Live-Hack-CVE/CVE-2022-2895 Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file. CVE project by @Sn0wAlice Create: 2022-12-30 07:06:39 +0000 UTC Push: 2022-12-30 07:06:41 +0000 UTC |

Live-Hack-CVE/CVE-2022-2003 AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06 CVE project by @Sn0wAlice Create: 2022-12-30 06:24:55 +0000 UTC Push: 2022-12-30 06:24:57 +0000 UTC |

Live-Hack-CVE/CVE-2015-4866 Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. CVE project by @Sn0wAlice Create: 2022-12-30 05:43:18 +0000 UTC Push: 2022-12-30 05:43:20 +0000 UTC |

Live-Hack-CVE/CVE-2021-46378 DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download. CVE project by @Sn0wAlice Create: 2022-12-30 05:01:10 +0000 UTC Push: 2022-12-30 05:01:13 +0000 UTC |

Live-Hack-CVE/CVE-2020-9281 A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax). CVE project by @Sn0wAlice Create: 2022-12-30 04:19:48 +0000 UTC Push: 2022-12-30 04:19:50 +0000 UTC |

Live-Hack-CVE/CVE-2022-38274 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list. CVE project by @Sn0wAlice Create: 2022-12-30 03:37:55 +0000 UTC Push: 2022-12-30 03:37:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-37796 In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site Scripting(XSS). CVE project by @Sn0wAlice Create: 2022-12-30 02:56:04 +0000 UTC Push: 2022-12-30 02:56:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-35832 Windows Event Tracing Denial of Service Vulnerability. CVE project by @Sn0wAlice Create: 2022-12-30 02:14:36 +0000 UTC Push: 2022-12-30 02:14:38 +0000 UTC |

Live-Hack-CVE/CVE-2022-40663 This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TI CVE project by @Sn0wAlice Create: 2022-12-30 01:33:20 +0000 UTC Push: 2022-12-30 01:33:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-25688 Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables CVE project by @Sn0wAlice Create: 2022-12-30 00:51:22 +0000 UTC Push: 2022-12-30 00:51:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-30675 Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a vict CVE project by @Sn0wAlice Create: 2022-12-30 00:09:21 +0000 UTC Push: 2022-12-30 00:09:23 +0000 UTC |

Live-Hack-CVE/CVE-2022-40807 The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0 CVE project by @Sn0wAlice Create: 2022-12-29 23:27:40 +0000 UTC Push: 2022-12-29 23:27:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-34746 An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in th CVE project by @Sn0wAlice Create: 2022-12-29 22:46:07 +0000 UTC Push: 2022-12-29 22:46:09 +0000 UTC |

Live-Hack-CVE/CVE-2021-2475 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBo CVE project by @Sn0wAlice Create: 2022-12-29 22:04:12 +0000 UTC Push: 2022-12-29 22:04:14 +0000 UTC |

Live-Hack-CVE/CVE-2021-25460 An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService. CVE project by @Sn0wAlice Create: 2022-12-29 21:22:37 +0000 UTC Push: 2022-12-29 21:22:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-3074 The Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2022-12-29 20:40:31 +0000 UTC Push: 2022-12-29 20:40:33 +0000 UTC |

Live-Hack-CVE/CVE-2021-4052 Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. CVE project by @Sn0wAlice Create: 2022-12-29 19:54:25 +0000 UTC Push: 2022-12-29 19:54:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-29089 Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privilege CVE project by @Sn0wAlice Create: 2022-12-29 19:12:51 +0000 UTC Push: 2022-12-29 19:12:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-1388 On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (Eo CVE project by @Sn0wAlice Create: 2022-12-29 18:31:27 +0000 UTC Push: 2022-12-29 18:31:31 +0000 UTC |

Live-Hack-CVE/CVE-2020-10003 An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges. CVE project by @Sn0wAlice Create: 2022-12-29 17:49:55 +0000 UTC Push: 2022-12-29 17:49:58 +0000 UTC |