Live-Hack-CVE/CVE-2020-36569 Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token. CVE project by @Sn0wAlice Create: 2023-01-06 14:14:13 +0000 UTC Push: 2023-01-06 14:14:16 +0000 UTC |

Live-Hack-CVE/CVE-2021-4239 The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 (~18.4 quintillion) messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to be encrypted with the CVE project by @Sn0wAlice Create: 2023-01-06 14:14:09 +0000 UTC Push: 2023-01-06 14:14:12 +0000 UTC |

Live-Hack-CVE/CVE-2022-46442 dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query. CVE project by @Sn0wAlice Create: 2023-01-06 14:14:05 +0000 UTC Push: 2023-01-06 14:14:08 +0000 UTC |

Live-Hack-CVE/CVE-2022-4822 A vulnerability, which was classified as problematic, has been found in FlatPress. This issue affects some unknown processing of the file setup/lib/main.lib.php of the component Setup. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 5f23b4c2eac294cc0ba5e541 CVE project by @Sn0wAlice Create: 2023-01-06 14:13:59 +0000 UTC Push: 2023-01-06 14:14:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-4821 A vulnerability classified as problematic was found in FlatPress. This vulnerability affects the function onupload of the file admin/panels/uploader/admin.uploader.php of the component XML File Handler/MD File Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the CVE project by @Sn0wAlice Create: 2023-01-06 14:13:54 +0000 UTC Push: 2023-01-06 14:13:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-4820 A vulnerability classified as problematic has been found in FlatPress. This affects an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 229752b51025e67837 CVE project by @Sn0wAlice Create: 2023-01-06 14:13:51 +0000 UTC Push: 2023-01-06 14:13:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-4819 A vulnerability was found in HotCRP. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is d4ffdb0ef806453c54ddca7fdda3e5c60356285c. It is recommended to apply a patch to fix t CVE project by @Sn0wAlice Create: 2023-01-06 14:13:47 +0000 UTC Push: 2023-01-06 14:13:49 +0000 UTC |

Live-Hack-CVE/CVE-2020-36636 A vulnerability classified as problematic has been found in OpenMRS Admin UI Module up to 1.4.x. Affected is the function sendErrorMessage of the file omod/src/main/java/org/openmrs/module/adminui/page/controller/systemadmin/accounts/AccountPageController.java of the component Account Setup Handler. The manipulation le CVE project by @Sn0wAlice Create: 2023-01-06 14:13:42 +0000 UTC Push: 2023-01-06 14:13:45 +0000 UTC |

Live-Hack-CVE/CVE-2021-4291 A vulnerability was found in OpenMRS Admin UI Module up to 1.5.x. It has been declared as problematic. This vulnerability affects unknown code of the file omod/src/main/webapp/pages/metadata/locations/location.gsp. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to versio CVE project by @Sn0wAlice Create: 2023-01-06 14:13:38 +0000 UTC Push: 2023-01-06 14:13:41 +0000 UTC |

Live-Hack-CVE/CVE-2015-5521 Cross-site scripting (XSS) vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name in a new group to backend/groups/index.php. CVE project by @Sn0wAlice Create: 2023-01-06 14:13:34 +0000 UTC Push: 2023-01-06 14:13:37 +0000 UTC |

Live-Hack-CVE/CVE-2022-25923 Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization. CVE project by @Sn0wAlice Create: 2023-01-06 14:13:29 +0000 UTC Push: 2023-01-06 14:13:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-42979 Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for Android and iOS allows attackers to take over an account via a deep link. CVE project by @Sn0wAlice Create: 2023-01-06 14:13:25 +0000 UTC Push: 2023-01-06 14:13:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-44870 A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module. CVE project by @Sn0wAlice Create: 2023-01-06 14:13:21 +0000 UTC Push: 2023-01-06 14:13:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-40049 SQL injection vulnerability in sourcecodester Theme Park Ticketing System 1.0 allows remote attackers to view sensitive information via the id parameter to the /tpts/manage_user.php page. CVE project by @Sn0wAlice Create: 2023-01-06 14:13:16 +0000 UTC Push: 2023-01-06 14:13:19 +0000 UTC |

111ddea/Xstream_cve-2022-41966 Create: 2023-01-06 10:37:07 +0000 UTC Push: 2023-01-06 10:37:08 +0000 UTC |

Live-Hack-CVE/CVE-2022-44877 RESERVED An issue in the /login/index.php component of Centos Web Panel 7 before v0.9.8.1147 allows unauthenticated attackers to execute arbitrary system commands via crafted HTTP requests. CVE project by @Sn0wAlice Create: 2023-01-06 09:46:29 +0000 UTC Push: 2023-01-06 09:46:32 +0000 UTC |

Live-Hack-CVE/CVE-2021-32828 The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the `oauth2` REST API is vulnerable to Reflected Cross-Site Scripting (XSS). This XSS can be escalated to Remote Code Execution (RCE) by levering the automation API. CVE project by @Sn0wAlice Create: 2023-01-06 09:46:25 +0000 UTC Push: 2023-01-06 09:46:27 +0000 UTC |

Live-Hack-CVE/CVE-2022-4801 Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1. CVE project by @Sn0wAlice Create: 2023-01-06 09:46:21 +0000 UTC Push: 2023-01-06 09:46:23 +0000 UTC |

Live-Hack-CVE/CVE-2022-4800 Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. CVE project by @Sn0wAlice Create: 2023-01-06 09:46:16 +0000 UTC Push: 2023-01-06 09:46:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-4812 Comparison of Object References Instead of Object Contents in GitHub repository usememos/memos prior to 0.9.1. CVE project by @Sn0wAlice Create: 2023-01-06 09:46:11 +0000 UTC Push: 2023-01-06 09:46:15 +0000 UTC |