Live-Hack-CVE/CVE-2022-2743 Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High) CVE project by @Sn0wAlice Create: 2023-01-03 09:12:17 +0000 UTC Push: 2023-01-03 09:12:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-2742 Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chrome security severity: High) CVE project by @Sn0wAlice Create: 2023-01-03 09:12:12 +0000 UTC Push: 2023-01-03 09:12:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-0801 Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium) CVE project by @Sn0wAlice Create: 2023-01-03 09:12:08 +0000 UTC Push: 2023-01-03 09:12:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-0337 Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. (Chrome security severity: High) CVE project by @Sn0wAlice Create: 2023-01-03 09:12:05 +0000 UTC Push: 2023-01-03 09:12:07 +0000 UTC |

Live-Hack-CVE/CVE-2021-30558 Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chrome security severity: Medium) CVE project by @Sn0wAlice Create: 2023-01-03 09:12:01 +0000 UTC Push: 2023-01-03 09:12:03 +0000 UTC |

Live-Hack-CVE/CVE-2021-21200 Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low) CVE project by @Sn0wAlice Create: 2023-01-03 09:11:56 +0000 UTC Push: 2023-01-03 09:11:59 +0000 UTC |

Live-Hack-CVE/CVE-2019-13768 Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: High) CVE project by @Sn0wAlice Create: 2023-01-03 09:11:52 +0000 UTC Push: 2023-01-03 09:11:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-3460 In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview. CVE project by @Sn0wAlice Create: 2023-01-03 09:11:48 +0000 UTC Push: 2023-01-03 09:11:51 +0000 UTC |

Live-Hack-CVE/CVE-2022-4324 The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog. CVE project by @Sn0wAlice Create: 2023-01-03 08:07:06 +0000 UTC Push: 2023-01-03 08:07:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-4302 The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. CVE project by @Sn0wAlice Create: 2023-01-03 08:07:03 +0000 UTC Push: 2023-01-03 08:07:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-4298 The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server. CVE project by @Sn0wAlice Create: 2023-01-03 08:06:58 +0000 UTC Push: 2023-01-03 08:07:01 +0000 UTC |

Live-Hack-CVE/CVE-2022-4297 The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection CVE project by @Sn0wAlice Create: 2023-01-03 08:06:55 +0000 UTC Push: 2023-01-03 08:06:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-4260 The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVE project by @Sn0wAlice Create: 2023-01-03 08:06:51 +0000 UTC Push: 2023-01-03 08:06:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-4256 The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) CVE project by @Sn0wAlice Create: 2023-01-03 08:06:48 +0000 UTC Push: 2023-01-03 08:06:50 +0000 UTC |

Live-Hack-CVE/CVE-2022-4237 The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in file_exist() functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation when they can upload a file and a suitable g CVE project by @Sn0wAlice Create: 2023-01-03 08:06:44 +0000 UTC Push: 2023-01-03 08:06:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-4236 The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server. CVE project by @Sn0wAlice Create: 2023-01-03 08:06:41 +0000 UTC Push: 2023-01-03 08:06:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-4200 The Login with Cognito WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVE project by @Sn0wAlice Create: 2023-01-03 08:06:37 +0000 UTC Push: 2023-01-03 08:06:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-4198 The WP Social Sharing WordPress plugin through 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVE project by @Sn0wAlice Create: 2023-01-03 08:06:33 +0000 UTC Push: 2023-01-03 08:06:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-4142 The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6 does not properly escape the filters passed in the ufg_gallery_filters ajax action before outputting them on the page, allowing a high privileged user such as an administrator to inject HTML or javascript to the plugin settings page, even when the unfilt CVE project by @Sn0wAlice Create: 2023-01-03 08:06:29 +0000 UTC Push: 2023-01-03 08:06:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-4140 The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server CVE project by @Sn0wAlice Create: 2023-01-03 08:06:25 +0000 UTC Push: 2023-01-03 08:06:28 +0000 UTC |