Live-Hack-CVE/CVE-2010-2531 The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion. CVE project by @Sn0wAlice Create: 2023-01-20 01:39:34 +0000 UTC Push: 2023-01-20 01:39:37 +0000 UTC |

Live-Hack-CVE/CVE-2011-1471 Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls. CVE project by @Sn0wAlice Create: 2023-01-20 01:39:30 +0000 UTC Push: 2023-01-20 01:39:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-47105 Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. CVE project by @Sn0wAlice Create: 2023-01-20 01:39:24 +0000 UTC Push: 2023-01-20 01:39:26 +0000 UTC |

Live-Hack-CVE/CVE-2023-0404 The Events Made Easy plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions related to AJAX actions in versions up to, and including, 2.3.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those functi CVE project by @Sn0wAlice Create: 2023-01-20 01:39:20 +0000 UTC Push: 2023-01-20 01:39:22 +0000 UTC |

Live-Hack-CVE/CVE-2023-0403 The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.0. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset network access tokens, CVE project by @Sn0wAlice Create: 2023-01-20 01:39:15 +0000 UTC Push: 2023-01-20 01:39:18 +0000 UTC |

Live-Hack-CVE/CVE-2023-0402 The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete post meta information and reset netw CVE project by @Sn0wAlice Create: 2023-01-20 01:39:11 +0000 UTC Push: 2023-01-20 01:39:13 +0000 UTC |

Live-Hack-CVE/CVE-2020-36649 A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77 CVE project by @Sn0wAlice Create: 2023-01-20 00:30:27 +0000 UTC Push: 2023-01-20 00:30:30 +0000 UTC |

Live-Hack-CVE/CVE-2018-25074 A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the argument uri leads to inefficient regular expression complexity. The name of the patch is 65e94eda62dc8dc148ab3e59aa2ccc086ac448fd. It is recomm CVE project by @Sn0wAlice Create: 2023-01-20 00:30:22 +0000 UTC Push: 2023-01-20 00:30:26 +0000 UTC |

Live-Hack-CVE/CVE-2017-20168 A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The name of the patch is b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommended to apply a patch to fix CVE project by @Sn0wAlice Create: 2023-01-20 00:30:18 +0000 UTC Push: 2023-01-20 00:30:21 +0000 UTC |

Live-Hack-CVE/CVE-2021-37774 An issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0.30 that allows attackers to execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-01-20 00:30:01 +0000 UTC Push: 2023-01-20 00:30:04 +0000 UTC |

Live-Hack-CVE/CVE-2014-125074 A vulnerability was found in Nayshlok Voyager. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Voyager/src/models/DatabaseAccess.java. The manipulation leads to sql injection. The name of the patch is f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae. It is recommended to CVE project by @Sn0wAlice Create: 2023-01-20 00:29:57 +0000 UTC Push: 2023-01-20 00:30:00 +0000 UTC |

p33d/CVE-2022-47966 Multiple Zoho ManageEngine on-premise products Create: 2023-01-20 00:06:56 +0000 UTC Push: 2023-01-20 00:06:56 +0000 UTC |

MONK-MODE/CVE-2023-XXXX Create: 2023-01-19 22:02:38 +0000 UTC Push: 2023-01-19 22:02:39 +0000 UTC |

Live-Hack-CVE/CVE-2023-23690 Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop on encrypted communicati CVE project by @Sn0wAlice Create: 2023-01-19 21:15:23 +0000 UTC Push: 2023-01-19 21:15:26 +0000 UTC |

Live-Hack-CVE/CVE-2022-3738 The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull. CVE project by @Sn0wAlice Create: 2023-01-19 21:15:19 +0000 UTC Push: 2023-01-19 21:15:22 +0000 UTC |

Live-Hack-CVE/CVE-2023-0397 A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete. CVE project by @Sn0wAlice Create: 2023-01-19 20:08:35 +0000 UTC Push: 2023-01-19 20:08:37 +0000 UTC |

Live-Hack-CVE/CVE-2022-4892 A vulnerability was found in MyCMS. It has been classified as problematic. This affects the function build_view of the file lib/gener/view.php of the component Visitors Module. The manipulation of the argument original/converted leads to cross site scripting. It is possible to initiate the attack remotely. The name of CVE project by @Sn0wAlice Create: 2023-01-19 20:08:31 +0000 UTC Push: 2023-01-19 20:08:33 +0000 UTC |

Live-Hack-CVE/CVE-2017-20174 A vulnerability was found in bastianallgeier Kirby Webmentions Plugin and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to injection. The attack may be launched remotely. The name of the patch is 55bedea78ae9af916a9a41497bd9996417851502. It is recommended to app CVE project by @Sn0wAlice Create: 2023-01-19 20:08:26 +0000 UTC Push: 2023-01-19 20:08:29 +0000 UTC |

Live-Hack-CVE/CVE-2015-10069 A vulnerability was found in viakondratiuk cash-machine. It has been declared as critical. This vulnerability affects the function is_card_pin_at_session/update_failed_attempts of the file machine.py. The manipulation leads to sql injection. The name of the patch is 62a6e24efdfa195b70d7df140d8287fdc38eb66d. It is recom CVE project by @Sn0wAlice Create: 2023-01-19 20:08:22 +0000 UTC Push: 2023-01-19 20:08:25 +0000 UTC |

Live-Hack-CVE/CVE-2023-0398 Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. CVE project by @Sn0wAlice Create: 2023-01-19 20:08:17 +0000 UTC Push: 2023-01-19 20:08:21 +0000 UTC |