Live-Hack-CVE/CVE-2022-45598 Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization. CVE project by @Sn0wAlice Create: 2023-02-01 01:46:38 +0000 UTC Push: 2023-02-01 01:46:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-28331 On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow. CVE project by @Sn0wAlice Create: 2023-02-01 01:46:34 +0000 UTC Push: 2023-02-01 01:46:37 +0000 UTC |

Live-Hack-CVE/CVE-2022-24963 Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0. CVE project by @Sn0wAlice Create: 2023-02-01 01:46:30 +0000 UTC Push: 2023-02-01 01:46:33 +0000 UTC |

Live-Hack-CVE/CVE-2020-20402 Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation. CVE project by @Sn0wAlice Create: 2023-02-01 01:46:27 +0000 UTC Push: 2023-02-01 01:46:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-25147 Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions. CVE project by @Sn0wAlice Create: 2023-02-01 01:46:23 +0000 UTC Push: 2023-02-01 01:46:25 +0000 UTC |

Live-Hack-CVE/CVE-2021-43447 ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An authentication bypass in the document editor allows attackers to edit documents without authentication. CVE project by @Sn0wAlice Create: 2023-02-01 01:46:19 +0000 UTC Push: 2023-02-01 01:46:21 +0000 UTC |

Live-Hack-CVE/CVE-2022-3425 The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. CVE project by @Sn0wAlice Create: 2023-02-01 01:46:15 +0000 UTC Push: 2023-02-01 01:46:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-4715 The Structured Content WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as ad CVE project by @Sn0wAlice Create: 2023-02-01 01:46:12 +0000 UTC Push: 2023-02-01 01:46:14 +0000 UTC |

Live-Hack-CVE/CVE-2022-4570 The Top 10 WordPress plugin before 3.2.3 does not validate and escape some of its Block attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. CVE project by @Sn0wAlice Create: 2023-01-31 23:33:42 +0000 UTC Push: 2023-01-31 23:33:45 +0000 UTC |

Live-Hack-CVE/CVE-2019-11730 A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a s CVE project by @Sn0wAlice Create: 2023-01-31 23:33:39 +0000 UTC Push: 2023-01-31 23:33:41 +0000 UTC |

Live-Hack-CVE/CVE-2019-11728 The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects Firefox < 68. CVE project by @Sn0wAlice Create: 2023-01-31 23:33:34 +0000 UTC Push: 2023-01-31 23:33:37 +0000 UTC |

Live-Hack-CVE/CVE-2019-11718 Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper Service were compromised. CVE project by @Sn0wAlice Create: 2023-01-31 23:33:31 +0000 UTC Push: 2023-01-31 23:33:33 +0000 UTC |

Live-Hack-CVE/CVE-2019-11724 Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks. This vulnerability affects Firefox < 68. CVE project by @Sn0wAlice Create: 2023-01-31 23:33:27 +0000 UTC Push: 2023-01-31 23:33:29 +0000 UTC |

Live-Hack-CVE/CVE-2019-11723 A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. This could leak cookies in private browsing mode or across different "containers" for people who use the Firefox Multi-Account Containers Web Extension. This vulnerability affects Fir CVE project by @Sn0wAlice Create: 2023-01-31 23:33:23 +0000 UTC Push: 2023-01-31 23:33:25 +0000 UTC |

Live-Hack-CVE/CVE-2019-11725 When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing protections. This vulnerability affects F CVE project by @Sn0wAlice Create: 2023-01-31 23:33:19 +0000 UTC Push: 2023-01-31 23:33:21 +0000 UTC |

Live-Hack-CVE/CVE-2018-11563 An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application. CVE project by @Sn0wAlice Create: 2023-01-31 23:33:15 +0000 UTC Push: 2023-01-31 23:33:17 +0000 UTC |

Live-Hack-CVE/CVE-2019-11707 A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2. CVE project by @Sn0wAlice Create: 2023-01-31 23:33:11 +0000 UTC Push: 2023-01-31 23:33:14 +0000 UTC |

Live-Hack-CVE/CVE-2022-4629 The Product Slider for WooCommerce WordPress plugin before 2.6.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege user CVE project by @Sn0wAlice Create: 2023-01-31 23:33:07 +0000 UTC Push: 2023-01-31 23:33:09 +0000 UTC |

Live-Hack-CVE/CVE-2019-0988 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0920, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080. CVE project by @Sn0wAlice Create: 2023-01-31 23:33:03 +0000 UTC Push: 2023-01-31 23:33:06 +0000 UTC |

Live-Hack-CVE/CVE-2019-2587 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vul CVE project by @Sn0wAlice Create: 2023-01-31 23:32:59 +0000 UTC Push: 2023-01-31 23:33:02 +0000 UTC |