unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2023-22797
An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefu CVE project by @Sn0wAlice
Create: 2023-02-10 05:53:10 +0000 UTC Push: 2023-02-10 05:53:13 +0000 UTC |
Live-Hack-CVE/CVE-2023-22796
A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible CVE project by @Sn0wAlice
Create: 2023-02-10 05:53:06 +0000 UTC Push: 2023-02-10 05:53:09 +0000 UTC |
Live-Hack-CVE/CVE-2023-22795
A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the proces CVE project by @Sn0wAlice
Create: 2023-02-10 05:53:03 +0000 UTC Push: 2023-02-10 05:53:05 +0000 UTC |
Live-Hack-CVE/CVE-2023-22794
A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database wi CVE project by @Sn0wAlice
Create: 2023-02-10 05:52:59 +0000 UTC Push: 2023-02-10 05:53:01 +0000 UTC |
Live-Hack-CVE/CVE-2023-22792
A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amou CVE project by @Sn0wAlice
Create: 2023-02-10 05:52:55 +0000 UTC Push: 2023-02-10 05:52:57 +0000 UTC |
Live-Hack-CVE/CVE-2022-44572
A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any a CVE project by @Sn0wAlice
Create: 2023-02-10 05:52:51 +0000 UTC Push: 2023-02-10 05:52:54 +0000 UTC |
Live-Hack-CVE/CVE-2022-44571
There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservi CVE project by @Sn0wAlice
Create: 2023-02-10 05:52:48 +0000 UTC Push: 2023-02-10 05:52:50 +0000 UTC |
Live-Hack-CVE/CVE-2022-44570
A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as CVE project by @Sn0wAlice
Create: 2023-02-10 05:52:44 +0000 UTC Push: 2023-02-10 05:52:46 +0000 UTC |
Live-Hack-CVE/CVE-2022-44566
A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in CVE project by @Sn0wAlice
Create: 2023-02-10 05:52:40 +0000 UTC Push: 2023-02-10 05:52:43 +0000 UTC |
Live-Hack-CVE/CVE-2022-43552
A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it CVE project by @Sn0wAlice
Create: 2023-02-10 05:52:37 +0000 UTC Push: 2023-02-10 05:52:39 +0000 UTC |
Live-Hack-CVE/CVE-2022-43550
A command injection vulnerability exists in Jitsi before commit 8aa7be58522f4264078d54752aae5483bfd854b2 when launching browsers on Windows which could allow an attacker to insert an arbitrary URL which opens up the opportunity to remote execution. CVE project by @Sn0wAlice
Create: 2023-02-10 05:52:33 +0000 UTC Push: 2023-02-10 05:52:35 +0000 UTC |
Live-Hack-CVE/CVE-2022-48290
The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity. CVE project by @Sn0wAlice
Create: 2023-02-10 03:38:57 +0000 UTC Push: 2023-02-10 03:38:59 +0000 UTC |
Live-Hack-CVE/CVE-2022-48289
The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. CVE project by @Sn0wAlice
Create: 2023-02-10 03:38:53 +0000 UTC Push: 2023-02-10 03:38:56 +0000 UTC |
Live-Hack-CVE/CVE-2022-48288
The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. CVE project by @Sn0wAlice
Create: 2023-02-10 03:38:50 +0000 UTC Push: 2023-02-10 03:38:52 +0000 UTC |
Live-Hack-CVE/CVE-2022-48287
The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity. CVE project by @Sn0wAlice
Create: 2023-02-10 03:38:46 +0000 UTC Push: 2023-02-10 03:38:49 +0000 UTC |
Live-Hack-CVE/CVE-2022-48286
The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. CVE project by @Sn0wAlice
Create: 2023-02-10 03:38:43 +0000 UTC Push: 2023-02-10 03:38:45 +0000 UTC |
Live-Hack-CVE/CVE-2022-30564
Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time. CVE project by @Sn0wAlice
Create: 2023-02-10 03:38:39 +0000 UTC Push: 2023-02-10 03:38:41 +0000 UTC |
Live-Hack-CVE/CVE-2023-24815
Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using `StaticHandler` on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (`*`) then an attacker can exfiltrate any class path r CVE project by @Sn0wAlice
Create: 2023-02-10 03:38:33 +0000 UTC Push: 2023-02-10 03:38:35 +0000 UTC |
Live-Hack-CVE/CVE-2023-23636
In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim. CVE project by @Sn0wAlice
Create: 2023-02-10 03:38:29 +0000 UTC Push: 2023-02-10 03:38:31 +0000 UTC |
Live-Hack-CVE/CVE-2022-45491
Buffer overflow vulnerability in function json_parse_value in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. CVE project by @Sn0wAlice
Create: 2023-02-10 03:38:24 +0000 UTC Push: 2023-02-10 03:38:27 +0000 UTC |
Previous
391
392
393
394
395
396
397
398
Next