Live-Hack-CVE/CVE-2022-45428 Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can obtain the debugging information. CVE project by @Sn0wAlice Create: 2023-01-05 15:12:33 +0000 UTC Push: 2023-01-05 15:12:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-45424 Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key. An attacker can obtain the AES crypto key by sending a specific crafted packet to the vulnerable interface. CVE project by @Sn0wAlice Create: 2023-01-05 15:12:29 +0000 UTC Push: 2023-01-05 15:12:30 +0000 UTC |

Live-Hack-CVE/CVE-2022-45433 Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the traceroute results. CVE project by @Sn0wAlice Create: 2023-01-05 15:12:24 +0000 UTC Push: 2023-01-05 15:12:27 +0000 UTC |

Live-Hack-CVE/CVE-2022-45429 Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules. CVE project by @Sn0wAlice Create: 2023-01-05 15:12:20 +0000 UTC Push: 2023-01-05 15:12:23 +0000 UTC |

Live-Hack-CVE/CVE-2022-2583 A race condition can cause incorrect HTTP request routing. CVE project by @Sn0wAlice Create: 2023-01-05 15:12:15 +0000 UTC Push: 2023-01-05 15:12:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-2582 The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it. CVE project by @Sn0wAlice Create: 2023-01-05 15:12:11 +0000 UTC Push: 2023-01-05 15:12:14 +0000 UTC |

Live-Hack-CVE/CVE-2021-4238 Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions. CVE project by @Sn0wAlice Create: 2023-01-05 15:12:07 +0000 UTC Push: 2023-01-05 15:12:10 +0000 UTC |

Live-Hack-CVE/CVE-2022-46178 MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.1 allow users to upload a file, but do not validate the file name, which may lead to upload file to any path. The vulnerability has been fixed in v2.5 CVE project by @Sn0wAlice Create: 2023-01-05 15:12:02 +0000 UTC Push: 2023-01-05 15:12:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-44137 SourceCodester Sanitization Management System 1.0 is vulnerable to SQL Injection. CVE project by @Sn0wAlice Create: 2023-01-05 15:11:57 +0000 UTC Push: 2023-01-05 15:12:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-45423 Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited). CVE project by @Sn0wAlice Create: 2023-01-05 15:11:51 +0000 UTC Push: 2023-01-05 15:11:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-45778 https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 <= 5.0.4.0 is vulnerable to Incorrect Access Control. There is a permission bypass vulnerability in the Hillstone WEB application firewall. An attacker can enter the background of the firewall with super administrator privileges through a configuration error i CVE project by @Sn0wAlice Create: 2023-01-05 15:11:47 +0000 UTC Push: 2023-01-05 15:11:50 +0000 UTC |

Live-Hack-CVE/CVE-2021-4236 Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets CVE project by @Sn0wAlice Create: 2023-01-05 15:11:42 +0000 UTC Push: 2023-01-05 15:11:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-23544 MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in `IssueProxyResourceService::getMdI CVE project by @Sn0wAlice Create: 2023-01-05 15:11:33 +0000 UTC Push: 2023-01-05 15:11:36 +0000 UTC |

nidhihcl/frameworks_base_AOSP_10_r33_CVE-2021-39696 Create: 2023-01-05 14:42:33 +0000 UTC Push: 2023-01-05 14:42:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-4876 A vulnerability was found in Kaltura mwEmbed up to 2.96.rc1 and classified as problematic. This issue affects some unknown processing of the file includes/DefaultSettings.php. The manipulation of the argument HTTP_X_FORWARDED_HOST leads to cross site scripting. The attack may be initiated remotely. Upgrading to version CVE project by @Sn0wAlice Create: 2023-01-05 09:33:13 +0000 UTC Push: 2023-01-05 09:33:16 +0000 UTC |

Live-Hack-CVE/CVE-2021-4302 A vulnerability was found in slackero phpwcms up to 1.9.26. It has been classified as problematic. This affects an unknown part of the component SVG File Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.9.27 is able to address this issue. Th CVE project by @Sn0wAlice Create: 2023-01-05 07:22:08 +0000 UTC Push: 2023-01-05 07:22:11 +0000 UTC |

Live-Hack-CVE/CVE-2023-22467 Luxon is a library for working with dates and times in JavaScript. On the 1.x branch prior to 1.38.1, the 2.x branch prior to 2.5.2, and the 3.x branch on 3.2.1, Luxon's `DateTime.fromRFC2822() has quadratic (N^2) complexity on some specific inputs. This causes a noticeable slowdown for inputs with lengths above 10k ch CVE project by @Sn0wAlice Create: 2023-01-05 07:22:03 +0000 UTC Push: 2023-01-05 07:22:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-22466 Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting `pipe_mode` will reset `reject_remote_clients` to `false`. If the application has previously configured `reject_remote_clients` to `t CVE project by @Sn0wAlice Create: 2023-01-05 07:21:59 +0000 UTC Push: 2023-01-05 07:22:02 +0000 UTC |

Live-Hack-CVE/CVE-2023-0055 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32. CVE project by @Sn0wAlice Create: 2023-01-05 07:21:55 +0000 UTC Push: 2023-01-05 07:21:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-4875 A vulnerability has been found in fossology and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument sql/VarValue leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 8e0eba001662c7eb35f045b70dd458a4643b4553. It is recommended to a CVE project by @Sn0wAlice Create: 2023-01-05 07:21:51 +0000 UTC Push: 2023-01-05 07:21:54 +0000 UTC |