Live-Hack-CVE/CVE-2020-36638 ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de AdminServ. It has been rated as problematic. This issue affects some unknown processing of the file resources/core/adminserv.php. The manipulation of the argument error leads to cross site scripting. The attack may be CVE project by @Sn0wAlice Create: 2023-01-07 05:32:02 +0000 UTC Push: 2023-01-07 05:32:06 +0000 UTC |

Live-Hack-CVE/CVE-2020-36637 ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de AdminServ. It has been declared as problematic. This vulnerability affects unknown code of the file resources/core/adminserv.php. The manipulation of the argument text leads to cross site scripting. The attack can be CVE project by @Sn0wAlice Create: 2023-01-07 05:31:57 +0000 UTC Push: 2023-01-07 05:32:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-34679 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unhandled return value can lead to a null-pointer dereference, which may lead to denial of service. CVE project by @Sn0wAlice Create: 2023-01-07 05:31:50 +0000 UTC Push: 2023-01-07 05:31:54 +0000 UTC |

yerodin/CVE-2022-44149 PO Exploit for CVE-2022-44149 Create: 2023-01-07 04:00:25 +0000 UTC Push: 2023-01-07 04:00:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-4778 StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server's filesystem. StreamX applications using StreamView HTML component with the public web server feature activated are affected. CVE project by @Sn0wAlice Create: 2023-01-07 03:21:28 +0000 UTC Push: 2023-01-07 03:21:31 +0000 UTC |

Live-Hack-CVE/CVE-2022-41966 XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps t CVE project by @Sn0wAlice Create: 2023-01-07 03:21:24 +0000 UTC Push: 2023-01-07 03:21:27 +0000 UTC |

Live-Hack-CVE/CVE-2023-22475 Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens prior to sha-fb61290. An attacker who discovers an HTTP-based Canarytoken (a URL) can use this to execute Javascript in the Canary CVE project by @Sn0wAlice Create: 2023-01-07 03:21:19 +0000 UTC Push: 2023-01-07 03:21:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-44149 The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required. CVE project by @Sn0wAlice Create: 2023-01-07 03:21:14 +0000 UTC Push: 2023-01-07 03:21:17 +0000 UTC |

Live-Hack-CVE/CVE-2020-36643 A vulnerability was found in intgr uqm-wasm. It has been classified as critical. This affects the function log_displayBox in the library sc2/src/libs/log/msgbox_macosx.m. The manipulation leads to format string. The name of the patch is 1d5cbf3350a02c423ad6bef6dfd5300d38aa828f. It is recommended to apply a patch to fix CVE project by @Sn0wAlice Create: 2023-01-07 03:21:10 +0000 UTC Push: 2023-01-07 03:21:13 +0000 UTC |

Live-Hack-CVE/CVE-2014-125051 A vulnerability was found in himiklab yii2-jqgrid-widget up to 1.0.7. It has been declared as critical. This vulnerability affects the function addSearchOptionsRecursively of the file JqGridAction.php. The manipulation leads to sql injection. Upgrading to version 1.0.8 is able to address this issue. The name of the pat CVE project by @Sn0wAlice Create: 2023-01-07 03:21:05 +0000 UTC Push: 2023-01-07 03:21:08 +0000 UTC |

Live-Hack-CVE/CVE-2014-125050 A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The name of the patch is 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch to fix this issue. VDB-21 CVE project by @Sn0wAlice Create: 2023-01-07 03:21:01 +0000 UTC Push: 2023-01-07 03:21:04 +0000 UTC |

Live-Hack-CVE/CVE-2020-36562 Due to unchecked type assertions, maliciously crafted messages can cause panics, which may be used as a denial of service vector. CVE project by @Sn0wAlice Create: 2023-01-07 03:20:57 +0000 UTC Push: 2023-01-07 03:21:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-46172 authentik is an open-source Identity provider focused on flexibility and versatility. In versions prior to 2022.10.4, and 2022.11.4, any authenticated user can create an arbitrary number of accounts through the default flows. This would circumvent any policy in a situation where it is undesirable for users to create ne CVE project by @Sn0wAlice Create: 2023-01-07 03:20:53 +0000 UTC Push: 2023-01-07 03:20:56 +0000 UTC |

Live-Hack-CVE/CVE-2022-41967 Dragonfly is a Java runtime dependency management library. Dragonfly v0.3.0-SNAPSHOT does not configure DocumentBuilderFactory to prevent XML external entity (XXE) attacks. This issue is patched in 0.3.1-SNAPSHOT. As a workaround, since Dragonfly only parses XML `SNAPSHOT` versions are being resolved, this vulnerabilit CVE project by @Sn0wAlice Create: 2023-01-07 03:20:49 +0000 UTC Push: 2023-01-07 03:20:52 +0000 UTC |

Live-Hack-CVE/CVE-2020-36563 XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input. CVE project by @Sn0wAlice Create: 2023-01-07 03:20:44 +0000 UTC Push: 2023-01-07 03:20:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-4773 ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in cloudsync. Affected by this vulnerability is the function getItem of the file src/main/java/cloudsync/connector/LocalFilesystemConnector.java. The manipulation leads to path traversal. It is possible t CVE project by @Sn0wAlice Create: 2023-01-07 03:20:40 +0000 UTC Push: 2023-01-07 03:20:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-4779 StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected. CVE project by @Sn0wAlice Create: 2023-01-07 03:20:34 +0000 UTC Push: 2023-01-07 03:20:38 +0000 UTC |

Live-Hack-CVE/CVE-2018-25054 A vulnerability was found in shred cilla. It has been classified as problematic. Affected is an unknown function of the file cilla-xample/src/main/webapp/WEB-INF/jsp/view/search.jsp of the component Search Handler. The manipulation of the argument details leads to cross site scripting. It is possible to launch the atta CVE project by @Sn0wAlice Create: 2023-01-07 03:20:30 +0000 UTC Push: 2023-01-07 03:20:33 +0000 UTC |

Live-Hack-CVE/CVE-2019-25092 A vulnerability classified as problematic was found in Nakiami Mellivora up to 2.1.x. Affected by this vulnerability is the function print_user_ip_log of the file include/layout/user.inc.php of the component Admin Panel. The manipulation of the argument $entry['ip'] leads to cross site scripting. The attack can be laun CVE project by @Sn0wAlice Create: 2023-01-07 03:20:26 +0000 UTC Push: 2023-01-07 03:20:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-4817 A vulnerability was found in centic9 jgit-cookbook. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insecure temporary file. The attack can be initiated remotely. The name of the patch is b8cb29b43dc704708d598c60ac1881db7cf8e9c3. It is recommended to apply a patch CVE project by @Sn0wAlice Create: 2023-01-07 03:20:21 +0000 UTC Push: 2023-01-07 03:20:24 +0000 UTC |