Live-Hack-CVE/CVE-2022-46181 Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts **if** another user opened a link. The attacker could potentially take CVE project by @Sn0wAlice Create: 2023-01-10 05:43:02 +0000 UTC Push: 2023-01-10 05:43:05 +0000 UTC |

Live-Hack-CVE/CVE-2021-20784 HTTP header injection vulnerability in Everything all versions except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product via unspecified vectors. CVE project by @Sn0wAlice Create: 2023-01-10 05:42:53 +0000 UTC Push: 2023-01-10 05:42:56 +0000 UTC |

Live-Hack-CVE/CVE-2018-25059 A vulnerability was found in pastebinit up to 0.2.2 and classified as problematic. Affected by this issue is the function pasteHandler of the file server.go. The manipulation of the argument r.URL.Path leads to path traversal. Upgrading to version 0.2.3 is able to address this issue. The name of the patch is 1af2facb6d CVE project by @Sn0wAlice Create: 2023-01-10 03:32:43 +0000 UTC Push: 2023-01-10 03:32:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-4857 A vulnerability was found in Modbus Tools Modbus Poll up to 9.10.0 and classified as critical. Affected by this issue is some unknown functionality of the file mbpoll.exe of the component mbp File Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to CVE project by @Sn0wAlice Create: 2023-01-10 03:32:38 +0000 UTC Push: 2023-01-10 03:32:41 +0000 UTC |

Live-Hack-CVE/CVE-2022-4856 A vulnerability has been found in Modbus Tools Modbus Slave up to 7.5.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file mbslave.exe of the component mbs File Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been d CVE project by @Sn0wAlice Create: 2023-01-10 03:32:32 +0000 UTC Push: 2023-01-10 03:32:35 +0000 UTC |

Live-Hack-CVE/CVE-2022-4855 A vulnerability, which was classified as critical, was found in SourceCodester Lead Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public a CVE project by @Sn0wAlice Create: 2023-01-10 03:32:21 +0000 UTC Push: 2023-01-10 03:32:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-48194 TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate. CVE project by @Sn0wAlice Create: 2023-01-10 03:32:14 +0000 UTC Push: 2023-01-10 03:32:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-36437 The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connection. The affected Hazelcast versions are through 4.0.6, 4.1.9, 4.2.5, 5.0.3, and 5.1.2. The affected Hazelcast Jet version CVE project by @Sn0wAlice Create: 2023-01-10 03:32:09 +0000 UTC Push: 2023-01-10 03:32:12 +0000 UTC |

Live-Hack-CVE/CVE-2022-23508 Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses for synchronizing files CVE project by @Sn0wAlice Create: 2023-01-10 00:14:27 +0000 UTC Push: 2023-01-10 00:14:30 +0000 UTC |

Live-Hack-CVE/CVE-2023-22472 Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. (e.g. in an email, chat link, etc). There are curr CVE project by @Sn0wAlice Create: 2023-01-10 00:14:22 +0000 UTC Push: 2023-01-10 00:14:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-23509 Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps Run and the local S3 b CVE project by @Sn0wAlice Create: 2023-01-10 00:14:17 +0000 UTC Push: 2023-01-10 00:14:21 +0000 UTC |

Live-Hack-CVE/CVE-2022-46173 Elrond-GO is a go implementation for the Elrond Network protocol. Versions prior to 1.3.50 are subject to a processing issue where nodes are affected when trying to process a cross-shard relayed transaction with a smart contract deploy transaction data. The problem was a bad correlation between the transaction caches a CVE project by @Sn0wAlice Create: 2023-01-10 00:14:13 +0000 UTC Push: 2023-01-10 00:14:16 +0000 UTC |

Live-Hack-CVE/CVE-2021-4311 A vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerability affects unknown code of the component XML Handler. The manipulation leads to xml external entity reference. The name of the patch is 31d442b9fb1d518128fd18f6e4d54e06c3d67793. It is recommended to apply a patch to fix t CVE project by @Sn0wAlice Create: 2023-01-09 22:04:01 +0000 UTC Push: 2023-01-09 22:04:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-46769 An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4 CVE project by @Sn0wAlice Create: 2023-01-09 22:03:56 +0000 UTC Push: 2023-01-09 22:04:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-2196 A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute cod CVE project by @Sn0wAlice Create: 2023-01-09 22:03:51 +0000 UTC Push: 2023-01-09 22:03:54 +0000 UTC |

th3-5had0w/CVE-2022-2602-Study Create: 2023-01-09 21:21:02 +0000 UTC Push: 2023-01-09 21:21:03 +0000 UTC |

Live-Hack-CVE/CVE-2022-33276 Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command. CVE project by @Sn0wAlice Create: 2023-01-09 19:54:10 +0000 UTC Push: 2023-01-09 19:54:12 +0000 UTC |

Live-Hack-CVE/CVE-2022-33274 Memory corruption in android core due to improper validation of array index while returning feature ids after license authentication. CVE project by @Sn0wAlice Create: 2023-01-09 19:54:05 +0000 UTC Push: 2023-01-09 19:54:08 +0000 UTC |

Live-Hack-CVE/CVE-2022-33255 Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device. CVE project by @Sn0wAlice Create: 2023-01-09 19:54:00 +0000 UTC Push: 2023-01-09 19:54:04 +0000 UTC |

Live-Hack-CVE/CVE-2022-33266 Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modified content. CVE project by @Sn0wAlice Create: 2023-01-09 19:53:56 +0000 UTC Push: 2023-01-09 19:53:59 +0000 UTC |