Live-Hack-CVE/CVE-2022-46305 ChangingTec ServiSign component has a path traversal vulnerability. An unauthenticated LAN attacker can exploit this vulnerability to bypass authentication and access arbitrary system files. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:24 +0000 UTC Push: 2023-01-03 14:38:27 +0000 UTC |

Live-Hack-CVE/CVE-2022-46304 ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary system command to perfor CVE project by @Sn0wAlice Create: 2023-01-03 14:38:20 +0000 UTC Push: 2023-01-03 14:38:23 +0000 UTC |

Live-Hack-CVE/CVE-2022-43448 Out-of-bounds write vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:16 +0000 UTC Push: 2023-01-03 14:38:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-43438 The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access restrictions, to make API functions calls, manipulate system and terminate service. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:12 +0000 UTC Push: 2023-01-03 14:38:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-43437 The Download function’s parameter of EasyTest has insufficient validation for user input. A remote attacker authenticated as a general user can inject arbitrary SQL command to access, modify or delete database. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:08 +0000 UTC Push: 2023-01-03 14:38:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-43436 The File Upload function of EasyTest has insufficient filtering for special characters and file type. A remote attacker authenticated as a general user can upload and execute arbitrary files, to manipulate system or disrupt service. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:04 +0000 UTC Push: 2023-01-03 14:38:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-41645 Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. CVE project by @Sn0wAlice Create: 2023-01-03 14:38:00 +0000 UTC Push: 2023-01-03 14:38:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-40740 Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticated as an administrator can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service. CVE project by @Sn0wAlice Create: 2023-01-03 14:37:56 +0000 UTC Push: 2023-01-03 14:37:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-39042 aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service. CVE project by @Sn0wAlice Create: 2023-01-03 14:37:51 +0000 UTC Push: 2023-01-03 14:37:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-39041 aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database. CVE project by @Sn0wAlice Create: 2023-01-03 14:37:47 +0000 UTC Push: 2023-01-03 14:37:50 +0000 UTC |

Live-Hack-CVE/CVE-2022-39040 aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. CVE project by @Sn0wAlice Create: 2023-01-03 14:37:43 +0000 UTC Push: 2023-01-03 14:37:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-39039 aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTP(s) request to launch Server-Side Request Forgery (SSRF) attack, to perform arbitrary system command or disrupt service. CVE project by @Sn0wAlice Create: 2023-01-03 14:37:39 +0000 UTC Push: 2023-01-03 14:37:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-43931 Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors. CVE project by @Sn0wAlice Create: 2023-01-03 14:37:34 +0000 UTC Push: 2023-01-03 14:37:37 +0000 UTC |

Trinadh465/frameworks_minikin_AOSP10_r33-CVE-2022-20473 Create: 2023-01-03 12:51:12 +0000 UTC Push: 2023-01-03 12:51:12 +0000 UTC |

wh-gov/CVE-2022-46366 CVE-2022-46366 Create: 2023-01-03 12:04:29 +0000 UTC Push: 2023-01-03 12:04:30 +0000 UTC |

Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20470 Create: 2023-01-03 11:43:46 +0000 UTC Push: 2023-01-03 11:43:46 +0000 UTC |

LalieA/CVE-2021-46398 A Proof of Concept for the CVE-2021-46398 flaw exploitation Create: 2023-01-03 09:49:22 +0000 UTC Push: 2023-09-10 23:04:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-4025 Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low) CVE project by @Sn0wAlice Create: 2023-01-03 09:12:30 +0000 UTC Push: 2023-01-03 09:12:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-3863 Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) CVE project by @Sn0wAlice Create: 2023-01-03 09:12:25 +0000 UTC Push: 2023-01-03 09:12:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-3842 Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE project by @Sn0wAlice Create: 2023-01-03 09:12:21 +0000 UTC Push: 2023-01-03 09:12:24 +0000 UTC |