Live-Hack-CVE/CVE-2022-1676 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-20 03:52:06 +0000 UTC Push: 2023-01-20 03:52:09 +0000 UTC |

Live-Hack-CVE/CVE-2020-1713 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-20 03:52:02 +0000 UTC Push: 2023-01-20 03:52:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-4874 Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a "fake login" to give the reques CVE project by @Sn0wAlice Create: 2023-01-20 03:51:58 +0000 UTC Push: 2023-01-20 03:52:01 +0000 UTC |

Live-Hack-CVE/CVE-2022-4873 On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location. CVE project by @Sn0wAlice Create: 2023-01-20 03:51:55 +0000 UTC Push: 2023-01-20 03:51:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-4415 A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. CVE project by @Sn0wAlice Create: 2023-01-20 03:51:51 +0000 UTC Push: 2023-01-20 03:51:53 +0000 UTC |

Live-Hack-CVE/CVE-2023-0406 Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. CVE project by @Sn0wAlice Create: 2023-01-20 03:51:45 +0000 UTC Push: 2023-01-20 03:51:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-47745 ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user, you can complete SQL injection by constructing a special request and sending it to function importNotice. CVE project by @Sn0wAlice Create: 2023-01-20 03:51:41 +0000 UTC Push: 2023-01-20 03:51:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-47740 Seltmann GmbH Content Management System 6 is vulnerable to SQL Injection via /index.php. CVE project by @Sn0wAlice Create: 2023-01-20 03:51:37 +0000 UTC Push: 2023-01-20 03:51:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-47197 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can sen CVE project by @Sn0wAlice Create: 2023-01-20 03:51:33 +0000 UTC Push: 2023-01-20 03:51:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-47196 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can sen CVE project by @Sn0wAlice Create: 2023-01-20 03:51:29 +0000 UTC Push: 2023-01-20 03:51:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-47195 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can sen CVE project by @Sn0wAlice Create: 2023-01-20 03:51:25 +0000 UTC Push: 2023-01-20 03:51:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-47194 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can sen CVE project by @Sn0wAlice Create: 2023-01-20 03:51:21 +0000 UTC Push: 2023-01-20 03:51:24 +0000 UTC |

Live-Hack-CVE/CVE-2020-25714 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-20 03:51:17 +0000 UTC Push: 2023-01-20 03:51:20 +0000 UTC |

Live-Hack-CVE/CVE-2020-25679 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-20 03:51:13 +0000 UTC Push: 2023-01-20 03:51:16 +0000 UTC |

Live-Hack-CVE/CVE-2020-1715 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-20 03:51:10 +0000 UTC Push: 2023-01-20 03:51:12 +0000 UTC |

Live-Hack-CVE/CVE-2020-10765 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-20 03:51:06 +0000 UTC Push: 2023-01-20 03:51:08 +0000 UTC |

Live-Hack-CVE/CVE-2020-10764 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-20 03:51:02 +0000 UTC Push: 2023-01-20 03:51:04 +0000 UTC |

Live-Hack-CVE/CVE-2020-10694 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-20 03:50:58 +0000 UTC Push: 2023-01-20 03:51:01 +0000 UTC |

Live-Hack-CVE/CVE-2020-10692 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-20 03:50:54 +0000 UTC Push: 2023-01-20 03:50:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-4543 A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems. CVE project by @Sn0wAlice Create: 2023-01-20 03:50:50 +0000 UTC Push: 2023-01-20 03:50:53 +0000 UTC |