Live-Hack-CVE/CVE-2022-32644 In vow, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494473; Issue ID: ALPS07494473. CVE project by @Sn0wAlice Create: 2023-01-04 08:08:00 +0000 UTC Push: 2023-01-04 08:08:04 +0000 UTC |

Live-Hack-CVE/CVE-2022-32641 In meta wifi, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453594; Issue ID: ALPS07453594. CVE project by @Sn0wAlice Create: 2023-01-04 08:07:56 +0000 UTC Push: 2023-01-04 08:07:59 +0000 UTC |

Live-Hack-CVE/CVE-2022-32640 In meta wifi, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441652; Issue ID: ALPS07441652. CVE project by @Sn0wAlice Create: 2023-01-04 08:07:51 +0000 UTC Push: 2023-01-04 08:07:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-32639 In watchdog, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494487; Issue ID: ALPS07494487. CVE project by @Sn0wAlice Create: 2023-01-04 08:07:47 +0000 UTC Push: 2023-01-04 08:07:50 +0000 UTC |

Live-Hack-CVE/CVE-2022-32638 In isp, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494449; Issue ID: ALPS07494449. CVE project by @Sn0wAlice Create: 2023-01-04 08:07:42 +0000 UTC Push: 2023-01-04 08:07:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-32637 In hevc decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07491374; Issue ID: ALPS07491374. CVE project by @Sn0wAlice Create: 2023-01-04 08:07:37 +0000 UTC Push: 2023-01-04 08:07:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-32636 In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07510064. CVE project by @Sn0wAlice Create: 2023-01-04 08:07:33 +0000 UTC Push: 2023-01-04 08:07:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-32635 In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573237; Issue ID: ALPS07573237. CVE project by @Sn0wAlice Create: 2023-01-04 08:07:29 +0000 UTC Push: 2023-01-04 08:07:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-32623 In mdp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342114; Issue ID: ALPS07342114. CVE project by @Sn0wAlice Create: 2023-01-04 08:07:24 +0000 UTC Push: 2023-01-04 08:07:27 +0000 UTC |

Live-Hack-CVE/CVE-2022-23506 Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposure of sensitive AWS cred CVE project by @Sn0wAlice Create: 2023-01-04 08:07:19 +0000 UTC Push: 2023-01-04 08:07:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-38723 Gravitee API Management before 3.15.13 allows path traversal through HTML injection. CVE project by @Sn0wAlice Create: 2023-01-04 08:07:11 +0000 UTC Push: 2023-01-04 08:07:14 +0000 UTC |

Live-Hack-CVE/CVE-2022-2967 Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5 and prior do not sufficiently protect credentials, which could allow an attacker to obtain user credentials and gain access to system data. CVE project by @Sn0wAlice Create: 2023-01-04 08:07:05 +0000 UTC Push: 2023-01-04 08:07:10 +0000 UTC |

Live-Hack-CVE/CVE-2023-22456 ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise CVE project by @Sn0wAlice Create: 2023-01-04 05:54:25 +0000 UTC Push: 2023-01-04 05:54:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-45143 The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output. CVE project by @Sn0wAlice Create: 2023-01-04 05:54:21 +0000 UTC Push: 2023-01-04 05:54:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-45867 MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authenticated users, with high privileges, to achieve local file inclusion and execution. CVE project by @Sn0wAlice Create: 2023-01-04 05:54:12 +0000 UTC Push: 2023-01-04 05:54:15 +0000 UTC |

not1cyyy/CVE-2018-16763 CVE-2018-16763 FuelCMS 1.4 Remote Code Execution, this version of FuelCMS is still vulnerable until now Create: 2023-01-04 04:47:08 +0000 UTC Push: 2023-01-04 04:47:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-42471 An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary headers. CVE project by @Sn0wAlice Create: 2023-01-04 03:44:18 +0000 UTC Push: 2023-01-04 03:44:21 +0000 UTC |

Live-Hack-CVE/CVE-2022-41336 An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiPortal versions 6.0.0 through 6.0.11 and all versions of 5.3, 5.2, 5.1, 5.0 management interface may allow a remote authenticated attacker to perform a stored cross site scripting (XSS) attack via sending request with speciall CVE project by @Sn0wAlice Create: 2023-01-04 03:44:13 +0000 UTC Push: 2023-01-04 03:44:16 +0000 UTC |

Live-Hack-CVE/CVE-2022-39947 A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.2, FortiADC version 6.2.0 through 6.2.3, FortiADC version version 6.1.0 through 6.1.6, FortiADC version 6.0.0 through 6.0.4, FortiADC version 5.4.0 through 5.4.5 may allow an attac CVE project by @Sn0wAlice Create: 2023-01-04 03:44:09 +0000 UTC Push: 2023-01-04 03:44:12 +0000 UTC |

Live-Hack-CVE/CVE-2022-35845 Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell. CVE project by @Sn0wAlice Create: 2023-01-04 03:44:04 +0000 UTC Push: 2023-01-04 03:44:07 +0000 UTC |