Live-Hack-CVE/CVE-2016-4248 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE project by @Sn0wAlice Create: 2023-01-26 07:21:58 +0000 UTC Push: 2023-01-26 07:22:01 +0000 UTC |

Live-Hack-CVE/CVE-2016-4231 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE project by @Sn0wAlice Create: 2023-01-26 07:21:54 +0000 UTC Push: 2023-01-26 07:21:57 +0000 UTC |

Live-Hack-CVE/CVE-2016-4222 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4226, CVE-2016-4227, CVE project by @Sn0wAlice Create: 2023-01-26 07:21:51 +0000 UTC Push: 2023-01-26 07:21:53 +0000 UTC |

Live-Hack-CVE/CVE-2016-7020 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE project by @Sn0wAlice Create: 2023-01-26 07:21:47 +0000 UTC Push: 2023-01-26 07:21:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-45557 Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via file names. CVE project by @Sn0wAlice Create: 2023-01-26 06:16:36 +0000 UTC Push: 2023-01-26 06:16:38 +0000 UTC |

Live-Hack-CVE/CVE-2022-45542 EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file. CVE project by @Sn0wAlice Create: 2023-01-26 06:16:32 +0000 UTC Push: 2023-01-26 06:16:35 +0000 UTC |

Live-Hack-CVE/CVE-2022-45558 Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via the meta tag. CVE project by @Sn0wAlice Create: 2023-01-26 06:16:28 +0000 UTC Push: 2023-01-26 06:16:31 +0000 UTC |

Live-Hack-CVE/CVE-2022-43455 Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to the service_start, service_stop, and service_restart modules of the software. This could allow an attacker to start, stop, or restart arbitrary services running on CVE project by @Sn0wAlice Create: 2023-01-26 06:16:21 +0000 UTC Push: 2023-01-26 06:16:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-3782 keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly c CVE project by @Sn0wAlice Create: 2023-01-26 06:16:05 +0000 UTC Push: 2023-01-26 06:16:08 +0000 UTC |

Live-Hack-CVE/CVE-2022-3143 wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an a CVE project by @Sn0wAlice Create: 2023-01-26 06:16:01 +0000 UTC Push: 2023-01-26 06:16:04 +0000 UTC |

Live-Hack-CVE/CVE-2022-4295 The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin. CVE project by @Sn0wAlice Create: 2023-01-26 04:05:30 +0000 UTC Push: 2023-01-26 04:05:33 +0000 UTC |

Live-Hack-CVE/CVE-2018-25077 A vulnerability was found in melnaron mel-spintax. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/spintax.js. The manipulation of the argument text leads to inefficient regular expression complexity. The name of the patch is 37767617846e27b87b63004e30216e8f919637d CVE project by @Sn0wAlice Create: 2023-01-26 04:05:23 +0000 UTC Push: 2023-01-26 04:05:26 +0000 UTC |

Live-Hack-CVE/CVE-2020-36651 A vulnerability has been found in youngerheart nodeserver and classified as critical. Affected by this vulnerability is an unknown functionality of the file nodeserver.js. The manipulation leads to path traversal. The name of the patch is c4c0f0138ab5afbac58e03915d446680421bde28. It is recommended to apply a patch to f CVE project by @Sn0wAlice Create: 2023-01-26 04:05:19 +0000 UTC Push: 2023-01-26 04:05:22 +0000 UTC |

Live-Hack-CVE/CVE-2023-22850 Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call. CVE project by @Sn0wAlice Create: 2023-01-26 04:05:15 +0000 UTC Push: 2023-01-26 04:05:18 +0000 UTC |

Live-Hack-CVE/CVE-2023-21860 Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: Internal Operations). Supported versions that are affected are 7.4.38 and prior, 7.5.28 and prior, 7.6.24 and prior and 8.0.31 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical commu CVE project by @Sn0wAlice Create: 2023-01-26 01:54:52 +0000 UTC Push: 2023-01-26 01:54:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-38469 An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords. CVE project by @Sn0wAlice Create: 2023-01-26 01:54:47 +0000 UTC Push: 2023-01-26 01:54:50 +0000 UTC |

Live-Hack-CVE/CVE-2023-22875 IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key. IBM X-Force ID: 244356. CVE project by @Sn0wAlice Create: 2023-01-26 01:54:36 +0000 UTC Push: 2023-01-26 01:54:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-40319 The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account. CVE project by @Sn0wAlice Create: 2023-01-26 01:54:31 +0000 UTC Push: 2023-01-26 01:54:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-3650 A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information. CVE project by @Sn0wAlice Create: 2023-01-26 01:54:25 +0000 UTC Push: 2023-01-26 01:54:27 +0000 UTC |

Live-Hack-CVE/CVE-2023-22499 Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the terminal screen after permi CVE project by @Sn0wAlice Create: 2023-01-26 01:54:21 +0000 UTC Push: 2023-01-26 01:54:23 +0000 UTC |