Live-Hack-CVE/CVE-2022-39041 aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database. CVE project by @Sn0wAlice Create: 2023-01-03 14:37:47 +0000 UTC Push: 2023-01-03 14:37:50 +0000 UTC |

Live-Hack-CVE/CVE-2022-39040 aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. CVE project by @Sn0wAlice Create: 2023-01-03 14:37:43 +0000 UTC Push: 2023-01-03 14:37:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-39039 aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTP(s) request to launch Server-Side Request Forgery (SSRF) attack, to perform arbitrary system command or disrupt service. CVE project by @Sn0wAlice Create: 2023-01-03 14:37:39 +0000 UTC Push: 2023-01-03 14:37:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-43931 Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors. CVE project by @Sn0wAlice Create: 2023-01-03 14:37:34 +0000 UTC Push: 2023-01-03 14:37:37 +0000 UTC |

Trinadh465/frameworks_minikin_AOSP10_r33-CVE-2022-20473 Create: 2023-01-03 12:51:12 +0000 UTC Push: 2023-01-03 12:51:12 +0000 UTC |

wh-gov/CVE-2022-46366 CVE-2022-46366 Create: 2023-01-03 12:04:29 +0000 UTC Push: 2023-01-03 12:04:30 +0000 UTC |

Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20470 Create: 2023-01-03 11:43:46 +0000 UTC Push: 2023-01-03 11:43:46 +0000 UTC |

LalieA/CVE-2021-46398 A Proof of Concept for the CVE-2021-46398 flaw exploitation Create: 2023-01-03 09:49:22 +0000 UTC Push: 2023-09-10 23:04:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-4025 Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low) CVE project by @Sn0wAlice Create: 2023-01-03 09:12:30 +0000 UTC Push: 2023-01-03 09:12:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-3863 Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) CVE project by @Sn0wAlice Create: 2023-01-03 09:12:25 +0000 UTC Push: 2023-01-03 09:12:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-3842 Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE project by @Sn0wAlice Create: 2023-01-03 09:12:21 +0000 UTC Push: 2023-01-03 09:12:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-2743 Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High) CVE project by @Sn0wAlice Create: 2023-01-03 09:12:17 +0000 UTC Push: 2023-01-03 09:12:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-2742 Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chrome security severity: High) CVE project by @Sn0wAlice Create: 2023-01-03 09:12:12 +0000 UTC Push: 2023-01-03 09:12:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-0801 Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium) CVE project by @Sn0wAlice Create: 2023-01-03 09:12:08 +0000 UTC Push: 2023-01-03 09:12:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-0337 Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. (Chrome security severity: High) CVE project by @Sn0wAlice Create: 2023-01-03 09:12:05 +0000 UTC Push: 2023-01-03 09:12:07 +0000 UTC |

Live-Hack-CVE/CVE-2021-30558 Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chrome security severity: Medium) CVE project by @Sn0wAlice Create: 2023-01-03 09:12:01 +0000 UTC Push: 2023-01-03 09:12:03 +0000 UTC |

Live-Hack-CVE/CVE-2021-21200 Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low) CVE project by @Sn0wAlice Create: 2023-01-03 09:11:56 +0000 UTC Push: 2023-01-03 09:11:59 +0000 UTC |

Live-Hack-CVE/CVE-2019-13768 Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: High) CVE project by @Sn0wAlice Create: 2023-01-03 09:11:52 +0000 UTC Push: 2023-01-03 09:11:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-3460 In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview. CVE project by @Sn0wAlice Create: 2023-01-03 09:11:48 +0000 UTC Push: 2023-01-03 09:11:51 +0000 UTC |

Live-Hack-CVE/CVE-2022-4324 The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog. CVE project by @Sn0wAlice Create: 2023-01-03 08:07:06 +0000 UTC Push: 2023-01-03 08:07:09 +0000 UTC |