Live-Hack-CVE/CVE-2023-0139 Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low) CVE project by @Sn0wAlice Create: 2023-01-11 05:59:26 +0000 UTC Push: 2023-01-11 05:59:29 +0000 UTC |

Live-Hack-CVE/CVE-2023-0132 Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium) CVE project by @Sn0wAlice Create: 2023-01-11 05:59:22 +0000 UTC Push: 2023-01-11 05:59:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-0138 Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) CVE project by @Sn0wAlice Create: 2023-01-11 05:59:17 +0000 UTC Push: 2023-01-11 05:59:20 +0000 UTC |

Live-Hack-CVE/CVE-2023-0129 Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High) CVE project by @Sn0wAlice Create: 2023-01-11 05:59:13 +0000 UTC Push: 2023-01-11 05:59:16 +0000 UTC |

Live-Hack-CVE/CVE-2023-0137 Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE project by @Sn0wAlice Create: 2023-01-11 05:59:08 +0000 UTC Push: 2023-01-11 05:59:11 +0000 UTC |

Live-Hack-CVE/CVE-2023-0130 Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) CVE project by @Sn0wAlice Create: 2023-01-11 05:59:04 +0000 UTC Push: 2023-01-11 05:59:07 +0000 UTC |

Live-Hack-CVE/CVE-2023-0136 Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium) CVE project by @Sn0wAlice Create: 2023-01-11 05:58:59 +0000 UTC Push: 2023-01-11 05:59:03 +0000 UTC |

Live-Hack-CVE/CVE-2023-0128 Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE project by @Sn0wAlice Create: 2023-01-11 05:58:55 +0000 UTC Push: 2023-01-11 05:58:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-0135 Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) CVE project by @Sn0wAlice Create: 2023-01-11 05:58:52 +0000 UTC Push: 2023-01-11 05:58:54 +0000 UTC |

Live-Hack-CVE/CVE-2023-0134 Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) CVE project by @Sn0wAlice Create: 2023-01-11 05:58:47 +0000 UTC Push: 2023-01-11 05:58:50 +0000 UTC |

Live-Hack-CVE/CVE-2023-0133 Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium) CVE project by @Sn0wAlice Create: 2023-01-11 05:58:43 +0000 UTC Push: 2023-01-11 05:58:46 +0000 UTC |

Live-Hack-CVE/CVE-2023-0131 Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium) CVE project by @Sn0wAlice Create: 2023-01-11 05:58:38 +0000 UTC Push: 2023-01-11 05:58:41 +0000 UTC |

Live-Hack-CVE/CVE-2022-4636 Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002A-R, and ACR1020A-T is vulnerable to path traversal, which may allow an attacker to steal user credentials and other sensitive information through local file inclusion. CVE project by @Sn0wAlice Create: 2023-01-11 05:58:34 +0000 UTC Push: 2023-01-11 05:58:37 +0000 UTC |

Live-Hack-CVE/CVE-2022-45614 An issue in the /index.php/user/edit_user/ component of Book Store Management System v1.0 allows unauthenticated attackers to retrieve the password hashes of all existing user accounts via a crafted request. CVE project by @Sn0wAlice Create: 2023-01-11 05:58:30 +0000 UTC Push: 2023-01-11 05:58:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-31054 Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several `HandleRoute` endpoints make use of the deprecated `ioutil.ReadAll()`. `ioutil.ReadAll()` reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server will be able to CVE project by @Sn0wAlice Create: 2023-01-11 05:58:19 +0000 UTC Push: 2023-01-11 05:58:23 +0000 UTC |

Live-Hack-CVE/CVE-2022-4780 ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change. CVE project by @Sn0wAlice Create: 2023-01-11 03:49:06 +0000 UTC Push: 2023-01-11 03:49:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-44441 In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services. CVE project by @Sn0wAlice Create: 2023-01-11 03:49:00 +0000 UTC Push: 2023-01-11 03:49:01 +0000 UTC |

Live-Hack-CVE/CVE-2022-44442 In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. CVE project by @Sn0wAlice Create: 2023-01-11 03:48:52 +0000 UTC Push: 2023-01-11 03:48:56 +0000 UTC |

Live-Hack-CVE/CVE-2022-45875 Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. CVE project by @Sn0wAlice Create: 2023-01-11 03:48:48 +0000 UTC Push: 2023-01-11 03:48:51 +0000 UTC |

Live-Hack-CVE/CVE-2022-44430 In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services. CVE project by @Sn0wAlice Create: 2023-01-11 03:48:43 +0000 UTC Push: 2023-01-11 03:48:46 +0000 UTC |