Live-Hack-CVE/CVE-2022-46639 A vulnerability in the descarga_etiqueta.php component of Correos Prestashop 1.7.x allows attackers to execute a directory traversal. CVE project by @Sn0wAlice Create: 2023-01-24 07:57:50 +0000 UTC Push: 2023-01-24 07:57:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-40034 Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter. CVE project by @Sn0wAlice Create: 2023-01-24 07:57:46 +0000 UTC Push: 2023-01-24 07:57:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-23005 Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist in some systems where the Host boot ROM code implements the UFS Boot feature to boot from UFS compliant storage devices. The UFS Boot feature, as specified in the UFS standard, is pr CVE project by @Sn0wAlice Create: 2023-01-24 07:57:42 +0000 UTC Push: 2023-01-24 07:57:45 +0000 UTC |

Live-Hack-CVE/CVE-2018-20104 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-24 07:57:38 +0000 UTC Push: 2023-01-24 07:57:41 +0000 UTC |

Live-Hack-CVE/CVE-2023-22852 Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php. CVE project by @Sn0wAlice Create: 2023-01-24 05:45:21 +0000 UTC Push: 2023-01-24 05:45:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-22853 Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval. CVE project by @Sn0wAlice Create: 2023-01-24 05:45:17 +0000 UTC Push: 2023-01-24 05:45:20 +0000 UTC |

Live-Hack-CVE/CVE-2021-46872 An issue was discovered in Nim before 1.6.2. The RST module of the Nim language stdlib, as used in NimForum and other products, permits the javascript: URI scheme and thus can lead to XSS in some applications. (Nim versions 1.6.2 and later are fixed; there may be backports of the fix to some earlier versions. NimForum CVE project by @Sn0wAlice Create: 2023-01-24 05:45:03 +0000 UTC Push: 2023-01-24 05:45:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-0105 A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them. CVE project by @Sn0wAlice Create: 2023-01-24 03:33:49 +0000 UTC Push: 2023-01-24 03:33:51 +0000 UTC |

Live-Hack-CVE/CVE-2023-0287 A vulnerability was found in ityouknow favorites-web. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used CVE project by @Sn0wAlice Create: 2023-01-24 03:33:44 +0000 UTC Push: 2023-01-24 03:33:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-42704 A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget. CVE project by @Sn0wAlice Create: 2023-01-24 03:33:38 +0000 UTC Push: 2023-01-24 03:33:40 +0000 UTC |

Live-Hack-CVE/CVE-2018-18439 DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image. CVE project by @Sn0wAlice Create: 2023-01-24 03:33:33 +0000 UTC Push: 2023-01-24 03:33:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-22493 RSSHub is an open source RSS feed generator. RSSHub is vulnerable to Server-Side Request Forgery (SSRF) attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network. An attacker can exploit this vulnerability by sending a request to the affe CVE project by @Sn0wAlice Create: 2023-01-24 03:33:26 +0000 UTC Push: 2023-01-24 03:33:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-42288 NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure. CVE project by @Sn0wAlice Create: 2023-01-24 03:33:11 +0000 UTC Push: 2023-01-24 03:33:14 +0000 UTC |

GiovanniCrudo00/Docker-Vulnerabilities-CVE-2019-5736- Docker container vulnerabilities exploiting CVE-2019-5736 Create: 2023-01-24 03:04:56 +0000 UTC Push: 2023-01-24 03:04:56 +0000 UTC |

GiovanniCrudo00/Docker-Vulnerabilities-CVE-2019-5736 Docker container vulnerabilities exploiting CVE-2019-5736 Create: 2023-01-24 03:04:56 +0000 UTC Push: 2023-01-31 16:23:00 +0000 UTC |

Live-Hack-CVE/CVE-2023-22947 ** DISPUTED ** Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt (rather than C:\P CVE project by @Sn0wAlice Create: 2023-01-24 01:23:23 +0000 UTC Push: 2023-01-24 01:23:25 +0000 UTC |

Live-Hack-CVE/CVE-2023-21592 Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim mus CVE project by @Sn0wAlice Create: 2023-01-24 01:23:19 +0000 UTC Push: 2023-01-24 01:23:21 +0000 UTC |

Live-Hack-CVE/CVE-2023-21591 Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim mus CVE project by @Sn0wAlice Create: 2023-01-24 01:23:15 +0000 UTC Push: 2023-01-24 01:23:17 +0000 UTC |

Live-Hack-CVE/CVE-2023-21590 Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. CVE project by @Sn0wAlice Create: 2023-01-24 01:23:11 +0000 UTC Push: 2023-01-24 01:23:13 +0000 UTC |

Live-Hack-CVE/CVE-2018-1000820 neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 45bc09c. CVE project by @Sn0wAlice Create: 2023-01-24 01:23:07 +0000 UTC Push: 2023-01-24 01:23:09 +0000 UTC |