unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2022-4552
The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack CVE project by @Sn0wAlice
Create: 2023-02-07 14:48:14 +0000 UTC Push: 2023-02-07 14:48:16 +0000 UTC |
Live-Hack-CVE/CVE-2022-4553
The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating reseting moods which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydl_posts & lydl_poststimestamp DB tables CVE project by @Sn0wAlice
Create: 2023-02-07 14:48:11 +0000 UTC Push: 2023-02-07 14:48:13 +0000 UTC |
Live-Hack-CVE/CVE-2022-4837
The CPO Companion WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. CVE project by @Sn0wAlice
Create: 2023-02-07 14:48:07 +0000 UTC Push: 2023-02-07 14:48:09 +0000 UTC |
Live-Hack-CVE/CVE-2022-4872
The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no' CVE project by @Sn0wAlice
Create: 2023-02-07 14:48:04 +0000 UTC Push: 2023-02-07 14:48:06 +0000 UTC |
Live-Hack-CVE/CVE-2023-0074
The WP Social Widget WordPress plugin before 2.2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice
Create: 2023-02-07 14:48:00 +0000 UTC Push: 2023-02-07 14:48:02 +0000 UTC |
Live-Hack-CVE/CVE-2023-0033
The PDF Viewer WordPress plugin before 1.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. CVE project by @Sn0wAlice
Create: 2023-02-07 14:47:56 +0000 UTC Push: 2023-02-07 14:47:58 +0000 UTC |
Live-Hack-CVE/CVE-2023-0071
The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice
Create: 2023-02-07 14:47:52 +0000 UTC Push: 2023-02-07 14:47:55 +0000 UTC |
Live-Hack-CVE/CVE-2022-45854
An improper check for unusual conditions in Zyxel NWA110AX firmware verisons prior to 6.50(ABTG.0)C0, which could allow a LAN attacker to cause a temporary denial-of-service (DoS) by sending crafted VLAN frames if the MAC address of the vulnerable AP were intercepted by the attacker. CVE project by @Sn0wAlice
Create: 2023-02-07 14:47:49 +0000 UTC Push: 2023-02-07 14:47:51 +0000 UTC |
Live-Hack-CVE/CVE-2022-45441
A cross-site scripting (XSS) vulnerability in Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.13)C0, which could allow an attacker to store malicious scripts in the Logs page of the GUI on a vulnerable device. A successful XSS attack could force an authenticated user to execute the stored malicious scripts and CVE project by @Sn0wAlice
Create: 2023-02-07 14:47:45 +0000 UTC Push: 2023-02-07 14:47:48 +0000 UTC |
Live-Hack-CVE/CVE-2022-38547
A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authentic CVE project by @Sn0wAlice
Create: 2023-02-07 14:47:42 +0000 UTC Push: 2023-02-07 14:47:44 +0000 UTC |
Live-Hack-CVE/CVE-2022-42291
NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requir CVE project by @Sn0wAlice
Create: 2023-02-07 14:47:31 +0000 UTC Push: 2023-02-07 14:47:34 +0000 UTC |
Live-Hack-CVE/CVE-2022-31611
NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and c CVE project by @Sn0wAlice
Create: 2023-02-07 14:47:28 +0000 UTC Push: 2023-02-07 14:47:30 +0000 UTC |
Live-Hack-CVE/CVE-2023-23849
Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scripting vulnerability. Any web service hosted on the same sub domain can set a cookie for the whole subdomain which can be used to bypass other mitigations in place for malicious purposes. CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/ CVE project by @Sn0wAlice
Create: 2023-02-07 10:17:07 +0000 UTC Push: 2023-02-07 10:17:09 +0000 UTC |
Live-Hack-CVE/CVE-2023-0615
A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as VIDIOC_S_DV_TIMINGS ioctl. This could allow a local user to crash the system if vivid test code enabled. CVE project by @Sn0wAlice
Create: 2023-02-07 10:17:04 +0000 UTC Push: 2023-02-07 10:17:06 +0000 UTC |
Live-Hack-CVE/CVE-2022-46496
BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate. CVE project by @Sn0wAlice
Create: 2023-02-07 10:17:00 +0000 UTC Push: 2023-02-07 10:17:03 +0000 UTC |
Live-Hack-CVE/CVE-2022-44617
A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. CVE project by @Sn0wAlice
Create: 2023-02-07 10:16:57 +0000 UTC Push: 2023-02-07 10:16:59 +0000 UTC |
Live-Hack-CVE/CVE-2022-3229
Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choos CVE project by @Sn0wAlice
Create: 2023-02-07 10:16:53 +0000 UTC Push: 2023-02-07 10:16:55 +0000 UTC |
Live-Hack-CVE/CVE-2022-28923
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs. CVE project by @Sn0wAlice
Create: 2023-02-07 10:16:50 +0000 UTC Push: 2023-02-07 10:16:52 +0000 UTC |
Zh0um1/CVE-2022-22947
CVE-2022-22947注入哥斯拉内存马
Create: 2023-02-07 09:59:01 +0000 UTC Push: 2023-02-07 09:59:02 +0000 UTC |
Live-Hack-CVE/CVE-2022-4828
The Bold Timeline Lite WordPress plugin before 1.1.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as ad CVE project by @Sn0wAlice
Create: 2023-02-07 08:07:05 +0000 UTC Push: 2023-02-07 08:07:07 +0000 UTC |
Previous
403
404
405
406
407
408
409
410
Next