Live-Hack-CVE/CVE-2016-6930 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE project by @Sn0wAlice Create: 2023-02-01 03:57:46 +0000 UTC Push: 2023-02-01 03:57:48 +0000 UTC |

Live-Hack-CVE/CVE-2016-6921 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6923, CVE-2016-6925, CVE project by @Sn0wAlice Create: 2023-02-01 03:57:42 +0000 UTC Push: 2023-02-01 03:57:44 +0000 UTC |

Live-Hack-CVE/CVE-2016-6932 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE project by @Sn0wAlice Create: 2023-02-01 03:57:38 +0000 UTC Push: 2023-02-01 03:57:41 +0000 UTC |

Live-Hack-CVE/CVE-2022-4017 The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for WooCommerce WordPress plugin before 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing attackers to make logged in users perform unwanted CVE project by @Sn0wAlice Create: 2023-02-01 03:57:32 +0000 UTC Push: 2023-02-01 03:57:34 +0000 UTC |

Live-Hack-CVE/CVE-2022-4303 The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based restrictions on login forms. CVE project by @Sn0wAlice Create: 2023-02-01 03:57:28 +0000 UTC Push: 2023-02-01 03:57:30 +0000 UTC |

tin-z/solidity_CVE-2021-42574-POC Simple POC of the CVE-2021-42574 with solidity and solc compiler Create: 2023-02-01 02:15:00 +0000 UTC Push: 2023-02-01 02:15:00 +0000 UTC |

Live-Hack-CVE/CVE-2021-43445 ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service of the ONLYOFFICE document editor which is protected by JWT auth by using a default JWT signing key. CVE project by @Sn0wAlice Create: 2023-02-01 01:47:33 +0000 UTC Push: 2023-02-01 01:47:35 +0000 UTC |

Live-Hack-CVE/CVE-2021-43444 ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. Signed document download URLs can be forged due to a weak default URL signing key. CVE project by @Sn0wAlice Create: 2023-02-01 01:47:29 +0000 UTC Push: 2023-02-01 01:47:31 +0000 UTC |

Live-Hack-CVE/CVE-2021-36539 Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url). CVE project by @Sn0wAlice Create: 2023-02-01 01:47:26 +0000 UTC Push: 2023-02-01 01:47:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-4672 The WordPress Simple Shopping Cart WordPress plugin before 4.6.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege user CVE project by @Sn0wAlice Create: 2023-02-01 01:47:22 +0000 UTC Push: 2023-02-01 01:47:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-4718 The Landing Page Builder WordPress plugin before 1.4.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such a CVE project by @Sn0wAlice Create: 2023-02-01 01:47:18 +0000 UTC Push: 2023-02-01 01:47:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-4716 The WP Popups WordPress plugin before 2.1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. CVE project by @Sn0wAlice Create: 2023-02-01 01:47:14 +0000 UTC Push: 2023-02-01 01:47:17 +0000 UTC |

Live-Hack-CVE/CVE-2022-4746 The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass the IP-based blocks set by the plugin. CVE project by @Sn0wAlice Create: 2023-02-01 01:47:11 +0000 UTC Push: 2023-02-01 01:47:13 +0000 UTC |

Live-Hack-CVE/CVE-2022-46835 IdentitylQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentitylQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentitylQ 8.1 and all 8.1 patch levels prior to 8.1p7, Identity|Q 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vuln CVE project by @Sn0wAlice Create: 2023-02-01 01:47:07 +0000 UTC Push: 2023-02-01 01:47:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-45435 IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6, and all prior versions allow authenticated users assigned the Identity Administrator capability CVE project by @Sn0wAlice Create: 2023-02-01 01:47:04 +0000 UTC Push: 2023-02-01 01:47:06 +0000 UTC |

Live-Hack-CVE/CVE-2021-43446 ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting (XSS). The "macros" feature of the document editor allows malicious cross site scripting payloads to be used. CVE project by @Sn0wAlice Create: 2023-02-01 01:47:00 +0000 UTC Push: 2023-02-01 01:47:02 +0000 UTC |

Live-Hack-CVE/CVE-2023-24163 SQL Inection vulnerability in Dromara hutool v5.8.11 allows attacker to execute arbitrary code via the aviator template engine. CVE project by @Sn0wAlice Create: 2023-02-01 01:46:53 +0000 UTC Push: 2023-02-01 01:46:55 +0000 UTC |

Live-Hack-CVE/CVE-2023-24162 Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter. CVE project by @Sn0wAlice Create: 2023-02-01 01:46:49 +0000 UTC Push: 2023-02-01 01:46:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-47780 SQL Injection vulnerability in Bangresto 1.0 via the itemID parameter. CVE project by @Sn0wAlice Create: 2023-02-01 01:46:45 +0000 UTC Push: 2023-02-01 01:46:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-47035 Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint. CVE project by @Sn0wAlice Create: 2023-02-01 01:46:42 +0000 UTC Push: 2023-02-01 01:46:44 +0000 UTC |