Live-Hack-CVE/CVE-2022-48306 Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify netwo CVE project by @Sn0wAlice Create: 2023-02-17 01:15:52 +0000 UTC Push: 2023-02-17 01:15:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-27897 Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch server. CVE project by @Sn0wAlice Create: 2023-02-17 01:15:48 +0000 UTC Push: 2023-02-17 01:15:50 +0000 UTC |

Live-Hack-CVE/CVE-2022-27892 Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service. CVE project by @Sn0wAlice Create: 2023-02-17 01:15:44 +0000 UTC Push: 2023-02-17 01:15:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-27891 Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected services to the latest versio CVE project by @Sn0wAlice Create: 2023-02-17 01:15:41 +0000 UTC Push: 2023-02-17 01:15:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-27890 It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to interc CVE project by @Sn0wAlice Create: 2023-02-17 01:15:37 +0000 UTC Push: 2023-02-17 01:15:39 +0000 UTC |

Live-Hack-CVE/CVE-2021-40555 Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows attackers to execute arbitrary code via description field on the new page creation form. CVE project by @Sn0wAlice Create: 2023-02-17 01:15:34 +0000 UTC Push: 2023-02-17 01:15:36 +0000 UTC |

Live-Hack-CVE/CVE-2023-23931 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus CVE project by @Sn0wAlice Create: 2023-02-17 01:15:28 +0000 UTC Push: 2023-02-17 01:15:30 +0000 UTC |

Argonx21/CVE-2022-47373 Reflected Cross Site Scripting Vulnerability in PandoraFMS <= v766 Create: 2023-02-17 01:10:25 +0000 UTC Push: 2023-02-17 01:10:26 +0000 UTC |

damodarnaik/CVE-2022-45436 Create: 2023-02-17 01:03:30 +0000 UTC Push: 2023-02-17 01:03:30 +0000 UTC |

Argonx21/CVE-2022-43980 Stored Cross Site Scripting Vulnerability in the network maps edit functionality Create: 2023-02-17 00:42:12 +0000 UTC Push: 2023-02-17 00:42:13 +0000 UTC |

Live-Hack-CVE/CVE-2022-43969 Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials. CVE project by @Sn0wAlice Create: 2023-02-17 00:07:22 +0000 UTC Push: 2023-02-17 00:07:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-38731 Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server's filesystem from which to load an image. (Only images are displayed to the attacker. All other files are loaded but not displayed.) The Content-Type r CVE project by @Sn0wAlice Create: 2023-02-17 00:07:18 +0000 UTC Push: 2023-02-17 00:07:20 +0000 UTC |

Live-Hack-CVE/CVE-2023-22953 In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user. CVE project by @Sn0wAlice Create: 2023-02-17 00:07:07 +0000 UTC Push: 2023-02-17 00:07:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-0574 Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulati CVE project by @Sn0wAlice Create: 2023-02-17 00:07:03 +0000 UTC Push: 2023-02-17 00:07:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-24813 Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of `image` tags and respects `xlink:href` even if `href` is specified. However, php-svg-lib, wh CVE project by @Sn0wAlice Create: 2023-02-17 00:06:54 +0000 UTC Push: 2023-02-17 00:06:57 +0000 UTC |

Live-Hack-CVE/CVE-2023-0705 Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) CVE project by @Sn0wAlice Create: 2023-02-17 00:06:50 +0000 UTC Push: 2023-02-17 00:06:53 +0000 UTC |

grandDancer/CVE-2017-5124-RCE-0-Day CVE-2017-5124 RCE 0-Day Create: 2023-02-16 23:36:38 +0000 UTC Push: 2023-02-16 23:37:40 +0000 UTC |

0xsu3ks/CVE-2023-0860 Create: 2023-02-16 21:49:20 +0000 UTC Push: 2023-02-16 21:49:21 +0000 UTC |

Live-Hack-CVE/CVE-2023-0662 In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. CVE project by @Sn0wAlice Create: 2023-02-16 19:38:25 +0000 UTC Push: 2023-02-16 19:38:27 +0000 UTC |

Live-Hack-CVE/CVE-2023-0568 In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unaut CVE project by @Sn0wAlice Create: 2023-02-16 19:38:22 +0000 UTC Push: 2023-02-16 19:38:24 +0000 UTC |