE-2023-21775 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. CVE project by @Sn0wAlice Create: 2023-01-24 10:08:29 +0000 UTC Push: 2023-01-24 10:08:31 +0000 UTC |

Live-Hack-CVE/CVE-2023-21719 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. CVE project by @Sn0wAlice Create: 2023-01-24 10:08:25 +0000 UTC Push: 2023-01-24 10:08:27 +0000 UTC |

Live-Hack-CVE/CVE-2023-23560 In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation. CVE project by @Sn0wAlice Create: 2023-01-24 07:58:02 +0000 UTC Push: 2023-01-24 07:58:04 +0000 UTC |

Live-Hack-CVE/CVE-2023-22960 Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency. CVE project by @Sn0wAlice Create: 2023-01-24 07:57:58 +0000 UTC Push: 2023-01-24 07:58:00 +0000 UTC |

Live-Hack-CVE/CVE-2023-22630 IzyBat Orange casiers before 20221102_1 allows SQL Injection via a getCasier.php?taille= URI. CVE project by @Sn0wAlice Create: 2023-01-24 07:57:54 +0000 UTC Push: 2023-01-24 07:57:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-46639 A vulnerability in the descarga_etiqueta.php component of Correos Prestashop 1.7.x allows attackers to execute a directory traversal. CVE project by @Sn0wAlice Create: 2023-01-24 07:57:50 +0000 UTC Push: 2023-01-24 07:57:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-40034 Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter. CVE project by @Sn0wAlice Create: 2023-01-24 07:57:46 +0000 UTC Push: 2023-01-24 07:57:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-23005 Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist in some systems where the Host boot ROM code implements the UFS Boot feature to boot from UFS compliant storage devices. The UFS Boot feature, as specified in the UFS standard, is pr CVE project by @Sn0wAlice Create: 2023-01-24 07:57:42 +0000 UTC Push: 2023-01-24 07:57:45 +0000 UTC |

Live-Hack-CVE/CVE-2018-20104 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-24 07:57:38 +0000 UTC Push: 2023-01-24 07:57:41 +0000 UTC |

Live-Hack-CVE/CVE-2023-22852 Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php. CVE project by @Sn0wAlice Create: 2023-01-24 05:45:21 +0000 UTC Push: 2023-01-24 05:45:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-22853 Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval. CVE project by @Sn0wAlice Create: 2023-01-24 05:45:17 +0000 UTC Push: 2023-01-24 05:45:20 +0000 UTC |

Live-Hack-CVE/CVE-2021-46872 An issue was discovered in Nim before 1.6.2. The RST module of the Nim language stdlib, as used in NimForum and other products, permits the javascript: URI scheme and thus can lead to XSS in some applications. (Nim versions 1.6.2 and later are fixed; there may be backports of the fix to some earlier versions. NimForum CVE project by @Sn0wAlice Create: 2023-01-24 05:45:03 +0000 UTC Push: 2023-01-24 05:45:05 +0000 UTC |