unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2020-36626
A vulnerability classified as critical has been found in Modern Tribe Panel Builder Plugin. Affected is the function add_post_content_filtered_to_search_sql of the file ModularContent/SearchFilter.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed CVE project by @Sn0wAlice
Create: 2023-01-14 00:07:44 +0000 UTC Push: 2023-01-14 00:07:48 +0000 UTC |
Live-Hack-CVE/CVE-2022-47083
Spitfire CMS 1.0.475 is vulnerable to PHP Object Injection. CVE project by @Sn0wAlice
Create: 2023-01-14 00:07:40 +0000 UTC Push: 2023-01-14 00:07:43 +0000 UTC |
WellingtonEspindula/SSI-CVE-2022-21661
Information System's Security 2nd Assignment
Create: 2023-01-13 21:31:34 +0000 UTC Push: 2023-01-20 22:05:21 +0000 UTC |
offalltn/CVE-2022-45299
CVE 2022-45299
Create: 2023-01-13 19:47:02 +0000 UTC Push: 2023-01-13 19:58:59 +0000 UTC |
Live-Hack-CVE/CVE-2022-4710
The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wpr_ajax_search_link_target' parameter in the 'data_fetch' function. This makes it possible for unauthentica CVE project by @Sn0wAlice
Create: 2023-01-13 19:41:46 +0000 UTC Push: 2023-01-13 19:41:48 +0000 UTC |
Live-Hack-CVE/CVE-2022-4709
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import and activate templates from the plugin' CVE project by @Sn0wAlice
Create: 2023-01-13 19:41:42 +0000 UTC Push: 2023-01-13 19:41:44 +0000 UTC |
Live-Hack-CVE/CVE-2022-4708
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_template_conditions' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to modify the conditions under which templates a CVE project by @Sn0wAlice
Create: 2023-01-13 19:41:37 +0000 UTC Push: 2023-01-13 19:41:40 +0000 UTC |
Live-Hack-CVE/CVE-2022-4707
The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.59. This is due to missing nonce validation in the 'wpr_create_mega_menu_template' AJAX function. This allows unauthenticated attackers to create Mega Menu templates, granted they can trick CVE project by @Sn0wAlice
Create: 2023-01-13 19:41:33 +0000 UTC Push: 2023-01-13 19:41:36 +0000 UTC |
Live-Hack-CVE/CVE-2022-4704
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import preset site configuration templates includ CVE project by @Sn0wAlice
Create: 2023-01-13 19:41:28 +0000 UTC Push: 2023-01-13 19:41:31 +0000 UTC |
Live-Hack-CVE/CVE-2022-4705
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to finalize activation of preset site configuration CVE project by @Sn0wAlice
Create: 2023-01-13 19:41:24 +0000 UTC Push: 2023-01-13 19:41:27 +0000 UTC |
Live-Hack-CVE/CVE-2022-3693
The File Management System developed by FileOrbis before version 10.6.3 has an unauthenticated local file inclusion and path traversal vulnerability. This has been fixed in the version 10.6.3 CVE project by @Sn0wAlice
Create: 2023-01-13 19:41:20 +0000 UTC Push: 2023-01-13 19:41:22 +0000 UTC |
Live-Hack-CVE/CVE-2023-0283
A vulnerability classified as critical has been found in SourceCodester Online Flight Booking Management System. This affects an unknown part of the file review_search.php of the component POST Parameter Handler. The manipulation of the argument txtsearch leads to sql injection. It is possible to initiate the attack re CVE project by @Sn0wAlice
Create: 2023-01-13 19:40:59 +0000 UTC Push: 2023-01-13 19:41:02 +0000 UTC |
Live-Hack-CVE/CVE-2023-0281
A vulnerability was found in SourceCodester Online Flight Booking Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file judge_panel.php. The manipulation of the argument subevent_id leads to sql injection. The attack may be launched remotely. The exploit has CVE project by @Sn0wAlice
Create: 2023-01-13 19:40:55 +0000 UTC Push: 2023-01-13 19:40:58 +0000 UTC |
hfh86/CVE-2022-3317
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 106.0.5249.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
Create: 2023-01-13 16:06:54 +0000 UTC Push: 2023-01-13 16:06:54 +0000 UTC |
Live-Hack-CVE/CVE-2022-46502
Online Student Enrollment System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /student_enrollment/admin/login.php. CVE project by @Sn0wAlice
Create: 2023-01-13 14:14:59 +0000 UTC Push: 2023-01-13 14:15:02 +0000 UTC |
Live-Hack-CVE/CVE-2022-42285
DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering. CVE project by @Sn0wAlice
Create: 2023-01-13 14:14:55 +0000 UTC Push: 2023-01-13 14:14:58 +0000 UTC |
Live-Hack-CVE/CVE-2022-42284
NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This may lead to a credentials exposure. CVE project by @Sn0wAlice
Create: 2023-01-13 14:14:51 +0000 UTC Push: 2023-01-13 14:14:54 +0000 UTC |
Live-Hack-CVE/CVE-2022-42283
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution. CVE project by @Sn0wAlice
Create: 2023-01-13 14:14:48 +0000 UTC Push: 2023-01-13 14:14:50 +0000 UTC |
Live-Hack-CVE/CVE-2022-42282
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitrary files, which may lead to information disclosure. CVE project by @Sn0wAlice
Create: 2023-01-13 14:14:44 +0000 UTC Push: 2023-01-13 14:14:47 +0000 UTC |
Live-Hack-CVE/CVE-2022-42281
NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure. CVE project by @Sn0wAlice
Create: 2023-01-13 14:14:40 +0000 UTC Push: 2023-01-13 14:14:42 +0000 UTC |
Previous
510
511
512
513
514
515
516
517
Next