Live-Hack-CVE/CVE-2023-0125 A vulnerability was found in Control iD Panel. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation of the argument Nome leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the p CVE project by @Sn0wAlice Create: 2023-01-10 07:54:34 +0000 UTC Push: 2023-01-10 07:54:37 +0000 UTC |

Live-Hack-CVE/CVE-2022-43973 An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vu CVE project by @Sn0wAlice Create: 2023-01-10 07:54:31 +0000 UTC Push: 2023-01-10 07:54:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-43972 A null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A null pointer dereference in the soap_action function within the upnp binary can be triggered by an unauthenticated attacker via a malicious POST request invoking the AddPortMapping action. CVE project by @Sn0wAlice Create: 2023-01-10 07:54:26 +0000 UTC Push: 2023-01-10 07:54:30 +0000 UTC |

Live-Hack-CVE/CVE-2022-43971 An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware <= 1.0.02 (build3). The do_setNTP function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can lever CVE project by @Sn0wAlice Create: 2023-01-10 07:54:22 +0000 UTC Push: 2023-01-10 07:54:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-43970 A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operati CVE project by @Sn0wAlice Create: 2023-01-10 07:54:18 +0000 UTC Push: 2023-01-10 07:54:21 +0000 UTC |

Live-Hack-CVE/CVE-2021-36603 Cross Site Scripting (XSS) in Tasmota firmware 6.5.0 allows remote attackers to inject JavaScript code via a crafted string in the field "Friendly Name 1". CVE project by @Sn0wAlice Create: 2023-01-10 07:54:12 +0000 UTC Push: 2023-01-10 07:54:15 +0000 UTC |

Live-Hack-CVE/CVE-2015-10035 A vulnerability was found in gperson angular-test-reporter and classified as critical. This issue affects the function getProjectTables/addTest of the file rest-server/data-server.js. The manipulation leads to sql injection. The name of the patch is a29d8ae121b46ebfa96a55a9106466ab2ef166ae. It is recommended to apply a CVE project by @Sn0wAlice Create: 2023-01-10 07:54:08 +0000 UTC Push: 2023-01-10 07:54:11 +0000 UTC |

Live-Hack-CVE/CVE-2015-10034 A vulnerability has been found in j-nowak workout-organizer and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. The name of the patch is 13cd6c3d1210640bfdb39872b2bb3597aa991279. It is recommended to apply a patch to fix this issue. VDB-217714 is the identifier CVE project by @Sn0wAlice Create: 2023-01-10 07:54:03 +0000 UTC Push: 2023-01-10 07:54:05 +0000 UTC |

Live-Hack-CVE/CVE-2015-10033 A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This affects an unknown part of the component Grade Handler. The manipulation leads to improper authorization. The name of the patch is 134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5. It is recommended to apply a patch to fix this issue. CVE project by @Sn0wAlice Create: 2023-01-10 07:53:58 +0000 UTC Push: 2023-01-10 07:54:01 +0000 UTC |

Live-Hack-CVE/CVE-2014-125071 A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected is the function messageReceived of the file src/gribbit/request/HttpRequestHandler.java. The manipulation leads to missing origin validation in websockets. The name of the patch is 620418df247aebda3dd4be1dda10fe229ea505dd. I CVE project by @Sn0wAlice Create: 2023-01-10 07:53:53 +0000 UTC Push: 2023-01-10 07:53:56 +0000 UTC |

Live-Hack-CVE/CVE-2014-125072 A vulnerability classified as critical has been found in CherishSin klattr. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is f8e4ecfbb83aef577011b0b4aebe96fb6ec557f1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is V CVE project by @Sn0wAlice Create: 2023-01-10 07:53:49 +0000 UTC Push: 2023-01-10 07:53:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-4369 The WP-Lister Lite for Amazon WordPress plugin before 2.4.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high-privilege users such as admin. CVE project by @Sn0wAlice Create: 2023-01-10 05:43:46 +0000 UTC Push: 2023-01-10 05:43:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-4351 The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin CVE project by @Sn0wAlice Create: 2023-01-10 05:43:42 +0000 UTC Push: 2023-01-10 05:43:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-4362 The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks CVE project by @Sn0wAlice Create: 2023-01-10 05:43:36 +0000 UTC Push: 2023-01-10 05:43:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-4340 The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference (IDOR) vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointment_id query parameter. CVE project by @Sn0wAlice Create: 2023-01-10 05:43:32 +0000 UTC Push: 2023-01-10 05:43:35 +0000 UTC |

Live-Hack-CVE/CVE-2022-4329 The Product list Widget for Woocommerce WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users (such as high privilege one like admin). CVE project by @Sn0wAlice Create: 2023-01-10 05:43:27 +0000 UTC Push: 2023-01-10 05:43:31 +0000 UTC |

Live-Hack-CVE/CVE-2022-4352 The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin CVE project by @Sn0wAlice Create: 2023-01-10 05:43:22 +0000 UTC Push: 2023-01-10 05:43:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-42270 NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated input may allow a local attacker to cause stack-based buffer overflow in kernel code, which may lead to escalation of privileges, compromised integrity and confidentiality, and denial of service. CVE project by @Sn0wAlice Create: 2023-01-10 05:43:16 +0000 UTC Push: 2023-01-10 05:43:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-42269 NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a highly privileged local attacker to cause information disclosure and compromise integrity. The scope of the impact can extend to other components. CVE project by @Sn0wAlice Create: 2023-01-10 05:43:09 +0000 UTC Push: 2023-01-10 05:43:13 +0000 UTC |

Live-Hack-CVE/CVE-2022-42266 NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can cause exposure of sensitive information to an actor that is not explicitly authorized to have access to that information, which may lead to limited inf CVE project by @Sn0wAlice Create: 2023-01-10 05:43:06 +0000 UTC Push: 2023-01-10 05:43:08 +0000 UTC |