Live-Hack-CVE/CVE-2022-3928 Hardcoded credential is found in affected products' message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOX CVE project by @Sn0wAlice Create: 2023-01-06 07:34:16 +0000 UTC Push: 2023-01-06 07:34:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-3927 The affected products store both public and private key that are used to sign and protect Custom Parameter Set (CPS) file from modification. An attacker that manages to exploit this vulnerability will be able to change the CPS file, sign it so that it is trusted as the legitimate CPS file. This issue affects * FOXMAN-U CVE project by @Sn0wAlice Create: 2023-01-06 07:34:11 +0000 UTC Push: 2023-01-06 07:34:14 +0000 UTC |

Live-Hack-CVE/CVE-2021-41010 CVE was unused by HPE. CVE project by @Sn0wAlice Create: 2023-01-06 07:34:07 +0000 UTC Push: 2023-01-06 07:34:10 +0000 UTC |

Live-Hack-CVE/CVE-2021-41009 CVE was unused by HPE. CVE project by @Sn0wAlice Create: 2023-01-06 07:34:02 +0000 UTC Push: 2023-01-06 07:34:05 +0000 UTC |

Live-Hack-CVE/CVE-2021-41008 CVE was unused by HPE. CVE project by @Sn0wAlice Create: 2023-01-06 07:33:57 +0000 UTC Push: 2023-01-06 07:34:01 +0000 UTC |

Live-Hack-CVE/CVE-2021-41007 CVE was unused by HPE. CVE project by @Sn0wAlice Create: 2023-01-06 07:33:53 +0000 UTC Push: 2023-01-06 07:33:56 +0000 UTC |

Live-Hack-CVE/CVE-2021-41006 CVE was unused by HPE. CVE project by @Sn0wAlice Create: 2023-01-06 07:33:48 +0000 UTC Push: 2023-01-06 07:33:52 +0000 UTC |

Live-Hack-CVE/CVE-2021-40342 In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions. This issue affects * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN CVE project by @Sn0wAlice Create: 2023-01-06 07:33:44 +0000 UTC Push: 2023-01-06 07:33:47 +0000 UTC |

Live-Hack-CVE/CVE-2014-125045 A vulnerability has been found in meol1 and classified as critical. Affected by this vulnerability is the function GetAnimal of the file opdracht4/index.php. The manipulation of the argument where leads to sql injection. The name of the patch is 82441e413f87920d1e8f866e8ef9d7f353a7c583. It is recommended to apply a pat CVE project by @Sn0wAlice Create: 2023-01-06 07:33:40 +0000 UTC Push: 2023-01-06 07:33:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-4802 Improper Authorization in GitHub repository usememos/memos prior to 0.9.1. CVE project by @Sn0wAlice Create: 2023-01-06 07:33:36 +0000 UTC Push: 2023-01-06 07:33:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-34680 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service. CVE project by @Sn0wAlice Create: 2023-01-06 07:33:31 +0000 UTC Push: 2023-01-06 07:33:34 +0000 UTC |

Live-Hack-CVE/CVE-2022-42259 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service. CVE project by @Sn0wAlice Create: 2023-01-06 07:33:24 +0000 UTC Push: 2023-01-06 07:33:27 +0000 UTC |

Live-Hack-CVE/CVE-2022-42258 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure. CVE project by @Sn0wAlice Create: 2023-01-06 07:33:20 +0000 UTC Push: 2023-01-06 07:33:23 +0000 UTC |

Live-Hack-CVE/CVE-2022-42257 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service. CVE project by @Sn0wAlice Create: 2023-01-06 07:33:15 +0000 UTC Push: 2023-01-06 07:33:18 +0000 UTC |

Live-Hack-CVE/CVE-2023-0086 The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save() function. This makes it possible for unauthenticated attackers to to modify the plugin's settings via a forged request granted the CVE project by @Sn0wAlice Create: 2023-01-06 05:23:07 +0000 UTC Push: 2023-01-06 05:23:10 +0000 UTC |

Live-Hack-CVE/CVE-2023-22454 Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has the "require mode CVE project by @Sn0wAlice Create: 2023-01-06 05:23:03 +0000 UTC Push: 2023-01-06 05:23:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-22453 Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, the number of times a user posted in an arbitrary topic is exposed to unauthorized users through the `/u/username.json` endpoint. The issue is patched in CVE project by @Sn0wAlice Create: 2023-01-06 05:22:58 +0000 UTC Push: 2023-01-06 05:23:01 +0000 UTC |

Live-Hack-CVE/CVE-2022-46177 Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, when a user requests for a password reset link email, then changes their primary email, the old reset email is still valid. When the old reset email is us CVE project by @Sn0wAlice Create: 2023-01-06 05:22:53 +0000 UTC Push: 2023-01-06 05:22:57 +0000 UTC |

Live-Hack-CVE/CVE-2017-20163 A vulnerability has been found in Red Snapper NView and classified as critical. This vulnerability affects the function mutate of the file src/Session.php. The manipulation of the argument session leads to sql injection. The name of the patch is cbd255f55d476b29e5680f66f48c73ddb3d416a8. It is recommended to apply a pat CVE project by @Sn0wAlice Create: 2023-01-06 05:22:49 +0000 UTC Push: 2023-01-06 05:22:52 +0000 UTC |

Live-Hack-CVE/CVE-2014-125044 A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This affects an unknown part of the file index.php. The manipulation of the argument p leads to file inclusion. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The name of the CVE project by @Sn0wAlice Create: 2023-01-06 05:22:44 +0000 UTC Push: 2023-01-06 05:22:47 +0000 UTC |