Live-Hack-CVE/CVE-2023-22936 In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment. CVE project by @Sn0wAlice Create: 2023-02-15 03:39:54 +0000 UTC Push: 2023-02-15 03:39:56 +0000 UTC |

Live-Hack-CVE/CVE-2023-22935 In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass [SPL safeguards for risky commands](https://docs.splunk.com/Documentation/Splunk/latest/Security/SPLsafeguards). The vulnerability requires a higher privileged user to init CVE project by @Sn0wAlice Create: 2023-02-15 03:39:50 +0000 UTC Push: 2023-02-15 03:39:52 +0000 UTC |

Live-Hack-CVE/CVE-2023-22934 In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass [SPL safeguards for risky commands](https://docs.splunk.com/Documentation/Splunk/latest/Security/SPLsafeguards) using a saved search job. The vulnerability requires an authenticated u CVE project by @Sn0wAlice Create: 2023-02-15 03:39:46 +0000 UTC Push: 2023-02-15 03:39:49 +0000 UTC |

Live-Hack-CVE/CVE-2023-22933 In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’. The vulnerability affects instances with Splunk Web enabled. CVE project by @Sn0wAlice Create: 2023-02-15 03:39:43 +0000 UTC Push: 2023-02-15 03:39:45 +0000 UTC |

Live-Hack-CVE/CVE-2023-22932 In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0. CVE project by @Sn0wAlice Create: 2023-02-15 03:39:39 +0000 UTC Push: 2023-02-15 03:39:41 +0000 UTC |

Live-Hack-CVE/CVE-2023-22931 In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default. CVE project by @Sn0wAlice Create: 2023-02-15 03:39:35 +0000 UTC Push: 2023-02-15 03:39:38 +0000 UTC |

Live-Hack-CVE/CVE-2022-41564 The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password to a privileged user. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.1 and below and TIBCO Operat CVE project by @Sn0wAlice Create: 2023-02-15 03:39:31 +0000 UTC Push: 2023-02-15 03:39:34 +0000 UTC |

Live-Hack-CVE/CVE-2022-2933 The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromk_options_page function. This makes it possible for unauthenticated attackers to inject malicious web scripts via the 'zeromk_user' a CVE project by @Sn0wAlice Create: 2023-02-15 03:39:27 +0000 UTC Push: 2023-02-15 03:39:30 +0000 UTC |

Live-Hack-CVE/CVE-2022-40196 Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice Create: 2023-02-15 03:39:24 +0000 UTC Push: 2023-02-15 03:39:26 +0000 UTC |

Live-Hack-CVE/CVE-2022-38136 Uncontrolled search path in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice Create: 2023-02-15 03:39:20 +0000 UTC Push: 2023-02-15 03:39:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-41342 Improper buffer restrictions the Intel(R) C++ Compiler Classic before version 2021.7.1. for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice Create: 2023-02-15 03:39:17 +0000 UTC Push: 2023-02-15 03:39:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-4902 A vulnerability classified as problematic has been found in eXo Chat Application. Affected is an unknown function of the file application/src/main/webapp/vue-app/components/ExoChatMessageComposer.vue of the component Mention Handler. The manipulation leads to cross site scripting. It is possible to launch the attack re CVE project by @Sn0wAlice Create: 2023-02-15 03:39:13 +0000 UTC Push: 2023-02-15 03:39:15 +0000 UTC |

Live-Hack-CVE/CVE-2023-23944 Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user passwords until the OAuth CVE project by @Sn0wAlice Create: 2023-02-15 03:39:09 +0000 UTC Push: 2023-02-15 03:39:12 +0000 UTC |

Live-Hack-CVE/CVE-2017-7308 The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted CVE project by @Sn0wAlice Create: 2023-02-15 03:39:06 +0000 UTC Push: 2023-02-15 03:39:08 +0000 UTC |

Live-Hack-CVE/CVE-2023-0687 A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier as CVE project by @Sn0wAlice Create: 2023-02-15 03:39:01 +0000 UTC Push: 2023-02-15 03:39:03 +0000 UTC |

Live-Hack-CVE/CVE-2022-32656 In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705035; Issue ID: GN20220705035. CVE project by @Sn0wAlice Create: 2023-02-15 03:38:57 +0000 UTC Push: 2023-02-15 03:39:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-42439 IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211. CVE project by @Sn0wAlice Create: 2023-02-15 03:38:54 +0000 UTC Push: 2023-02-15 03:38:56 +0000 UTC |

Live-Hack-CVE/CVE-2023-24161 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. CVE project by @Sn0wAlice Create: 2023-02-15 02:33:34 +0000 UTC Push: 2023-02-15 02:33:36 +0000 UTC |

Live-Hack-CVE/CVE-2023-24160 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. CVE project by @Sn0wAlice Create: 2023-02-15 02:33:30 +0000 UTC Push: 2023-02-15 02:33:32 +0000 UTC |

Live-Hack-CVE/CVE-2023-24159 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function. CVE project by @Sn0wAlice Create: 2023-02-15 02:33:26 +0000 UTC Push: 2023-02-15 02:33:29 +0000 UTC |