varelsecurity/CVE-2022-29455 test Create: 2023-02-12 14:26:11 +0000 UTC Push: 2023-02-12 14:26:12 +0000 UTC |

Live-Hack-CVE/CVE-2021-36823 Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress Absolutely Glamorous Custom Admin plugin <= 6.8 versions. CVE project by @Sn0wAlice Create: 2023-02-12 09:16:29 +0000 UTC Push: 2023-02-12 09:16:31 +0000 UTC |

Live-Hack-CVE/CVE-2021-23150 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.31 versions. CVE project by @Sn0wAlice Create: 2023-02-12 09:16:26 +0000 UTC Push: 2023-02-12 09:16:27 +0000 UTC |

Live-Hack-CVE/CVE-2021-36826 Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager plugin <= 2.4.13 versions. CVE project by @Sn0wAlice Create: 2023-02-12 09:16:22 +0000 UTC Push: 2023-02-12 09:16:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-32595 In widevine, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446236; Issue ID: ALPS07446236. CVE project by @Sn0wAlice Create: 2023-02-12 08:07:22 +0000 UTC Push: 2023-02-12 08:07:24 +0000 UTC |

Chocapikk/CVE-2022-44877 Bash Script for Checking Command Injection Vulnerability on CentOS Web Panel [CWP] (CVE-2022-44877) Create: 2023-02-12 04:45:08 +0000 UTC Push: 2023-02-12 04:45:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-0783 A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the component PHP File Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi CVE project by @Sn0wAlice Create: 2023-02-12 03:45:34 +0000 UTC Push: 2023-02-12 03:45:36 +0000 UTC |

Live-Hack-CVE/CVE-2023-0782 A vulnerability was found in Tenda AC23 16.03.07.45 and classified as critical. Affected by this issue is the function formSetSysToolDDNS/formGetSysToolDDNS of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public an CVE project by @Sn0wAlice Create: 2023-02-12 03:45:31 +0000 UTC Push: 2023-02-12 03:45:33 +0000 UTC |

Live-Hack-CVE/CVE-2023-0127 A command injection vulnerability in the firmware_update command, in the device's restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root. CVE project by @Sn0wAlice Create: 2023-02-12 03:45:27 +0000 UTC Push: 2023-02-12 03:45:29 +0000 UTC |

Live-Hack-CVE/CVE-2019-10430 Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. CVE project by @Sn0wAlice Create: 2023-02-12 03:45:23 +0000 UTC Push: 2023-02-12 03:45:25 +0000 UTC |

Live-Hack-CVE/CVE-2015-6042 Use-after-free vulnerability in the CWindow object implementation in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." CVE project by @Sn0wAlice Create: 2023-02-12 01:35:12 +0000 UTC Push: 2023-02-12 01:35:14 +0000 UTC |

yuriisanin/CVE-2022-45771 [PoC] Privilege escalation / Code execution via LFI in PwnDoC Create: 2023-02-11 23:26:14 +0000 UTC Push: 2023-02-11 23:28:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-1253 Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release. CVE project by @Sn0wAlice Create: 2023-02-11 23:25:24 +0000 UTC Push: 2023-02-11 23:25:26 +0000 UTC |

Live-Hack-CVE/CVE-2023-0781 A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects the function query of the file removeOrder.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the CVE project by @Sn0wAlice Create: 2023-02-11 23:25:04 +0000 UTC Push: 2023-02-11 23:25:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-34445 Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure. CVE project by @Sn0wAlice Create: 2023-02-11 21:13:06 +0000 UTC Push: 2023-02-11 21:13:08 +0000 UTC |

Live-Hack-CVE/CVE-2022-34444 Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to cause data leak. CVE project by @Sn0wAlice Create: 2023-02-11 21:13:02 +0000 UTC Push: 2023-02-11 21:13:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-34404 Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service. CVE project by @Sn0wAlice Create: 2023-02-11 21:12:59 +0000 UTC Push: 2023-02-11 21:13:01 +0000 UTC |

Live-Hack-CVE/CVE-2022-34392 SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information. CVE project by @Sn0wAlice Create: 2023-02-11 21:12:56 +0000 UTC Push: 2023-02-11 21:12:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-34389 Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician. CVE project by @Sn0wAlice Create: 2023-02-11 21:12:52 +0000 UTC Push: 2023-02-11 21:12:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-34388 Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected appli CVE project by @Sn0wAlice Create: 2023-02-11 21:12:49 +0000 UTC Push: 2023-02-11 21:12:51 +0000 UTC |