Live-Hack-CVE/CVE-2022-4867 Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. CVE project by @Sn0wAlice Create: 2023-01-01 00:41:47 +0000 UTC Push: 2023-01-01 00:41:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-4866 Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. CVE project by @Sn0wAlice Create: 2023-01-01 00:41:43 +0000 UTC Push: 2023-01-01 00:41:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-4865 Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. CVE project by @Sn0wAlice Create: 2023-01-01 00:41:40 +0000 UTC Push: 2023-01-01 00:41:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-4868 Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. CVE project by @Sn0wAlice Create: 2023-01-01 00:41:37 +0000 UTC Push: 2023-01-01 00:41:39 +0000 UTC |

Live-Hack-CVE/CVE-2017-20157 A vulnerability was found in Ariadne Component Library up to 2.x. It has been classified as critical. Affected is an unknown function of the file src/url/Url.php. The manipulation leads to server-side request forgery. Upgrading to version 3.0 is able to address this issue. It is recommended to upgrade the affected comp CVE project by @Sn0wAlice Create: 2023-01-01 00:41:34 +0000 UTC Push: 2023-01-01 00:41:36 +0000 UTC |

Live-Hack-CVE/CVE-2017-20156 A vulnerability was found in Exciting Printer and classified as critical. This issue affects some unknown processing of the file lib/printer/jobs/prepare_page.rb of the component Argument Handler. The manipulation of the argument URL leads to command injection. The name of the patch is 5f8c715d6e2cc000f621a6833f0a86a67 CVE project by @Sn0wAlice Create: 2023-01-01 00:41:30 +0000 UTC Push: 2023-01-01 00:41:32 +0000 UTC |

Live-Hack-CVE/CVE-2017-20159 A vulnerability was found in rf Keynote up to 0.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/keynote/rumble.rb. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.0.0 is able to ad CVE project by @Sn0wAlice Create: 2023-01-01 00:41:27 +0000 UTC Push: 2023-01-01 00:41:29 +0000 UTC |

Live-Hack-CVE/CVE-2017-20158 ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in vova07 Yii2 FileAPI Widget up to 0.1.8. It has been declared as problematic. Affected by this vulnerability is the function run of the file actions/UploadAction.php. The manipulation of the argument file leads to cross site scr CVE project by @Sn0wAlice Create: 2023-01-01 00:41:24 +0000 UTC Push: 2023-01-01 00:41:26 +0000 UTC |

Live-Hack-CVE/CVE-2020-8813 graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. CVE project by @Sn0wAlice Create: 2023-01-01 00:41:20 +0000 UTC Push: 2023-01-01 00:41:22 +0000 UTC |

Live-Hack-CVE/CVE-2020-25706 A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field CVE project by @Sn0wAlice Create: 2023-01-01 00:41:17 +0000 UTC Push: 2023-01-01 00:41:19 +0000 UTC |

Live-Hack-CVE/CVE-2020-23226 Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php. CVE project by @Sn0wAlice Create: 2023-01-01 00:37:42 +0000 UTC Push: 2023-01-01 00:37:44 +0000 UTC |

Vicki568/CVE-2022-21907 Poc exploit in CVE-2022-21907 . And testing the presence of cve Create: 2022-12-31 17:58:28 +0000 UTC Push: 2022-12-31 17:58:29 +0000 UTC |

pmihsan/-Dirty-Pipe-CVE-2022-0847 Create: 2022-12-31 01:17:44 +0000 UTC Push: 2022-12-31 01:17:45 +0000 UTC |

Live-Hack-CVE/CVE-2022-38229 XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc. CVE project by @Sn0wAlice Create: 2022-12-30 14:02:49 +0000 UTC Push: 2022-12-30 14:02:52 +0000 UTC |

Live-Hack-CVE/CVE-2021-0188 Return of pointer value outside of expected range in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. CVE project by @Sn0wAlice Create: 2022-12-30 13:21:21 +0000 UTC Push: 2022-12-30 13:21:23 +0000 UTC |

Live-Hack-CVE/CVE-2022-2568 A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges. CVE project by @Sn0wAlice Create: 2022-12-30 12:39:59 +0000 UTC Push: 2022-12-30 12:40:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-29404 In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. CVE project by @Sn0wAlice Create: 2022-12-30 11:59:01 +0000 UTC Push: 2022-12-30 11:59:03 +0000 UTC |

Live-Hack-CVE/CVE-2022-21208 The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sendi CVE project by @Sn0wAlice Create: 2022-12-30 11:17:22 +0000 UTC Push: 2022-12-30 11:17:24 +0000 UTC |

Nexolanta/log4j2_CVE-2021-44228 Create: 2022-12-30 10:46:33 +0000 UTC Push: 2022-12-30 10:46:48 +0000 UTC |

Nexolanta/log4j2-CVE-2021-44228- Create: 2022-12-30 10:41:47 +0000 UTC Push: 2022-12-30 10:44:25 +0000 UTC |