Live-Hack-CVE/CVE-2015-10020 A vulnerability has been found in ssn2013 cis450Project and classified as critical. This vulnerability affects the function addUser of the file HeatMapServer/src/com/datformers/servlet/AddAppUser.java. The manipulation leads to sql injection. The name of the patch is 39b495011437a105c7670e17e071f99195b4922e. It is reco CVE project by @Sn0wAlice Create: 2023-01-15 08:08:48 +0000 UTC Push: 2023-01-15 08:08:51 +0000 UTC |

Live-Hack-CVE/CVE-2022-4711 The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu settings for any m CVE project by @Sn0wAlice Create: 2023-01-15 08:08:44 +0000 UTC Push: 2023-01-15 08:08:47 +0000 UTC |

Live-Hack-CVE/CVE-2016-15017 A vulnerability has been found in fabarea media_upload and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrading to version 0.9.0 is able to address this issue. The name of the patch CVE project by @Sn0wAlice Create: 2023-01-15 08:08:39 +0000 UTC Push: 2023-01-15 08:08:42 +0000 UTC |

Live-Hack-CVE/CVE-2017-20167 A vulnerability, which was classified as problematic, was found in Minichan. This affects an unknown part of the file reports.php. The manipulation of the argument headline leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is fc0e732e58630cba318d6bf49d1388a7aa9d390e. I CVE project by @Sn0wAlice Create: 2023-01-15 05:55:38 +0000 UTC Push: 2023-01-15 05:55:39 +0000 UTC |

Live-Hack-CVE/CVE-2023-0301 Cross-site Scripting (XSS) - Stored in GitHub repository alfio-event/alf.io prior to Alf.io 2.0-M4-2301. CVE project by @Sn0wAlice Create: 2023-01-15 03:42:30 +0000 UTC Push: 2023-01-15 03:42:33 +0000 UTC |

Live-Hack-CVE/CVE-2023-0300 Cross-site Scripting (XSS) - Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301. CVE project by @Sn0wAlice Create: 2023-01-15 03:42:26 +0000 UTC Push: 2023-01-15 03:42:29 +0000 UTC |

Live-Hack-CVE/CVE-2023-0299 Improper Input Validation in GitHub repository publify/publify prior to 9.2.10. CVE project by @Sn0wAlice Create: 2023-01-15 01:32:35 +0000 UTC Push: 2023-01-15 01:32:36 +0000 UTC |

pwneddr/-Sonic_CVE-2022-22274-_poc Create: 2023-01-15 01:15:53 +0000 UTC Push: 2023-01-15 01:15:54 +0000 UTC |

pwneddr/Sonic_CVE-2022-22274_poc Create: 2023-01-15 01:15:53 +0000 UTC Push: 2023-01-15 01:17:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-2815 Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10. CVE project by @Sn0wAlice Create: 2023-01-14 23:18:56 +0000 UTC Push: 2023-01-14 23:18:59 +0000 UTC |

Live-Hack-CVE/CVE-2022-1812 Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10. CVE project by @Sn0wAlice Create: 2023-01-14 23:18:52 +0000 UTC Push: 2023-01-14 23:18:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-45353 Broken Access Control in Betheme theme <= 26.6.1 on WordPress. CVE project by @Sn0wAlice Create: 2023-01-14 22:12:03 +0000 UTC Push: 2023-01-14 22:12:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-38467 Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms – WordPress Form Builder <= 1.1.0 ver. CVE project by @Sn0wAlice Create: 2023-01-14 22:11:58 +0000 UTC Push: 2023-01-14 22:12:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-0298 Improper Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0. CVE project by @Sn0wAlice Create: 2023-01-14 19:58:23 +0000 UTC Push: 2023-01-14 19:58:26 +0000 UTC |

Live-Hack-CVE/CVE-2023-22602 When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching. CVE project by @Sn0wAlice Create: 2023-01-14 19:58:19 +0000 UTC Push: 2023-01-14 19:58:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-32325 JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. CVE project by @Sn0wAlice Create: 2023-01-14 14:31:31 +0000 UTC Push: 2023-01-14 14:31:34 +0000 UTC |

Live-Hack-CVE/CVE-2023-0297 Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. CVE project by @Sn0wAlice Create: 2023-01-14 14:31:25 +0000 UTC Push: 2023-01-14 14:31:28 +0000 UTC |

Live-Hack-CVE/CVE-2023-22469 Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There are currently no known wo CVE project by @Sn0wAlice Create: 2023-01-14 14:31:14 +0000 UTC Push: 2023-01-14 14:31:16 +0000 UTC |

Live-Hack-CVE/CVE-2023-22479 KubePi is a modern Kubernetes panel. A session fixation attack allows an attacker to hijack a legitimate user session, versions 1.6.3 and below are susceptible. A patch will be released in version 1.6.4. CVE project by @Sn0wAlice Create: 2023-01-14 14:31:10 +0000 UTC Push: 2023-01-14 14:31:13 +0000 UTC |

Live-Hack-CVE/CVE-2022-45167 An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to access the profile information of all connected users. CVE project by @Sn0wAlice Create: 2023-01-14 14:31:06 +0000 UTC Push: 2023-01-14 14:31:09 +0000 UTC |