Live-Hack-CVE/CVE-2022-37034 In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in Tomcat request-thread exhaustion and ultimately a denial of any other requests. CVE project by @Sn0wAlice Create: 2023-02-02 09:50:09 +0000 UTC Push: 2023-02-02 09:50:11 +0000 UTC |

Live-Hack-CVE/CVE-2023-25012 The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. CVE project by @Sn0wAlice Create: 2023-02-02 09:50:01 +0000 UTC Push: 2023-02-02 09:50:04 +0000 UTC |

imbas007/Atlassian-Bitbucket-CVE-2022-36804 Create: 2023-02-02 09:37:37 +0000 UTC Push: 2023-02-02 09:37:37 +0000 UTC |

Live-Hack-CVE/CVE-2022-3083 All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without Validation and Integrity. The device's web application navigation depends on the value of the session cookie. The web application could become inaccessible for the user if an attacker changes the cookie values. CVE project by @Sn0wAlice Create: 2023-02-02 07:40:04 +0000 UTC Push: 2023-02-02 07:40:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-31364 Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is lower_transport_layer_on_seg. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerabilit CVE project by @Sn0wAlice Create: 2023-02-02 07:40:01 +0000 UTC Push: 2023-02-02 07:40:03 +0000 UTC |

Live-Hack-CVE/CVE-2022-31363 Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is pb_transport_handle_frag_. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability t CVE project by @Sn0wAlice Create: 2023-02-02 07:39:57 +0000 UTC Push: 2023-02-02 07:39:59 +0000 UTC |

Live-Hack-CVE/CVE-2022-30904 In Bestechnic Bluetooth Mesh SDK (BES2300) V1.0, a buffer overflow vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU. CVE project by @Sn0wAlice Create: 2023-02-02 07:39:54 +0000 UTC Push: 2023-02-02 07:39:56 +0000 UTC |

Live-Hack-CVE/CVE-2020-22660 In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) CVE project by @Sn0wAlice Create: 2023-02-02 07:39:51 +0000 UTC Push: 2023-02-02 07:39:53 +0000 UTC |

Live-Hack-CVE/CVE-2020-22661 In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) CVE project by @Sn0wAlice Create: 2023-02-02 07:39:47 +0000 UTC Push: 2023-02-02 07:39:49 +0000 UTC |

Live-Hack-CVE/CVE-2020-22662 In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) CVE project by @Sn0wAlice Create: 2023-02-02 07:39:44 +0000 UTC Push: 2023-02-02 07:39:46 +0000 UTC |

Live-Hack-CVE/CVE-2023-23751 An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs. CVE project by @Sn0wAlice Create: 2023-02-02 07:39:40 +0000 UTC Push: 2023-02-02 07:39:42 +0000 UTC |

Live-Hack-CVE/CVE-2023-23750 An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages. CVE project by @Sn0wAlice Create: 2023-02-02 07:39:37 +0000 UTC Push: 2023-02-02 07:39:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-47872 maccms10 2021.1000.2000 is vulnerable to Server-side request forgery (SSRF). CVE project by @Sn0wAlice Create: 2023-02-02 07:39:34 +0000 UTC Push: 2023-02-02 07:39:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-45783 An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution. CVE project by @Sn0wAlice Create: 2023-02-02 07:39:30 +0000 UTC Push: 2023-02-02 07:39:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-45782 An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover. CVE project by @Sn0wAlice Create: 2023-02-02 07:39:26 +0000 UTC Push: 2023-02-02 07:39:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-3913 Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the legitimate endpoint. The attac CVE project by @Sn0wAlice Create: 2023-02-02 07:39:23 +0000 UTC Push: 2023-02-02 07:39:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-37033 In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Because there is no re-validation of the r CVE project by @Sn0wAlice Create: 2023-02-02 07:39:20 +0000 UTC Push: 2023-02-02 07:39:22 +0000 UTC |

Live-Hack-CVE/CVE-2023-0619 The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image optimizations. CVE project by @Sn0wAlice Create: 2023-02-02 05:29:05 +0000 UTC Push: 2023-02-02 05:29:07 +0000 UTC |

Live-Hack-CVE/CVE-2022-46934 kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java. CVE project by @Sn0wAlice Create: 2023-02-02 05:29:01 +0000 UTC Push: 2023-02-02 05:29:03 +0000 UTC |

Live-Hack-CVE/CVE-2023-23969 In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. CVE project by @Sn0wAlice Create: 2023-02-02 05:28:57 +0000 UTC Push: 2023-02-02 05:29:00 +0000 UTC |