Live-Hack-CVE/CVE-2021-36776 A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. This issue affects: SUSE Rancher Rancher versions prior to 2.5.10. CVE project by @Sn0wAlice Create: 2022-12-29 04:00:30 +0000 UTC Push: 2022-12-29 04:00:32 +0000 UTC |

Live-Hack-CVE/CVE-2021-37624 FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing. By default, SIP req CVE project by @Sn0wAlice Create: 2022-12-29 03:18:41 +0000 UTC Push: 2022-12-29 03:18:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-3071 Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. CVE project by @Sn0wAlice Create: 2022-12-29 02:35:46 +0000 UTC Push: 2022-12-29 02:35:48 +0000 UTC |

nandin787/Jpg-Png-Exploit-Downloader-Fud-Cryter-Malware-Builder-Cve-2022 Create: 2022-12-29 02:29:22 +0000 UTC Push: 2022-12-29 02:29:23 +0000 UTC |

nandin787/Discord-Image-Token-Password-Grabber-Exploit-Cve-2022 Create: 2022-12-29 02:27:41 +0000 UTC Push: 2022-12-29 02:27:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-39362 Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase CVE project by @Sn0wAlice Create: 2022-12-29 01:53:52 +0000 UTC Push: 2022-12-29 01:53:54 +0000 UTC |

Live-Hack-CVE/CVE-2021-39929 Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file CVE project by @Sn0wAlice Create: 2022-12-29 01:12:06 +0000 UTC Push: 2022-12-29 01:12:08 +0000 UTC |

Live-Hack-CVE/CVE-2022-3409 A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. This vulnerability was identified during mitigation for CVE-2022-2809. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart CVE project by @Sn0wAlice Create: 2022-12-29 00:30:24 +0000 UTC Push: 2022-12-29 00:30:26 +0000 UTC |

Live-Hack-CVE/CVE-2022-3380 The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. CVE project by @Sn0wAlice Create: 2022-12-28 23:48:01 +0000 UTC Push: 2022-12-28 23:48:03 +0000 UTC |

Live-Hack-CVE/CVE-2021-27784 The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages. CVE project by @Sn0wAlice Create: 2022-12-28 23:06:14 +0000 UTC Push: 2022-12-28 23:06:16 +0000 UTC |

Live-Hack-CVE/CVE-2022-32899 The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. CVE project by @Sn0wAlice Create: 2022-12-28 22:24:51 +0000 UTC Push: 2022-12-28 22:24:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-39234 GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Deleted/deactivated user could continue to use their account as long as its cookie is valid. This issue has been patched, pl CVE project by @Sn0wAlice Create: 2022-12-28 21:43:16 +0000 UTC Push: 2022-12-28 21:43:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-1937 The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting CVE project by @Sn0wAlice Create: 2022-12-28 21:01:35 +0000 UTC Push: 2022-12-28 21:01:37 +0000 UTC |

Live-Hack-CVE/CVE-2019-19126 On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program CVE project by @Sn0wAlice Create: 2022-12-28 20:20:27 +0000 UTC Push: 2022-12-28 20:20:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-37892 A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the CVE project by @Sn0wAlice Create: 2022-12-28 19:38:30 +0000 UTC Push: 2022-12-28 19:38:32 +0000 UTC |

Live-Hack-CVE/CVE-2020-10029 The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2 CVE project by @Sn0wAlice Create: 2022-12-28 18:57:08 +0000 UTC Push: 2022-12-28 18:57:11 +0000 UTC |

Live-Hack-CVE/CVE-2016-4285 Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-427 CVE project by @Sn0wAlice Create: 2022-12-28 18:15:47 +0000 UTC Push: 2022-12-28 18:15:50 +0000 UTC |

Live-Hack-CVE/CVE-2022-39036 The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service. CVE project by @Sn0wAlice Create: 2022-12-28 17:33:40 +0000 UTC Push: 2022-12-28 17:33:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-36384 Unquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice Create: 2022-12-28 16:51:54 +0000 UTC Push: 2022-12-28 16:51:56 +0000 UTC |

Live-Hack-CVE/CVE-2016-7876 Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Clipboard class related to data handling functionality. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice Create: 2022-12-28 16:10:21 +0000 UTC Push: 2022-12-28 16:10:24 +0000 UTC |