Live-Hack-CVE/CVE-2013-10008 A vulnerability was found in sheilazpy eShop. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. The name of the patch is e096c5849c4dc09e1074104531014a62a5413884. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB CVE project by @Sn0wAlice Create: 2023-01-07 07:40:23 +0000 UTC Push: 2023-01-07 07:40:26 +0000 UTC |

Live-Hack-CVE/CVE-2021-4294 A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to app CVE project by @Sn0wAlice Create: 2023-01-07 05:32:17 +0000 UTC Push: 2023-01-07 05:32:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-4858 Insertion of Sensitive Information into Log Files in M-Files Server before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set. CVE project by @Sn0wAlice Create: 2023-01-07 05:32:08 +0000 UTC Push: 2023-01-07 05:32:11 +0000 UTC |

Live-Hack-CVE/CVE-2020-36638 ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de AdminServ. It has been rated as problematic. This issue affects some unknown processing of the file resources/core/adminserv.php. The manipulation of the argument error leads to cross site scripting. The attack may be CVE project by @Sn0wAlice Create: 2023-01-07 05:32:02 +0000 UTC Push: 2023-01-07 05:32:06 +0000 UTC |

Live-Hack-CVE/CVE-2020-36637 ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de AdminServ. It has been declared as problematic. This vulnerability affects unknown code of the file resources/core/adminserv.php. The manipulation of the argument text leads to cross site scripting. The attack can be CVE project by @Sn0wAlice Create: 2023-01-07 05:31:57 +0000 UTC Push: 2023-01-07 05:32:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-34679 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unhandled return value can lead to a null-pointer dereference, which may lead to denial of service. CVE project by @Sn0wAlice Create: 2023-01-07 05:31:50 +0000 UTC Push: 2023-01-07 05:31:54 +0000 UTC |

yerodin/CVE-2022-44149 PO Exploit for CVE-2022-44149 Create: 2023-01-07 04:00:25 +0000 UTC Push: 2023-01-07 04:00:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-4778 StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server's filesystem. StreamX applications using StreamView HTML component with the public web server feature activated are affected. CVE project by @Sn0wAlice Create: 2023-01-07 03:21:28 +0000 UTC Push: 2023-01-07 03:21:31 +0000 UTC |

Live-Hack-CVE/CVE-2022-41966 XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps t CVE project by @Sn0wAlice Create: 2023-01-07 03:21:24 +0000 UTC Push: 2023-01-07 03:21:27 +0000 UTC |

Live-Hack-CVE/CVE-2023-22475 Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens prior to sha-fb61290. An attacker who discovers an HTTP-based Canarytoken (a URL) can use this to execute Javascript in the Canary CVE project by @Sn0wAlice Create: 2023-01-07 03:21:19 +0000 UTC Push: 2023-01-07 03:21:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-44149 The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required. CVE project by @Sn0wAlice Create: 2023-01-07 03:21:14 +0000 UTC Push: 2023-01-07 03:21:17 +0000 UTC |

Live-Hack-CVE/CVE-2020-36643 A vulnerability was found in intgr uqm-wasm. It has been classified as critical. This affects the function log_displayBox in the library sc2/src/libs/log/msgbox_macosx.m. The manipulation leads to format string. The name of the patch is 1d5cbf3350a02c423ad6bef6dfd5300d38aa828f. It is recommended to apply a patch to fix CVE project by @Sn0wAlice Create: 2023-01-07 03:21:10 +0000 UTC Push: 2023-01-07 03:21:13 +0000 UTC |

Live-Hack-CVE/CVE-2014-125051 A vulnerability was found in himiklab yii2-jqgrid-widget up to 1.0.7. It has been declared as critical. This vulnerability affects the function addSearchOptionsRecursively of the file JqGridAction.php. The manipulation leads to sql injection. Upgrading to version 1.0.8 is able to address this issue. The name of the pat CVE project by @Sn0wAlice Create: 2023-01-07 03:21:05 +0000 UTC Push: 2023-01-07 03:21:08 +0000 UTC |

Live-Hack-CVE/CVE-2014-125050 A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The name of the patch is 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch to fix this issue. VDB-21 CVE project by @Sn0wAlice Create: 2023-01-07 03:21:01 +0000 UTC Push: 2023-01-07 03:21:04 +0000 UTC |

Live-Hack-CVE/CVE-2020-36562 Due to unchecked type assertions, maliciously crafted messages can cause panics, which may be used as a denial of service vector. CVE project by @Sn0wAlice Create: 2023-01-07 03:20:57 +0000 UTC Push: 2023-01-07 03:21:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-46172 authentik is an open-source Identity provider focused on flexibility and versatility. In versions prior to 2022.10.4, and 2022.11.4, any authenticated user can create an arbitrary number of accounts through the default flows. This would circumvent any policy in a situation where it is undesirable for users to create ne CVE project by @Sn0wAlice Create: 2023-01-07 03:20:53 +0000 UTC Push: 2023-01-07 03:20:56 +0000 UTC |

Live-Hack-CVE/CVE-2022-41967 Dragonfly is a Java runtime dependency management library. Dragonfly v0.3.0-SNAPSHOT does not configure DocumentBuilderFactory to prevent XML external entity (XXE) attacks. This issue is patched in 0.3.1-SNAPSHOT. As a workaround, since Dragonfly only parses XML `SNAPSHOT` versions are being resolved, this vulnerabilit CVE project by @Sn0wAlice Create: 2023-01-07 03:20:49 +0000 UTC Push: 2023-01-07 03:20:52 +0000 UTC |

Live-Hack-CVE/CVE-2020-36563 XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input. CVE project by @Sn0wAlice Create: 2023-01-07 03:20:44 +0000 UTC Push: 2023-01-07 03:20:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-4773 ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in cloudsync. Affected by this vulnerability is the function getItem of the file src/main/java/cloudsync/connector/LocalFilesystemConnector.java. The manipulation leads to path traversal. It is possible t CVE project by @Sn0wAlice Create: 2023-01-07 03:20:40 +0000 UTC Push: 2023-01-07 03:20:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-4779 StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected. CVE project by @Sn0wAlice Create: 2023-01-07 03:20:34 +0000 UTC Push: 2023-01-07 03:20:38 +0000 UTC |