Live-Hack-CVE/CVE-2020-36643 A vulnerability was found in intgr uqm-wasm. It has been classified as critical. This affects the function log_displayBox in the library sc2/src/libs/log/msgbox_macosx.m. The manipulation leads to format string. The name of the patch is 1d5cbf3350a02c423ad6bef6dfd5300d38aa828f. It is recommended to apply a patch to fix CVE project by @Sn0wAlice Create: 2023-01-07 03:21:10 +0000 UTC Push: 2023-01-07 03:21:13 +0000 UTC |

Live-Hack-CVE/CVE-2014-125051 A vulnerability was found in himiklab yii2-jqgrid-widget up to 1.0.7. It has been declared as critical. This vulnerability affects the function addSearchOptionsRecursively of the file JqGridAction.php. The manipulation leads to sql injection. Upgrading to version 1.0.8 is able to address this issue. The name of the pat CVE project by @Sn0wAlice Create: 2023-01-07 03:21:05 +0000 UTC Push: 2023-01-07 03:21:08 +0000 UTC |

Live-Hack-CVE/CVE-2014-125050 A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The name of the patch is 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch to fix this issue. VDB-21 CVE project by @Sn0wAlice Create: 2023-01-07 03:21:01 +0000 UTC Push: 2023-01-07 03:21:04 +0000 UTC |

Live-Hack-CVE/CVE-2020-36562 Due to unchecked type assertions, maliciously crafted messages can cause panics, which may be used as a denial of service vector. CVE project by @Sn0wAlice Create: 2023-01-07 03:20:57 +0000 UTC Push: 2023-01-07 03:21:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-46172 authentik is an open-source Identity provider focused on flexibility and versatility. In versions prior to 2022.10.4, and 2022.11.4, any authenticated user can create an arbitrary number of accounts through the default flows. This would circumvent any policy in a situation where it is undesirable for users to create ne CVE project by @Sn0wAlice Create: 2023-01-07 03:20:53 +0000 UTC Push: 2023-01-07 03:20:56 +0000 UTC |

Live-Hack-CVE/CVE-2022-41967 Dragonfly is a Java runtime dependency management library. Dragonfly v0.3.0-SNAPSHOT does not configure DocumentBuilderFactory to prevent XML external entity (XXE) attacks. This issue is patched in 0.3.1-SNAPSHOT. As a workaround, since Dragonfly only parses XML `SNAPSHOT` versions are being resolved, this vulnerabilit CVE project by @Sn0wAlice Create: 2023-01-07 03:20:49 +0000 UTC Push: 2023-01-07 03:20:52 +0000 UTC |

Live-Hack-CVE/CVE-2020-36563 XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input. CVE project by @Sn0wAlice Create: 2023-01-07 03:20:44 +0000 UTC Push: 2023-01-07 03:20:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-4773 ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in cloudsync. Affected by this vulnerability is the function getItem of the file src/main/java/cloudsync/connector/LocalFilesystemConnector.java. The manipulation leads to path traversal. It is possible t CVE project by @Sn0wAlice Create: 2023-01-07 03:20:40 +0000 UTC Push: 2023-01-07 03:20:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-4779 StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected. CVE project by @Sn0wAlice Create: 2023-01-07 03:20:34 +0000 UTC Push: 2023-01-07 03:20:38 +0000 UTC |

Live-Hack-CVE/CVE-2018-25054 A vulnerability was found in shred cilla. It has been classified as problematic. Affected is an unknown function of the file cilla-xample/src/main/webapp/WEB-INF/jsp/view/search.jsp of the component Search Handler. The manipulation of the argument details leads to cross site scripting. It is possible to launch the atta CVE project by @Sn0wAlice Create: 2023-01-07 03:20:30 +0000 UTC Push: 2023-01-07 03:20:33 +0000 UTC |

Live-Hack-CVE/CVE-2019-25092 A vulnerability classified as problematic was found in Nakiami Mellivora up to 2.1.x. Affected by this vulnerability is the function print_user_ip_log of the file include/layout/user.inc.php of the component Admin Panel. The manipulation of the argument $entry['ip'] leads to cross site scripting. The attack can be laun CVE project by @Sn0wAlice Create: 2023-01-07 03:20:26 +0000 UTC Push: 2023-01-07 03:20:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-4817 A vulnerability was found in centic9 jgit-cookbook. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insecure temporary file. The attack can be initiated remotely. The name of the patch is b8cb29b43dc704708d598c60ac1881db7cf8e9c3. It is recommended to apply a patch CVE project by @Sn0wAlice Create: 2023-01-07 03:20:21 +0000 UTC Push: 2023-01-07 03:20:24 +0000 UTC |

Live-Hack-CVE/CVE-2017-20150 A vulnerability was found in challenge website. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is f1644b1d3502e5aa5284f31ea80d2623817f4d42. It is recommended to apply a patch to fix this issue. The identifier VDB-216989 was assig CVE project by @Sn0wAlice Create: 2023-01-07 03:20:17 +0000 UTC Push: 2023-01-07 03:20:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-23555 authentik is an open-source Identity Provider focused on flexibility and versatility. Versions prior to 2022.11.4 and 2022.10.4 are vulnerable to Improper Authentication. Token reuse in invitation URLs leads to access control bypass via the use of a different enrollment flow than in the one provided. The vulnerability CVE project by @Sn0wAlice Create: 2023-01-07 03:20:12 +0000 UTC Push: 2023-01-07 03:20:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-4823 A vulnerability, which was classified as problematic, was found in InSTEDD Nuntium. Affected is an unknown function of the file app/controllers/geopoll_controller.rb. The manipulation of the argument signature leads to observable timing discrepancy. It is possible to launch the attack remotely. The name of the patch is CVE project by @Sn0wAlice Create: 2023-01-07 03:20:08 +0000 UTC Push: 2023-01-07 03:20:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-4860 A vulnerability was found in KBase Metrics. It has been classified as critical. This affects the function upload_user_data of the file source/daily_cron_jobs/methods_upload_user_stats.py. The manipulation leads to sql injection. The name of the patch is 959dfb6b05991e30b0fa972a1ecdcaae8e1dae6d. It is recommended to app CVE project by @Sn0wAlice Create: 2023-01-07 03:20:04 +0000 UTC Push: 2023-01-07 03:20:07 +0000 UTC |

Live-Hack-CVE/CVE-2022-4861 Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource. CVE project by @Sn0wAlice Create: 2023-01-07 03:20:00 +0000 UTC Push: 2023-01-07 03:20:03 +0000 UTC |

viardant/CVE-2022-0739 Exploit for WP BookingPress (< 1.0.11) based on destr4ct POC. Create: 2023-01-07 03:07:11 +0000 UTC Push: 2023-01-07 03:07:12 +0000 UTC |

Live-Hack-CVE/CVE-2020-7118 CVE was unused by HPE. CVE project by @Sn0wAlice Create: 2023-01-07 02:15:05 +0000 UTC Push: 2023-01-07 02:15:09 +0000 UTC |

Live-Hack-CVE/CVE-2020-7112 CVE was unused by HPE. CVE project by @Sn0wAlice Create: 2023-01-07 02:15:01 +0000 UTC Push: 2023-01-07 02:15:04 +0000 UTC |