Live-Hack-CVE/CVE-2018-3945 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malic CVE project by @Sn0wAlice Create: 2023-02-03 07:55:38 +0000 UTC Push: 2023-02-03 07:55:41 +0000 UTC |

Live-Hack-CVE/CVE-2018-3943 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious CVE project by @Sn0wAlice Create: 2023-02-03 07:55:35 +0000 UTC Push: 2023-02-03 07:55:37 +0000 UTC |

Live-Hack-CVE/CVE-2018-3944 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious CVE project by @Sn0wAlice Create: 2023-02-03 07:55:32 +0000 UTC Push: 2023-02-03 07:55:34 +0000 UTC |

Live-Hack-CVE/CVE-2018-3942 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious CVE project by @Sn0wAlice Create: 2023-02-03 07:55:28 +0000 UTC Push: 2023-02-03 07:55:30 +0000 UTC |

Live-Hack-CVE/CVE-2018-3941 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malic CVE project by @Sn0wAlice Create: 2023-02-03 07:55:25 +0000 UTC Push: 2023-02-03 07:55:27 +0000 UTC |

Live-Hack-CVE/CVE-2018-3939 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious CVE project by @Sn0wAlice Create: 2023-02-03 07:55:21 +0000 UTC Push: 2023-02-03 07:55:23 +0000 UTC |

Live-Hack-CVE/CVE-2018-3940 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused. An attacker needs to trick the user to open the malicious file to trigger. CVE project by @Sn0wAlice Create: 2023-02-03 07:55:18 +0000 UTC Push: 2023-02-03 07:55:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-48114 RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable. CVE project by @Sn0wAlice Create: 2023-02-03 07:55:13 +0000 UTC Push: 2023-02-03 07:55:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-48113 A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials. CVE project by @Sn0wAlice Create: 2023-02-03 07:55:10 +0000 UTC Push: 2023-02-03 07:55:12 +0000 UTC |

Live-Hack-CVE/CVE-2020-15654 When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects CVE project by @Sn0wAlice Create: 2023-02-03 07:55:06 +0000 UTC Push: 2023-02-03 07:55:09 +0000 UTC |

Live-Hack-CVE/CVE-2020-15653 An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. CVE project by @Sn0wAlice Create: 2023-02-03 07:55:03 +0000 UTC Push: 2023-02-03 07:55:05 +0000 UTC |

Live-Hack-CVE/CVE-2020-15656 JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. CVE project by @Sn0wAlice Create: 2023-02-03 07:54:59 +0000 UTC Push: 2023-02-03 07:55:01 +0000 UTC |

Live-Hack-CVE/CVE-2019-5446 Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root. CVE project by @Sn0wAlice Create: 2023-02-03 07:54:55 +0000 UTC Push: 2023-02-03 07:54:57 +0000 UTC |

Live-Hack-CVE/CVE-2019-5445 DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash the SSH CLI interface by using crafted commands. CVE project by @Sn0wAlice Create: 2023-02-03 07:54:51 +0000 UTC Push: 2023-02-03 07:54:54 +0000 UTC |

Live-Hack-CVE/CVE-2020-29396 A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation. CVE project by @Sn0wAlice Create: 2023-02-03 07:54:48 +0000 UTC Push: 2023-02-03 07:54:50 +0000 UTC |

Live-Hack-CVE/CVE-2020-28052 An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. CVE project by @Sn0wAlice Create: 2023-02-03 07:54:44 +0000 UTC Push: 2023-02-03 07:54:46 +0000 UTC |

Live-Hack-CVE/CVE-2020-25221 get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use p CVE project by @Sn0wAlice Create: 2023-02-03 07:54:40 +0000 UTC Push: 2023-02-03 07:54:42 +0000 UTC |

Live-Hack-CVE/CVE-2020-15658 The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird CVE project by @Sn0wAlice Create: 2023-02-03 07:54:37 +0000 UTC Push: 2023-02-03 07:54:39 +0000 UTC |

Live-Hack-CVE/CVE-2020-27786 A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for CVE project by @Sn0wAlice Create: 2023-02-03 07:54:33 +0000 UTC Push: 2023-02-03 07:54:36 +0000 UTC |

Live-Hack-CVE/CVE-2015-5180 CVE-2015-5180 glibc: DNS resolver NULL pointer dereference with crafted record type CVE project by @Sn0wAlice Create: 2023-02-03 05:41:05 +0000 UTC Push: 2023-02-03 05:41:07 +0000 UTC |