Live-Hack-CVE/CVE-2021-4300 A vulnerability has been found in ghostlander Halcyon and classified as critical. Affected by this vulnerability is the function CBlock::AddToBlockIndex of the file src/main.cpp of the component Block Verification. The manipulation leads to improper access controls. The attack can be launched remotely. Upgrading to ver CVE project by @Sn0wAlice Create: 2023-01-05 07:21:46 +0000 UTC Push: 2023-01-05 07:21:49 +0000 UTC |

Live-Hack-CVE/CVE-2023-0054 Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. CVE project by @Sn0wAlice Create: 2023-01-05 05:11:43 +0000 UTC Push: 2023-01-05 05:11:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-48217 ** DISPUTED ** The tf_remapper_node component 1.1.1 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled old_tf_topic_name and/or new_tf_topic_name CVE project by @Sn0wAlice Create: 2023-01-05 05:11:39 +0000 UTC Push: 2023-01-05 05:11:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-45052 A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the imageProxy.type.php endpoint, external users are capable of accessing files on the server. CVE project by @Sn0wAlice Create: 2023-01-05 05:11:34 +0000 UTC Push: 2023-01-05 05:11:37 +0000 UTC |

Live-Hack-CVE/CVE-2022-45051 A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The module parameter on the Service.template.cls endpoint does not properly neutralise user input, resulting in the vulnerability. CVE project by @Sn0wAlice Create: 2023-01-05 05:11:29 +0000 UTC Push: 2023-01-05 05:11:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-45049 A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The url parameter on the novelist.php endpoint does not properly neutralise user input, resulting in the vulnerability. CVE project by @Sn0wAlice Create: 2023-01-05 05:11:24 +0000 UTC Push: 2023-01-05 05:11:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-46456 NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c. CVE project by @Sn0wAlice Create: 2023-01-05 04:08:44 +0000 UTC Push: 2023-01-05 04:08:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-43920 IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter. IBM X-Force ID: 241362. CVE project by @Sn0wAlice Create: 2023-01-05 04:08:40 +0000 UTC Push: 2023-01-05 04:08:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-25926 Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization. CVE project by @Sn0wAlice Create: 2023-01-05 04:08:34 +0000 UTC Push: 2023-01-05 04:08:38 +0000 UTC |

Live-Hack-CVE/CVE-2022-22352 IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 22 CVE project by @Sn0wAlice Create: 2023-01-05 04:08:30 +0000 UTC Push: 2023-01-05 04:08:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-22338 IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 219510. CVE project by @Sn0wAlice Create: 2023-01-05 04:08:25 +0000 UTC Push: 2023-01-05 04:08:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-22337 IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could disclose sensitive information to an authenticated user. IBM X-Force ID: 219507. CVE project by @Sn0wAlice Create: 2023-01-05 04:08:21 +0000 UTC Push: 2023-01-05 04:08:24 +0000 UTC |

Live-Hack-CVE/CVE-2021-38928 IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 210323. CVE project by @Sn0wAlice Create: 2023-01-05 04:08:15 +0000 UTC Push: 2023-01-05 04:08:19 +0000 UTC |

g1vi/CVE-2006-3392-webmin-arbitrary-file-disclosure- Create: 2023-01-05 02:33:28 +0000 UTC Push: 2023-01-05 02:33:28 +0000 UTC |

g1vi/CVE-2006-3392 Webmin < 1.290 / Usermin < 1.220 - Arbitrary file disclosure Create: 2023-01-05 02:33:28 +0000 UTC Push: 2023-01-05 02:42:56 +0000 UTC |

Live-Hack-CVE/CVE-2023-22463 KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermore, they may use the adm CVE project by @Sn0wAlice Create: 2023-01-05 01:57:03 +0000 UTC Push: 2023-01-05 01:57:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-0049 Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. CVE project by @Sn0wAlice Create: 2023-01-05 01:56:59 +0000 UTC Push: 2023-01-05 01:57:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-48216 Uniswap Universal Router before 1.1.0 mishandles reentrancy. This would have allowed theft of funds. CVE project by @Sn0wAlice Create: 2023-01-05 01:56:54 +0000 UTC Push: 2023-01-05 01:56:57 +0000 UTC |

sudoninja-noob/CVE-2022-47102 Create: 2023-01-05 01:56:09 +0000 UTC Push: 2023-01-05 01:56:09 +0000 UTC |

sudoninja-noob/CVE-2022-46623 Create: 2023-01-05 01:54:29 +0000 UTC Push: 2023-01-05 01:54:53 +0000 UTC |