unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2021-4236
Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets CVE project by @Sn0wAlice
Create: 2023-01-05 15:11:42 +0000 UTC Push: 2023-01-05 15:11:46 +0000 UTC |
Live-Hack-CVE/CVE-2022-23544
MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in `IssueProxyResourceService::getMdI CVE project by @Sn0wAlice
Create: 2023-01-05 15:11:33 +0000 UTC Push: 2023-01-05 15:11:36 +0000 UTC |
nidhihcl/frameworks_base_AOSP_10_r33_CVE-2021-39696
Create: 2023-01-05 14:42:33 +0000 UTC Push: 2023-01-05 14:42:33 +0000 UTC |
Live-Hack-CVE/CVE-2022-4876
A vulnerability was found in Kaltura mwEmbed up to 2.96.rc1 and classified as problematic. This issue affects some unknown processing of the file includes/DefaultSettings.php. The manipulation of the argument HTTP_X_FORWARDED_HOST leads to cross site scripting. The attack may be initiated remotely. Upgrading to version CVE project by @Sn0wAlice
Create: 2023-01-05 09:33:13 +0000 UTC Push: 2023-01-05 09:33:16 +0000 UTC |
Live-Hack-CVE/CVE-2021-4302
A vulnerability was found in slackero phpwcms up to 1.9.26. It has been classified as problematic. This affects an unknown part of the component SVG File Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.9.27 is able to address this issue. Th CVE project by @Sn0wAlice
Create: 2023-01-05 07:22:08 +0000 UTC Push: 2023-01-05 07:22:11 +0000 UTC |
Live-Hack-CVE/CVE-2023-22467
Luxon is a library for working with dates and times in JavaScript. On the 1.x branch prior to 1.38.1, the 2.x branch prior to 2.5.2, and the 3.x branch on 3.2.1, Luxon's `DateTime.fromRFC2822() has quadratic (N^2) complexity on some specific inputs. This causes a noticeable slowdown for inputs with lengths above 10k ch CVE project by @Sn0wAlice
Create: 2023-01-05 07:22:03 +0000 UTC Push: 2023-01-05 07:22:06 +0000 UTC |
Live-Hack-CVE/CVE-2023-22466
Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting `pipe_mode` will reset `reject_remote_clients` to `false`. If the application has previously configured `reject_remote_clients` to `t CVE project by @Sn0wAlice
Create: 2023-01-05 07:21:59 +0000 UTC Push: 2023-01-05 07:22:02 +0000 UTC |
Live-Hack-CVE/CVE-2023-0055
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32. CVE project by @Sn0wAlice
Create: 2023-01-05 07:21:55 +0000 UTC Push: 2023-01-05 07:21:58 +0000 UTC |
Live-Hack-CVE/CVE-2022-4875
A vulnerability has been found in fossology and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument sql/VarValue leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 8e0eba001662c7eb35f045b70dd458a4643b4553. It is recommended to a CVE project by @Sn0wAlice
Create: 2023-01-05 07:21:51 +0000 UTC Push: 2023-01-05 07:21:54 +0000 UTC |
Live-Hack-CVE/CVE-2021-4300
A vulnerability has been found in ghostlander Halcyon and classified as critical. Affected by this vulnerability is the function CBlock::AddToBlockIndex of the file src/main.cpp of the component Block Verification. The manipulation leads to improper access controls. The attack can be launched remotely. Upgrading to ver CVE project by @Sn0wAlice
Create: 2023-01-05 07:21:46 +0000 UTC Push: 2023-01-05 07:21:49 +0000 UTC |
Live-Hack-CVE/CVE-2023-0054
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. CVE project by @Sn0wAlice
Create: 2023-01-05 05:11:43 +0000 UTC Push: 2023-01-05 05:11:46 +0000 UTC |
Live-Hack-CVE/CVE-2022-48217
** DISPUTED ** The tf_remapper_node component 1.1.1 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled old_tf_topic_name and/or new_tf_topic_name CVE project by @Sn0wAlice
Create: 2023-01-05 05:11:39 +0000 UTC Push: 2023-01-05 05:11:42 +0000 UTC |
Live-Hack-CVE/CVE-2022-45052
A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the imageProxy.type.php endpoint, external users are capable of accessing files on the server. CVE project by @Sn0wAlice
Create: 2023-01-05 05:11:34 +0000 UTC Push: 2023-01-05 05:11:37 +0000 UTC |
Live-Hack-CVE/CVE-2022-45051
A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The module parameter on the Service.template.cls endpoint does not properly neutralise user input, resulting in the vulnerability. CVE project by @Sn0wAlice
Create: 2023-01-05 05:11:29 +0000 UTC Push: 2023-01-05 05:11:33 +0000 UTC |
Live-Hack-CVE/CVE-2022-45049
A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The url parameter on the novelist.php endpoint does not properly neutralise user input, resulting in the vulnerability. CVE project by @Sn0wAlice
Create: 2023-01-05 05:11:24 +0000 UTC Push: 2023-01-05 05:11:28 +0000 UTC |
Live-Hack-CVE/CVE-2022-46456
NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c. CVE project by @Sn0wAlice
Create: 2023-01-05 04:08:44 +0000 UTC Push: 2023-01-05 04:08:47 +0000 UTC |
Live-Hack-CVE/CVE-2022-43920
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter. IBM X-Force ID: 241362. CVE project by @Sn0wAlice
Create: 2023-01-05 04:08:40 +0000 UTC Push: 2023-01-05 04:08:43 +0000 UTC |
Live-Hack-CVE/CVE-2022-25926
Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization. CVE project by @Sn0wAlice
Create: 2023-01-05 04:08:34 +0000 UTC Push: 2023-01-05 04:08:38 +0000 UTC |
Live-Hack-CVE/CVE-2022-22352
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 22 CVE project by @Sn0wAlice
Create: 2023-01-05 04:08:30 +0000 UTC Push: 2023-01-05 04:08:33 +0000 UTC |
Live-Hack-CVE/CVE-2022-22338
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 219510. CVE project by @Sn0wAlice
Create: 2023-01-05 04:08:25 +0000 UTC Push: 2023-01-05 04:08:29 +0000 UTC |
Previous
549
550
551
552
553
554
555
556
Next