Live-Hack-CVE/CVE-2022-37796 In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site Scripting(XSS). CVE project by @Sn0wAlice Create: 2022-12-30 02:56:04 +0000 UTC Push: 2022-12-30 02:56:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-35832 Windows Event Tracing Denial of Service Vulnerability. CVE project by @Sn0wAlice Create: 2022-12-30 02:14:36 +0000 UTC Push: 2022-12-30 02:14:38 +0000 UTC |

Live-Hack-CVE/CVE-2022-40663 This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TI CVE project by @Sn0wAlice Create: 2022-12-30 01:33:20 +0000 UTC Push: 2022-12-30 01:33:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-25688 Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables CVE project by @Sn0wAlice Create: 2022-12-30 00:51:22 +0000 UTC Push: 2022-12-30 00:51:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-30675 Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a vict CVE project by @Sn0wAlice Create: 2022-12-30 00:09:21 +0000 UTC Push: 2022-12-30 00:09:23 +0000 UTC |

Live-Hack-CVE/CVE-2022-40807 The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0 CVE project by @Sn0wAlice Create: 2022-12-29 23:27:40 +0000 UTC Push: 2022-12-29 23:27:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-34746 An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in th CVE project by @Sn0wAlice Create: 2022-12-29 22:46:07 +0000 UTC Push: 2022-12-29 22:46:09 +0000 UTC |

Live-Hack-CVE/CVE-2021-2475 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBo CVE project by @Sn0wAlice Create: 2022-12-29 22:04:12 +0000 UTC Push: 2022-12-29 22:04:14 +0000 UTC |

Live-Hack-CVE/CVE-2021-25460 An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService. CVE project by @Sn0wAlice Create: 2022-12-29 21:22:37 +0000 UTC Push: 2022-12-29 21:22:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-3074 The Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2022-12-29 20:40:31 +0000 UTC Push: 2022-12-29 20:40:33 +0000 UTC |

Live-Hack-CVE/CVE-2021-4052 Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. CVE project by @Sn0wAlice Create: 2022-12-29 19:54:25 +0000 UTC Push: 2022-12-29 19:54:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-29089 Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privilege CVE project by @Sn0wAlice Create: 2022-12-29 19:12:51 +0000 UTC Push: 2022-12-29 19:12:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-1388 On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (Eo CVE project by @Sn0wAlice Create: 2022-12-29 18:31:27 +0000 UTC Push: 2022-12-29 18:31:31 +0000 UTC |

Live-Hack-CVE/CVE-2020-10003 An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges. CVE project by @Sn0wAlice Create: 2022-12-29 17:49:55 +0000 UTC Push: 2022-12-29 17:49:58 +0000 UTC |

nidhi7598/frameworks_base_AOSP_10_r33_CVE-2022-20495 Create: 2022-12-29 17:08:18 +0000 UTC Push: 2022-12-29 17:08:18 +0000 UTC |

Live-Hack-CVE/CVE-2021-33684 SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an att CVE project by @Sn0wAlice Create: 2022-12-29 17:08:16 +0000 UTC Push: 2022-12-29 17:08:18 +0000 UTC |

Live-Hack-CVE/CVE-2017-10115 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple CVE project by @Sn0wAlice Create: 2022-12-29 16:26:46 +0000 UTC Push: 2022-12-29 16:26:48 +0000 UTC |

Live-Hack-CVE/CVE-2021-41657 SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack. CVE project by @Sn0wAlice Create: 2022-12-29 15:45:18 +0000 UTC Push: 2022-12-29 15:45:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-40834 B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_not_like() function. CVE project by @Sn0wAlice Create: 2022-12-29 15:03:31 +0000 UTC Push: 2022-12-29 15:03:33 +0000 UTC |

Live-Hack-CVE/CVE-2021-35226 An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role. CVE project by @Sn0wAlice Create: 2022-12-29 14:21:59 +0000 UTC Push: 2022-12-29 14:22:01 +0000 UTC |