Live-Hack-CVE/CVE-2022-4705 The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to finalize activation of preset site configuration CVE project by @Sn0wAlice Create: 2023-01-13 19:41:24 +0000 UTC Push: 2023-01-13 19:41:27 +0000 UTC |

Live-Hack-CVE/CVE-2022-3693 The File Management System developed by FileOrbis before version 10.6.3 has an unauthenticated local file inclusion and path traversal vulnerability. This has been fixed in the version 10.6.3 CVE project by @Sn0wAlice Create: 2023-01-13 19:41:20 +0000 UTC Push: 2023-01-13 19:41:22 +0000 UTC |

Live-Hack-CVE/CVE-2023-0283 A vulnerability classified as critical has been found in SourceCodester Online Flight Booking Management System. This affects an unknown part of the file review_search.php of the component POST Parameter Handler. The manipulation of the argument txtsearch leads to sql injection. It is possible to initiate the attack re CVE project by @Sn0wAlice Create: 2023-01-13 19:40:59 +0000 UTC Push: 2023-01-13 19:41:02 +0000 UTC |

Live-Hack-CVE/CVE-2023-0281 A vulnerability was found in SourceCodester Online Flight Booking Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file judge_panel.php. The manipulation of the argument subevent_id leads to sql injection. The attack may be launched remotely. The exploit has CVE project by @Sn0wAlice Create: 2023-01-13 19:40:55 +0000 UTC Push: 2023-01-13 19:40:58 +0000 UTC |

hfh86/CVE-2022-3317 Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 106.0.5249.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) Create: 2023-01-13 16:06:54 +0000 UTC Push: 2023-01-13 16:06:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-46502 Online Student Enrollment System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /student_enrollment/admin/login.php. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:59 +0000 UTC Push: 2023-01-13 14:15:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-42285 DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:55 +0000 UTC Push: 2023-01-13 14:14:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-42284 NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This may lead to a credentials exposure. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:51 +0000 UTC Push: 2023-01-13 14:14:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-42283 NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:48 +0000 UTC Push: 2023-01-13 14:14:50 +0000 UTC |

Live-Hack-CVE/CVE-2022-42282 NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitrary files, which may lead to information disclosure. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:44 +0000 UTC Push: 2023-01-13 14:14:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-42281 NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:40 +0000 UTC Push: 2023-01-13 14:14:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-42280 NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can exploit a path traversal, which may lead to authentication bypass. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:36 +0000 UTC Push: 2023-01-13 14:14:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-42279 NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:32 +0000 UTC Push: 2023-01-13 14:14:35 +0000 UTC |

Live-Hack-CVE/CVE-2022-42278 NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data tampering. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:28 +0000 UTC Push: 2023-01-13 14:14:31 +0000 UTC |

Live-Hack-CVE/CVE-2022-42277 NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:24 +0000 UTC Push: 2023-01-13 14:14:27 +0000 UTC |

Live-Hack-CVE/CVE-2022-42276 NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:20 +0000 UTC Push: 2023-01-13 14:14:23 +0000 UTC |

Live-Hack-CVE/CVE-2023-23559 In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:16 +0000 UTC Push: 2023-01-13 14:14:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-48258 In Eternal Terminal 6.2.1, etserver and etclient have world-readable logfiles. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:12 +0000 UTC Push: 2023-01-13 14:14:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-48257 In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:08 +0000 UTC Push: 2023-01-13 14:14:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-48256 Technitium DNS Server before 10.0 allows a self-CNAME denial-of-service attack in which a CNAME loop causes an answer to contain hundreds of records. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:04 +0000 UTC Push: 2023-01-13 14:14:07 +0000 UTC |