Live-Hack-CVE/CVE-2023-0087 The Swifty Page Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘spm_plugin_options_page_tree_max_width’ parameter in versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator- CVE project by @Sn0wAlice Create: 2023-01-06 05:22:26 +0000 UTC Push: 2023-01-06 05:22:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-23549 Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta15 on the `beta` and `tests-passed` branches, users can create posts with raw body longer than the `max_length` site setting by including html comments that are not counted toward the character limit. CVE project by @Sn0wAlice Create: 2023-01-06 05:22:21 +0000 UTC Push: 2023-01-06 05:22:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-23548 Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible to XSS attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds. CVE project by @Sn0wAlice Create: 2023-01-06 05:22:17 +0000 UTC Push: 2023-01-06 05:22:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-23546 In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue. CVE project by @Sn0wAlice Create: 2023-01-06 05:22:12 +0000 UTC Push: 2023-01-06 05:22:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-4724 Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5. CVE project by @Sn0wAlice Create: 2023-01-06 05:22:04 +0000 UTC Push: 2023-01-06 05:22:07 +0000 UTC |

Live-Hack-CVE/CVE-2022-4435 A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. CVE project by @Sn0wAlice Create: 2023-01-06 04:16:50 +0000 UTC Push: 2023-01-06 04:16:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-4434 A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a local attacker with elevated privileges to cause information disclosure. CVE project by @Sn0wAlice Create: 2023-01-06 04:16:45 +0000 UTC Push: 2023-01-06 04:16:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-4433 A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. CVE project by @Sn0wAlice Create: 2023-01-06 04:16:40 +0000 UTC Push: 2023-01-06 04:16:44 +0000 UTC |

Live-Hack-CVE/CVE-2022-4432 A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. CVE project by @Sn0wAlice Create: 2023-01-06 04:16:35 +0000 UTC Push: 2023-01-06 04:16:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-46168 Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta15 on the `beta` and `tests-passed` branches, recipients of a group SMTP email could see the email addresses of all other users inside the group SMTP topic. Most of the time this is not an issue as th CVE project by @Sn0wAlice Create: 2023-01-06 04:16:31 +0000 UTC Push: 2023-01-06 04:16:34 +0000 UTC |

Live-Hack-CVE/CVE-2022-43844 IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak. IBM X-Force ID: 239081. CVE project by @Sn0wAlice Create: 2023-01-06 04:16:26 +0000 UTC Push: 2023-01-06 04:16:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-43573 IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects. IBM X-Force ID: 238678. CVE project by @Sn0wAlice Create: 2023-01-06 04:16:22 +0000 UTC Push: 2023-01-06 04:16:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-41740 IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053. CVE project by @Sn0wAlice Create: 2023-01-06 04:16:17 +0000 UTC Push: 2023-01-06 04:16:21 +0000 UTC |

Live-Hack-CVE/CVE-2022-4730 A vulnerability was found in Graphite Web. It has been classified as problematic. Affected is an unknown function of the component Absolute Time Range Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The CVE project by @Sn0wAlice Create: 2023-01-06 04:16:02 +0000 UTC Push: 2023-01-06 04:16:06 +0000 UTC |

yaudahbanh/CVE-2022-29455 Mass Scanner for CVE-2022-29455 on Elementor Plugins Wordpress Create: 2023-01-06 02:29:47 +0000 UTC Push: 2023-01-06 02:30:07 +0000 UTC |

Live-Hack-CVE/CVE-2014-125041 A vulnerability classified as critical was found in Miccighel PR-CWT. This vulnerability affects unknown code. The manipulation leads to sql injection. The name of the patch is e412127d07004668e5a213932c94807d87067a1f. It is recommended to apply a patch to fix this issue. VDB-217486 is the identifier assigned to this v CVE project by @Sn0wAlice Create: 2023-01-06 02:06:06 +0000 UTC Push: 2023-01-06 02:06:09 +0000 UTC |

Live-Hack-CVE/CVE-2021-32563 An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution. CVE project by @Sn0wAlice Create: 2023-01-06 02:05:57 +0000 UTC Push: 2023-01-06 02:06:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-4378 A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE project by @Sn0wAlice Create: 2023-01-06 02:05:51 +0000 UTC Push: 2023-01-06 02:05:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-47663 GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow in h263dmx_process filters/reframe_h263.c:609 CVE project by @Sn0wAlice Create: 2023-01-06 02:05:46 +0000 UTC Push: 2023-01-06 02:05:50 +0000 UTC |

Live-Hack-CVE/CVE-2022-47662 GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursion in Media_GetSample isomedia/media.c:662 CVE project by @Sn0wAlice Create: 2023-01-06 02:05:42 +0000 UTC Push: 2023-01-06 02:05:45 +0000 UTC |