Live-Hack-CVE/CVE-2023-22798 Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have been there for security purposes. This could potentially cause open redirects on these websites. Brave's redirect inter CVE project by @Sn0wAlice Create: 2023-02-10 05:53:14 +0000 UTC Push: 2023-02-10 05:53:16 +0000 UTC |

Live-Hack-CVE/CVE-2023-22797 An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefu CVE project by @Sn0wAlice Create: 2023-02-10 05:53:10 +0000 UTC Push: 2023-02-10 05:53:13 +0000 UTC |

Live-Hack-CVE/CVE-2023-22796 A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible CVE project by @Sn0wAlice Create: 2023-02-10 05:53:06 +0000 UTC Push: 2023-02-10 05:53:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-22795 A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the proces CVE project by @Sn0wAlice Create: 2023-02-10 05:53:03 +0000 UTC Push: 2023-02-10 05:53:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-22794 A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database wi CVE project by @Sn0wAlice Create: 2023-02-10 05:52:59 +0000 UTC Push: 2023-02-10 05:53:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-22792 A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amou CVE project by @Sn0wAlice Create: 2023-02-10 05:52:55 +0000 UTC Push: 2023-02-10 05:52:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-44572 A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any a CVE project by @Sn0wAlice Create: 2023-02-10 05:52:51 +0000 UTC Push: 2023-02-10 05:52:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-44571 There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservi CVE project by @Sn0wAlice Create: 2023-02-10 05:52:48 +0000 UTC Push: 2023-02-10 05:52:50 +0000 UTC |

Live-Hack-CVE/CVE-2022-44570 A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as CVE project by @Sn0wAlice Create: 2023-02-10 05:52:44 +0000 UTC Push: 2023-02-10 05:52:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-44566 A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in CVE project by @Sn0wAlice Create: 2023-02-10 05:52:40 +0000 UTC Push: 2023-02-10 05:52:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-43552 A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it CVE project by @Sn0wAlice Create: 2023-02-10 05:52:37 +0000 UTC Push: 2023-02-10 05:52:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-43550 A command injection vulnerability exists in Jitsi before commit 8aa7be58522f4264078d54752aae5483bfd854b2 when launching browsers on Windows which could allow an attacker to insert an arbitrary URL which opens up the opportunity to remote execution. CVE project by @Sn0wAlice Create: 2023-02-10 05:52:33 +0000 UTC Push: 2023-02-10 05:52:35 +0000 UTC |

Live-Hack-CVE/CVE-2022-48290 The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity. CVE project by @Sn0wAlice Create: 2023-02-10 03:38:57 +0000 UTC Push: 2023-02-10 03:38:59 +0000 UTC |

Live-Hack-CVE/CVE-2022-48289 The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. CVE project by @Sn0wAlice Create: 2023-02-10 03:38:53 +0000 UTC Push: 2023-02-10 03:38:56 +0000 UTC |

Live-Hack-CVE/CVE-2022-48288 The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. CVE project by @Sn0wAlice Create: 2023-02-10 03:38:50 +0000 UTC Push: 2023-02-10 03:38:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-48287 The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity. CVE project by @Sn0wAlice Create: 2023-02-10 03:38:46 +0000 UTC Push: 2023-02-10 03:38:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-48286 The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. CVE project by @Sn0wAlice Create: 2023-02-10 03:38:43 +0000 UTC Push: 2023-02-10 03:38:45 +0000 UTC |

Live-Hack-CVE/CVE-2022-30564 Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time. CVE project by @Sn0wAlice Create: 2023-02-10 03:38:39 +0000 UTC Push: 2023-02-10 03:38:41 +0000 UTC |

Live-Hack-CVE/CVE-2023-24815 Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using `StaticHandler` on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (`*`) then an attacker can exfiltrate any class path r CVE project by @Sn0wAlice Create: 2023-02-10 03:38:33 +0000 UTC Push: 2023-02-10 03:38:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-23636 In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim. CVE project by @Sn0wAlice Create: 2023-02-10 03:38:29 +0000 UTC Push: 2023-02-10 03:38:31 +0000 UTC |