Live-Hack-CVE/CVE-2022-47083 Spitfire CMS 1.0.475 is vulnerable to PHP Object Injection. CVE project by @Sn0wAlice Create: 2023-01-14 00:07:40 +0000 UTC Push: 2023-01-14 00:07:43 +0000 UTC |

WellingtonEspindula/SSI-CVE-2022-21661 Information System's Security 2nd Assignment Create: 2023-01-13 21:31:34 +0000 UTC Push: 2023-01-20 22:05:21 +0000 UTC |

offalltn/CVE-2022-45299 CVE 2022-45299 Create: 2023-01-13 19:47:02 +0000 UTC Push: 2023-01-13 19:58:59 +0000 UTC |

Live-Hack-CVE/CVE-2022-4710 The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wpr_ajax_search_link_target' parameter in the 'data_fetch' function. This makes it possible for unauthentica CVE project by @Sn0wAlice Create: 2023-01-13 19:41:46 +0000 UTC Push: 2023-01-13 19:41:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-4709 The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import and activate templates from the plugin' CVE project by @Sn0wAlice Create: 2023-01-13 19:41:42 +0000 UTC Push: 2023-01-13 19:41:44 +0000 UTC |

Live-Hack-CVE/CVE-2022-4708 The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_template_conditions' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to modify the conditions under which templates a CVE project by @Sn0wAlice Create: 2023-01-13 19:41:37 +0000 UTC Push: 2023-01-13 19:41:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-4707 The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.59. This is due to missing nonce validation in the 'wpr_create_mega_menu_template' AJAX function. This allows unauthenticated attackers to create Mega Menu templates, granted they can trick CVE project by @Sn0wAlice Create: 2023-01-13 19:41:33 +0000 UTC Push: 2023-01-13 19:41:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-4704 The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import preset site configuration templates includ CVE project by @Sn0wAlice Create: 2023-01-13 19:41:28 +0000 UTC Push: 2023-01-13 19:41:31 +0000 UTC |

Live-Hack-CVE/CVE-2022-4705 The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to finalize activation of preset site configuration CVE project by @Sn0wAlice Create: 2023-01-13 19:41:24 +0000 UTC Push: 2023-01-13 19:41:27 +0000 UTC |

Live-Hack-CVE/CVE-2022-3693 The File Management System developed by FileOrbis before version 10.6.3 has an unauthenticated local file inclusion and path traversal vulnerability. This has been fixed in the version 10.6.3 CVE project by @Sn0wAlice Create: 2023-01-13 19:41:20 +0000 UTC Push: 2023-01-13 19:41:22 +0000 UTC |

Live-Hack-CVE/CVE-2023-0283 A vulnerability classified as critical has been found in SourceCodester Online Flight Booking Management System. This affects an unknown part of the file review_search.php of the component POST Parameter Handler. The manipulation of the argument txtsearch leads to sql injection. It is possible to initiate the attack re CVE project by @Sn0wAlice Create: 2023-01-13 19:40:59 +0000 UTC Push: 2023-01-13 19:41:02 +0000 UTC |

Live-Hack-CVE/CVE-2023-0281 A vulnerability was found in SourceCodester Online Flight Booking Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file judge_panel.php. The manipulation of the argument subevent_id leads to sql injection. The attack may be launched remotely. The exploit has CVE project by @Sn0wAlice Create: 2023-01-13 19:40:55 +0000 UTC Push: 2023-01-13 19:40:58 +0000 UTC |

hfh86/CVE-2022-3317 Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 106.0.5249.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) Create: 2023-01-13 16:06:54 +0000 UTC Push: 2023-01-13 16:06:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-46502 Online Student Enrollment System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /student_enrollment/admin/login.php. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:59 +0000 UTC Push: 2023-01-13 14:15:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-42285 DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:55 +0000 UTC Push: 2023-01-13 14:14:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-42284 NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This may lead to a credentials exposure. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:51 +0000 UTC Push: 2023-01-13 14:14:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-42283 NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:48 +0000 UTC Push: 2023-01-13 14:14:50 +0000 UTC |

Live-Hack-CVE/CVE-2022-42282 NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitrary files, which may lead to information disclosure. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:44 +0000 UTC Push: 2023-01-13 14:14:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-42281 NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:40 +0000 UTC Push: 2023-01-13 14:14:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-42280 NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can exploit a path traversal, which may lead to authentication bypass. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:36 +0000 UTC Push: 2023-01-13 14:14:39 +0000 UTC |