Live-Hack-CVE/CVE-2022-23506 Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposure of sensitive AWS cred CVE project by @Sn0wAlice Create: 2023-01-04 08:07:19 +0000 UTC Push: 2023-01-04 08:07:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-38723 Gravitee API Management before 3.15.13 allows path traversal through HTML injection. CVE project by @Sn0wAlice Create: 2023-01-04 08:07:11 +0000 UTC Push: 2023-01-04 08:07:14 +0000 UTC |

Live-Hack-CVE/CVE-2022-2967 Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5 and prior do not sufficiently protect credentials, which could allow an attacker to obtain user credentials and gain access to system data. CVE project by @Sn0wAlice Create: 2023-01-04 08:07:05 +0000 UTC Push: 2023-01-04 08:07:10 +0000 UTC |

Live-Hack-CVE/CVE-2023-22456 ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise CVE project by @Sn0wAlice Create: 2023-01-04 05:54:25 +0000 UTC Push: 2023-01-04 05:54:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-45143 The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output. CVE project by @Sn0wAlice Create: 2023-01-04 05:54:21 +0000 UTC Push: 2023-01-04 05:54:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-45867 MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authenticated users, with high privileges, to achieve local file inclusion and execution. CVE project by @Sn0wAlice Create: 2023-01-04 05:54:12 +0000 UTC Push: 2023-01-04 05:54:15 +0000 UTC |

not1cyyy/CVE-2018-16763 CVE-2018-16763 FuelCMS 1.4 Remote Code Execution, this version of FuelCMS is still vulnerable until now Create: 2023-01-04 04:47:08 +0000 UTC Push: 2023-01-04 04:47:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-42471 An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary headers. CVE project by @Sn0wAlice Create: 2023-01-04 03:44:18 +0000 UTC Push: 2023-01-04 03:44:21 +0000 UTC |

Live-Hack-CVE/CVE-2022-41336 An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiPortal versions 6.0.0 through 6.0.11 and all versions of 5.3, 5.2, 5.1, 5.0 management interface may allow a remote authenticated attacker to perform a stored cross site scripting (XSS) attack via sending request with speciall CVE project by @Sn0wAlice Create: 2023-01-04 03:44:13 +0000 UTC Push: 2023-01-04 03:44:16 +0000 UTC |

Live-Hack-CVE/CVE-2022-39947 A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.2, FortiADC version 6.2.0 through 6.2.3, FortiADC version version 6.1.0 through 6.1.6, FortiADC version 6.0.0 through 6.0.4, FortiADC version 5.4.0 through 5.4.5 may allow an attac CVE project by @Sn0wAlice Create: 2023-01-04 03:44:09 +0000 UTC Push: 2023-01-04 03:44:12 +0000 UTC |

Live-Hack-CVE/CVE-2022-35845 Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell. CVE project by @Sn0wAlice Create: 2023-01-04 03:44:04 +0000 UTC Push: 2023-01-04 03:44:07 +0000 UTC |

Live-Hack-CVE/CVE-2021-32821 MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CVE project by @Sn0wAlice Create: 2023-01-04 03:44:00 +0000 UTC Push: 2023-01-04 03:44:03 +0000 UTC |

Live-Hack-CVE/CVE-2021-32824 Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic methods to collect information a CVE project by @Sn0wAlice Create: 2023-01-04 03:43:51 +0000 UTC Push: 2023-01-04 03:43:54 +0000 UTC |

ajith737/Spring4Shell-CVE-2022-22965-POC User friendly Spring4Shell POC Create: 2023-01-04 02:15:07 +0000 UTC Push: 2023-01-04 02:15:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-28388 usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. CVE project by @Sn0wAlice Create: 2023-01-04 01:31:22 +0000 UTC Push: 2023-01-04 01:31:26 +0000 UTC |

Live-Hack-CVE/CVE-2023-0039 The User Post Gallery - UPG plugin for WordPress is vulnerable to authorization bypass which leads to remote command execution due to the use of a nopriv AJAX action and user supplied function calls and parameters in versions up to, and including 2.19. This makes it possible for unauthenticated attackers to call arbitr CVE project by @Sn0wAlice Create: 2023-01-04 01:31:12 +0000 UTC Push: 2023-01-04 01:31:16 +0000 UTC |

Live-Hack-CVE/CVE-2022-38766 The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack. CVE project by @Sn0wAlice Create: 2023-01-04 01:31:08 +0000 UTC Push: 2023-01-04 01:31:11 +0000 UTC |

Live-Hack-CVE/CVE-2023-0038 The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts CVE project by @Sn0wAlice Create: 2023-01-03 23:19:27 +0000 UTC Push: 2023-01-03 23:19:30 +0000 UTC |

Live-Hack-CVE/CVE-2022-4663 The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the user_login parameter in an imported CSV file in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that e CVE project by @Sn0wAlice Create: 2023-01-03 23:19:23 +0000 UTC Push: 2023-01-03 23:19:26 +0000 UTC |

Live-Hack-CVE/CVE-2013-10007 A vulnerability classified as problematic has been found in ethitter WP-Print-Friendly up to 0.5.2. This affects an unknown part of the file wp-print-friendly.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. Upgrading to version 0.5.3 is able to address this issue. CVE project by @Sn0wAlice Create: 2023-01-03 22:14:17 +0000 UTC Push: 2023-01-03 22:14:19 +0000 UTC |