Live-Hack-CVE/CVE-2022-4362 The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks CVE project by @Sn0wAlice Create: 2023-01-10 05:43:36 +0000 UTC Push: 2023-01-10 05:43:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-4340 The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference (IDOR) vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointment_id query parameter. CVE project by @Sn0wAlice Create: 2023-01-10 05:43:32 +0000 UTC Push: 2023-01-10 05:43:35 +0000 UTC |

Live-Hack-CVE/CVE-2022-4329 The Product list Widget for Woocommerce WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users (such as high privilege one like admin). CVE project by @Sn0wAlice Create: 2023-01-10 05:43:27 +0000 UTC Push: 2023-01-10 05:43:31 +0000 UTC |

Live-Hack-CVE/CVE-2022-4352 The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin CVE project by @Sn0wAlice Create: 2023-01-10 05:43:22 +0000 UTC Push: 2023-01-10 05:43:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-42270 NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated input may allow a local attacker to cause stack-based buffer overflow in kernel code, which may lead to escalation of privileges, compromised integrity and confidentiality, and denial of service. CVE project by @Sn0wAlice Create: 2023-01-10 05:43:16 +0000 UTC Push: 2023-01-10 05:43:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-42269 NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a highly privileged local attacker to cause information disclosure and compromise integrity. The scope of the impact can extend to other components. CVE project by @Sn0wAlice Create: 2023-01-10 05:43:09 +0000 UTC Push: 2023-01-10 05:43:13 +0000 UTC |

Live-Hack-CVE/CVE-2022-42266 NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can cause exposure of sensitive information to an actor that is not explicitly authorized to have access to that information, which may lead to limited inf CVE project by @Sn0wAlice Create: 2023-01-10 05:43:06 +0000 UTC Push: 2023-01-10 05:43:08 +0000 UTC |

Live-Hack-CVE/CVE-2022-46181 Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts **if** another user opened a link. The attacker could potentially take CVE project by @Sn0wAlice Create: 2023-01-10 05:43:02 +0000 UTC Push: 2023-01-10 05:43:05 +0000 UTC |

Live-Hack-CVE/CVE-2021-20784 HTTP header injection vulnerability in Everything all versions except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product via unspecified vectors. CVE project by @Sn0wAlice Create: 2023-01-10 05:42:53 +0000 UTC Push: 2023-01-10 05:42:56 +0000 UTC |

Live-Hack-CVE/CVE-2018-25059 A vulnerability was found in pastebinit up to 0.2.2 and classified as problematic. Affected by this issue is the function pasteHandler of the file server.go. The manipulation of the argument r.URL.Path leads to path traversal. Upgrading to version 0.2.3 is able to address this issue. The name of the patch is 1af2facb6d CVE project by @Sn0wAlice Create: 2023-01-10 03:32:43 +0000 UTC Push: 2023-01-10 03:32:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-4857 A vulnerability was found in Modbus Tools Modbus Poll up to 9.10.0 and classified as critical. Affected by this issue is some unknown functionality of the file mbpoll.exe of the component mbp File Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to CVE project by @Sn0wAlice Create: 2023-01-10 03:32:38 +0000 UTC Push: 2023-01-10 03:32:41 +0000 UTC |

Live-Hack-CVE/CVE-2022-4856 A vulnerability has been found in Modbus Tools Modbus Slave up to 7.5.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file mbslave.exe of the component mbs File Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been d CVE project by @Sn0wAlice Create: 2023-01-10 03:32:32 +0000 UTC Push: 2023-01-10 03:32:35 +0000 UTC |

Live-Hack-CVE/CVE-2022-4855 A vulnerability, which was classified as critical, was found in SourceCodester Lead Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public a CVE project by @Sn0wAlice Create: 2023-01-10 03:32:21 +0000 UTC Push: 2023-01-10 03:32:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-48194 TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate. CVE project by @Sn0wAlice Create: 2023-01-10 03:32:14 +0000 UTC Push: 2023-01-10 03:32:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-36437 The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connection. The affected Hazelcast versions are through 4.0.6, 4.1.9, 4.2.5, 5.0.3, and 5.1.2. The affected Hazelcast Jet version CVE project by @Sn0wAlice Create: 2023-01-10 03:32:09 +0000 UTC Push: 2023-01-10 03:32:12 +0000 UTC |

Live-Hack-CVE/CVE-2022-23508 Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses for synchronizing files CVE project by @Sn0wAlice Create: 2023-01-10 00:14:27 +0000 UTC Push: 2023-01-10 00:14:30 +0000 UTC |

Live-Hack-CVE/CVE-2023-22472 Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. (e.g. in an email, chat link, etc). There are curr CVE project by @Sn0wAlice Create: 2023-01-10 00:14:22 +0000 UTC Push: 2023-01-10 00:14:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-23509 Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps Run and the local S3 b CVE project by @Sn0wAlice Create: 2023-01-10 00:14:17 +0000 UTC Push: 2023-01-10 00:14:21 +0000 UTC |

Live-Hack-CVE/CVE-2022-46173 Elrond-GO is a go implementation for the Elrond Network protocol. Versions prior to 1.3.50 are subject to a processing issue where nodes are affected when trying to process a cross-shard relayed transaction with a smart contract deploy transaction data. The problem was a bad correlation between the transaction caches a CVE project by @Sn0wAlice Create: 2023-01-10 00:14:13 +0000 UTC Push: 2023-01-10 00:14:16 +0000 UTC |

Live-Hack-CVE/CVE-2021-4311 A vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerability affects unknown code of the component XML Handler. The manipulation leads to xml external entity reference. The name of the patch is 31d442b9fb1d518128fd18f6e4d54e06c3d67793. It is recommended to apply a patch to fix t CVE project by @Sn0wAlice Create: 2023-01-09 22:04:01 +0000 UTC Push: 2023-01-09 22:04:05 +0000 UTC |