Live-Hack-CVE/CVE-2022-46496 BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate. CVE project by @Sn0wAlice Create: 2023-02-07 10:17:00 +0000 UTC Push: 2023-02-07 10:17:03 +0000 UTC |

Live-Hack-CVE/CVE-2022-44617 A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. CVE project by @Sn0wAlice Create: 2023-02-07 10:16:57 +0000 UTC Push: 2023-02-07 10:16:59 +0000 UTC |

Live-Hack-CVE/CVE-2022-3229 Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choos CVE project by @Sn0wAlice Create: 2023-02-07 10:16:53 +0000 UTC Push: 2023-02-07 10:16:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-28923 Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs. CVE project by @Sn0wAlice Create: 2023-02-07 10:16:50 +0000 UTC Push: 2023-02-07 10:16:52 +0000 UTC |

Zh0um1/CVE-2022-22947 CVE-2022-22947注入哥斯拉内存马 Create: 2023-02-07 09:59:01 +0000 UTC Push: 2023-02-07 09:59:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-4828 The Bold Timeline Lite WordPress plugin before 1.1.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as ad CVE project by @Sn0wAlice Create: 2023-02-07 08:07:05 +0000 UTC Push: 2023-02-07 08:07:07 +0000 UTC |

Live-Hack-CVE/CVE-2022-4834 The CPT Bootstrap Carousel WordPress plugin through 1.12 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such a CVE project by @Sn0wAlice Create: 2023-02-07 08:07:01 +0000 UTC Push: 2023-02-07 08:07:03 +0000 UTC |

Live-Hack-CVE/CVE-2022-4835 The Social Sharing Toolkit WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as CVE project by @Sn0wAlice Create: 2023-02-07 08:06:56 +0000 UTC Push: 2023-02-07 08:06:59 +0000 UTC |

Live-Hack-CVE/CVE-2023-23333 There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php. CVE project by @Sn0wAlice Create: 2023-02-07 08:06:53 +0000 UTC Push: 2023-02-07 08:06:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-48166 An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. CVE project by @Sn0wAlice Create: 2023-02-07 08:06:49 +0000 UTC Push: 2023-02-07 08:06:52 +0000 UTC |

Live-Hack-CVE/CVE-2021-31578 In Boa, there is a possible escalation of privilege due to a stack buffer overflow. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241. CVE project by @Sn0wAlice Create: 2023-02-07 08:06:46 +0000 UTC Push: 2023-02-07 08:06:48 +0000 UTC |

Live-Hack-CVE/CVE-2021-31577 In Boa, there is a possible escalation of privilege due to a missing permission check. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241. CVE project by @Sn0wAlice Create: 2023-02-07 08:06:42 +0000 UTC Push: 2023-02-07 08:06:45 +0000 UTC |

Live-Hack-CVE/CVE-2021-31576 In Boa, there is a possible information disclosure due to a missing permission check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241. CVE project by @Sn0wAlice Create: 2023-02-07 08:06:39 +0000 UTC Push: 2023-02-07 08:06:41 +0000 UTC |

Live-Hack-CVE/CVE-2021-31575 In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234. CVE project by @Sn0wAlice Create: 2023-02-07 08:06:35 +0000 UTC Push: 2023-02-07 08:06:38 +0000 UTC |

Live-Hack-CVE/CVE-2021-31574 In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234. CVE project by @Sn0wAlice Create: 2023-02-07 08:06:32 +0000 UTC Push: 2023-02-07 08:06:34 +0000 UTC |

Live-Hack-CVE/CVE-2021-31573 In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234. CVE project by @Sn0wAlice Create: 2023-02-07 08:06:28 +0000 UTC Push: 2023-02-07 08:06:30 +0000 UTC |

Live-Hack-CVE/CVE-2022-4649 The WP Extended Search WordPress plugin before 2.1.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. CVE project by @Sn0wAlice Create: 2023-02-07 08:06:25 +0000 UTC Push: 2023-02-07 08:06:27 +0000 UTC |

Live-Hack-CVE/CVE-2022-4654 The Pricing Tables WordPress Plugin WordPress plugin before 3.2.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. CVE project by @Sn0wAlice Create: 2023-02-07 08:06:20 +0000 UTC Push: 2023-02-07 08:06:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-4749 The Posts List Designer by Category WordPress plugin before 3.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users CVE project by @Sn0wAlice Create: 2023-02-07 08:06:11 +0000 UTC Push: 2023-02-07 08:06:13 +0000 UTC |

Live-Hack-CVE/CVE-2022-4765 The Portfolio for Elementor WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such CVE project by @Sn0wAlice Create: 2023-02-07 08:06:08 +0000 UTC Push: 2023-02-07 08:06:10 +0000 UTC |