Live-Hack-CVE/CVE-2022-43721 An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. CVE project by @Sn0wAlice Create: 2023-01-16 21:33:45 +0000 UTC Push: 2023-01-16 21:33:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-43720 An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. CVE project by @Sn0wAlice Create: 2023-01-16 21:33:40 +0000 UTC Push: 2023-01-16 21:33:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-43719 Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. CVE project by @Sn0wAlice Create: 2023-01-16 21:33:37 +0000 UTC Push: 2023-01-16 21:33:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-43718 Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. CVE project by @Sn0wAlice Create: 2023-01-16 21:33:32 +0000 UTC Push: 2023-01-16 21:33:34 +0000 UTC |

Live-Hack-CVE/CVE-2022-43717 Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. CVE project by @Sn0wAlice Create: 2023-01-16 21:33:29 +0000 UTC Push: 2023-01-16 21:33:31 +0000 UTC |

Live-Hack-CVE/CVE-2022-41703 A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag "ALLOW_ADHOC_SUB CVE project by @Sn0wAlice Create: 2023-01-16 21:33:24 +0000 UTC Push: 2023-01-16 21:33:27 +0000 UTC |

Live-Hack-CVE/CVE-2016-15020 A vulnerability was found in liftkit database up to 2.13.1. It has been classified as critical. This affects the function processOrderBy of the file src/Query/Query.php. The manipulation leads to sql injection. Upgrading to version 2.13.2 is able to address this issue. The name of the patch is 42ec8f2b22e0b0b98fb5b4444 CVE project by @Sn0wAlice Create: 2023-01-16 21:33:19 +0000 UTC Push: 2023-01-16 21:33:23 +0000 UTC |

Live-Hack-CVE/CVE-2013-10012 A vulnerability, which was classified as critical, was found in antonbolling clan7ups. Affected is an unknown function of the component Login/Session. The manipulation leads to sql injection. The name of the patch is 25afad571c488291033958d845830ba0a1710764. It is recommended to apply a patch to fix this issue. The ide CVE project by @Sn0wAlice Create: 2023-01-16 21:33:15 +0000 UTC Push: 2023-01-16 21:33:16 +0000 UTC |

Live-Hack-CVE/CVE-2010-10005 A vulnerability was found in msmania poodim. It has been declared as critical. This vulnerability affects unknown code of the component Command Line Argument Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The name of the patch is 6340d5d2c81e55e61522c4b40a6cdd5c397 CVE project by @Sn0wAlice Create: 2023-01-16 21:33:11 +0000 UTC Push: 2023-01-16 21:33:14 +0000 UTC |

Live-Hack-CVE/CVE-2021-4313 A vulnerability was found in NethServer phonenehome. It has been rated as critical. This issue affects the function get_info/get_country_coor of the file server/index.php. The manipulation leads to sql injection. The name of the patch is 759c30b0ddd7d493836bbdf695cf71624b377391. It is recommended to apply a patch to fi CVE project by @Sn0wAlice Create: 2023-01-16 21:33:07 +0000 UTC Push: 2023-01-16 21:33:10 +0000 UTC |

Live-Hack-CVE/CVE-2018-25076 A vulnerability classified as critical was found in Events Extension. Affected by this vulnerability is the function getRandomFeaturedEventByDate/getUpcomingFeaturedEventsInCategoriesWithSubcategories/recacheEvent/searchResults of the file classes/events.php. The manipulation leads to sql injection. The name of the pat CVE project by @Sn0wAlice Create: 2023-01-16 21:33:02 +0000 UTC Push: 2023-01-16 21:33:06 +0000 UTC |

Live-Hack-CVE/CVE-2015-10053 A vulnerability classified as critical has been found in prodigasistemas curupira up to 0.1.3. Affected is an unknown function of the file app/controllers/curupira/passwords_controller.rb. The manipulation leads to sql injection. Upgrading to version 0.1.4 is able to address this issue. The name of the patch is 93a9a77 CVE project by @Sn0wAlice Create: 2023-01-16 21:32:58 +0000 UTC Push: 2023-01-16 21:33:01 +0000 UTC |

Live-Hack-CVE/CVE-2022-4258 In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system. CVE project by @Sn0wAlice Create: 2023-01-16 19:19:19 +0000 UTC Push: 2023-01-16 19:19:23 +0000 UTC |

N1arut/CVE-2022-46169_POC RCE POC for CVE-2022-46169 Create: 2023-01-16 18:21:26 +0000 UTC Push: 2023-01-16 18:21:26 +0000 UTC |

o0MattE0o/CVE-2022-41099-Fix Update WINRE.WIM file to fix CVE-2022-41099 Create: 2023-01-16 16:57:29 +0000 UTC Push: 2023-01-19 00:42:36 +0000 UTC |

wh-gov/CVE-2022-46463 Create: 2023-01-16 15:10:13 +0000 UTC Push: 2023-01-16 15:10:13 +0000 UTC |

Live-Hack-CVE/CVE-2023-0316 Path Traversal: '\..\filename' in GitHub repository froxlor/froxlor prior to 2.0.0. CVE project by @Sn0wAlice Create: 2023-01-16 14:58:58 +0000 UTC Push: 2023-01-16 14:59:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-0315 Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8. CVE project by @Sn0wAlice Create: 2023-01-16 14:58:54 +0000 UTC Push: 2023-01-16 14:58:57 +0000 UTC |

pmihsan/OverlayFS-CVE-2021-3493 Create: 2023-01-16 12:29:39 +0000 UTC Push: 2023-01-16 12:29:40 +0000 UTC |

aalex954/CVE-2022-23529-PoC CVE-2022-23529-PoC Create: 2023-01-16 10:35:54 +0000 UTC Push: 2023-01-16 10:35:54 +0000 UTC |