Live-Hack-CVE/CVE-2022-46610 72crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. CVE project by @Sn0wAlice Create: 2023-01-10 23:23:44 +0000 UTC Push: 2023-01-10 23:23:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-3792 This issue affects: Terminal Operating System versions before 5.0.13 CVE project by @Sn0wAlice Create: 2023-01-10 23:23:37 +0000 UTC Push: 2023-01-10 23:23:40 +0000 UTC |

Live-Hack-CVE/CVE-2021-44014 A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to CVE project by @Sn0wAlice Create: 2023-01-10 22:18:11 +0000 UTC Push: 2023-01-10 22:18:14 +0000 UTC |

Live-Hack-CVE/CVE-2021-44002 A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute c CVE project by @Sn0wAlice Create: 2023-01-10 22:18:06 +0000 UTC Push: 2023-01-10 22:18:10 +0000 UTC |

Live-Hack-CVE/CVE-2022-47967 A vulnerability has been identified in Solid Edge (All versions < V2023 MP1). The DOCMGMT.DLL contains a memory corruption vulnerability that could be triggered while parsing files in different file formats such as PAR, ASM, DFT. This could allow an attacker to execute code in the context of the current process. CVE project by @Sn0wAlice Create: 2023-01-10 22:17:48 +0000 UTC Push: 2023-01-10 22:17:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-47935 A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a memory corruption vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the CVE project by @Sn0wAlice Create: 2023-01-10 22:17:43 +0000 UTC Push: 2023-01-10 22:17:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-46823 A vulnerability has been identified in Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.4), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.0 < V3.3.9), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.8). The affected module is vulnerable to reflected c CVE project by @Sn0wAlice Create: 2023-01-10 22:17:39 +0000 UTC Push: 2023-01-10 22:17:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-45094 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially inject commands into the dhcpd configuration of the affected product. An attacker might leverage this to trig CVE project by @Sn0wAlice Create: 2023-01-10 22:17:34 +0000 UTC Push: 2023-01-10 22:17:37 +0000 UTC |

Live-Hack-CVE/CVE-2022-45093 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product as well as with access to the SFTP server of the affected product (22/tcp), could potentially read and write arbitrary files fro CVE project by @Sn0wAlice Create: 2023-01-10 22:17:29 +0000 UTC Push: 2023-01-10 22:17:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-45092 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigg CVE project by @Sn0wAlice Create: 2023-01-10 22:17:25 +0000 UTC Push: 2023-01-10 22:17:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-43514 A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4). The affected component does not correctly validate the root path on folder related operations, allowing to modify files and folders outside the intended root directory. This CVE project by @Sn0wAlice Create: 2023-01-10 22:17:20 +0000 UTC Push: 2023-01-10 22:17:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-43513 A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4). The affected components allow to rename license files with user chosen input without authentication. This could allow an unauthenticated remote attacker to rename and move f CVE project by @Sn0wAlice Create: 2023-01-10 22:17:15 +0000 UTC Push: 2023-01-10 22:17:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-38773 Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-01-10 22:17:10 +0000 UTC Push: 2023-01-10 22:17:12 +0000 UTC |

Live-Hack-CVE/CVE-2023-22903 api/views/user.py in LibrePhotos before e19e539 has incorrect access control. CVE project by @Sn0wAlice Create: 2023-01-10 20:06:55 +0000 UTC Push: 2023-01-10 20:06:58 +0000 UTC |

Live-Hack-CVE/CVE-2021-46871 tag.ex in Phoenix Phoenix.HTML (aka phoenix_html) before 3.0.4 allows XSS in HEEx class attributes. CVE project by @Sn0wAlice Create: 2023-01-10 20:06:50 +0000 UTC Push: 2023-01-10 20:06:54 +0000 UTC |

Live-Hack-CVE/CVE-2017-20166 Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between is_nil and raise. CVE project by @Sn0wAlice Create: 2023-01-10 20:06:46 +0000 UTC Push: 2023-01-10 20:06:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-48251 ** DISPUTED ** The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. NOTE: the vendor reportedly offers the position "while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture." CVE project by @Sn0wAlice Create: 2023-01-10 20:06:41 +0000 UTC Push: 2023-01-10 20:06:44 +0000 UTC |

Live-Hack-CVE/CVE-2023-22911 An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context. CVE project by @Sn0wAlice Create: 2023-01-10 20:06:37 +0000 UTC Push: 2023-01-10 20:06:40 +0000 UTC |

Live-Hack-CVE/CVE-2023-22909 An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow. CVE project by @Sn0wAlice Create: 2023-01-10 20:06:32 +0000 UTC Push: 2023-01-10 20:06:35 +0000 UTC |

Live-Hack-CVE/CVE-2022-4429 Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78 CVE project by @Sn0wAlice Create: 2023-01-10 20:06:27 +0000 UTC Push: 2023-01-10 20:06:30 +0000 UTC |