Live-Hack-CVE/CVE-2022-32476 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the AhciBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI CVE project by @Sn0wAlice Create: 2023-02-15 14:47:37 +0000 UTC Push: 2023-02-15 14:47:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-32473 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the HddPassword shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACP CVE project by @Sn0wAlice Create: 2023-02-15 14:47:34 +0000 UTC Push: 2023-02-15 14:47:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-32470 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FwBlockServiceSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for t CVE project by @Sn0wAlice Create: 2023-02-15 14:47:30 +0000 UTC Push: 2023-02-15 14:47:33 +0000 UTC |

Live-Hack-CVE/CVE-2023-25011 PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22.0 and earlier allows a attacker to write to the registry as administrator privileges with standard user privileges. CVE project by @Sn0wAlice Create: 2023-02-15 14:47:27 +0000 UTC Push: 2023-02-15 14:47:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-47373 Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript payload. CVE project by @Sn0wAlice Create: 2023-02-15 14:47:23 +0000 UTC Push: 2023-02-15 14:47:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-47372 Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the stored XSS payload. CVE project by @Sn0wAlice Create: 2023-02-15 14:47:19 +0000 UTC Push: 2023-02-15 14:47:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-45437 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting (XSS). A user with edition privileges can create a Payload in the reporting dashboard module. An admin user can observe the Payload without interaction an CVE project by @Sn0wAlice Create: 2023-02-15 14:47:16 +0000 UTC Push: 2023-02-15 14:47:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-45436 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must click on the edit netwo CVE project by @Sn0wAlice Create: 2023-02-15 14:47:12 +0000 UTC Push: 2023-02-15 14:47:14 +0000 UTC |

Live-Hack-CVE/CVE-2022-25978 All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme. CVE project by @Sn0wAlice Create: 2023-02-15 14:47:09 +0000 UTC Push: 2023-02-15 14:47:11 +0000 UTC |

Small-ears/CVE-2023-0297 poc Create: 2023-02-15 14:28:40 +0000 UTC Push: 2023-02-15 14:28:41 +0000 UTC |

bypazs/CVE-2023-26982 Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function. Create: 2023-02-15 12:49:38 +0000 UTC Push: 2023-03-29 02:00:52 +0000 UTC |

Live-Hack-CVE/CVE-2023-23618 Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, when `gitk` is run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick users into running untrusted code. A patc CVE project by @Sn0wAlice Create: 2023-02-15 10:18:05 +0000 UTC Push: 2023-02-15 10:18:07 +0000 UTC |

Live-Hack-CVE/CVE-2023-23381 Visual Studio Remote Code Execution Vulnerability CVE project by @Sn0wAlice Create: 2023-02-15 10:18:01 +0000 UTC Push: 2023-02-15 10:18:03 +0000 UTC |

Live-Hack-CVE/CVE-2023-22743 Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, by carefully crafting DLL and putting into a subdirectory of a specific name living next to the Git for Windows installer, Windows can be tricked into side-loading said DLL. This potentially allows users wit CVE project by @Sn0wAlice Create: 2023-02-15 10:17:58 +0000 UTC Push: 2023-02-15 10:18:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-29557 LexisNexis Firco Compliance Link 3.7 allows CSRF. CVE project by @Sn0wAlice Create: 2023-02-15 10:17:38 +0000 UTC Push: 2023-02-15 10:17:40 +0000 UTC |

Live-Hack-CVE/CVE-2023-21823 Windows Graphics Component Remote Code Execution Vulnerability CVE project by @Sn0wAlice Create: 2023-02-15 08:06:14 +0000 UTC Push: 2023-02-15 08:06:16 +0000 UTC |

Live-Hack-CVE/CVE-2023-21815 Visual Studio Remote Code Execution Vulnerability CVE project by @Sn0wAlice Create: 2023-02-15 08:06:10 +0000 UTC Push: 2023-02-15 08:06:12 +0000 UTC |

Live-Hack-CVE/CVE-2023-21808 .NET and Visual Studio Remote Code Execution Vulnerability CVE project by @Sn0wAlice Create: 2023-02-15 08:06:07 +0000 UTC Push: 2023-02-15 08:06:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-21778 Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability CVE project by @Sn0wAlice Create: 2023-02-15 08:06:03 +0000 UTC Push: 2023-02-15 08:06:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-21567 Visual Studio Denial of Service Vulnerability CVE project by @Sn0wAlice Create: 2023-02-15 08:05:59 +0000 UTC Push: 2023-02-15 08:06:01 +0000 UTC |