Live-Hack-CVE/CVE-2021-25460 An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService. CVE project by @Sn0wAlice Create: 2022-12-29 21:22:37 +0000 UTC Push: 2022-12-29 21:22:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-3074 The Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2022-12-29 20:40:31 +0000 UTC Push: 2022-12-29 20:40:33 +0000 UTC |

Live-Hack-CVE/CVE-2021-4052 Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. CVE project by @Sn0wAlice Create: 2022-12-29 19:54:25 +0000 UTC Push: 2022-12-29 19:54:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-29089 Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privilege CVE project by @Sn0wAlice Create: 2022-12-29 19:12:51 +0000 UTC Push: 2022-12-29 19:12:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-1388 On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (Eo CVE project by @Sn0wAlice Create: 2022-12-29 18:31:27 +0000 UTC Push: 2022-12-29 18:31:31 +0000 UTC |

Live-Hack-CVE/CVE-2020-10003 An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges. CVE project by @Sn0wAlice Create: 2022-12-29 17:49:55 +0000 UTC Push: 2022-12-29 17:49:58 +0000 UTC |

nidhi7598/frameworks_base_AOSP_10_r33_CVE-2022-20495 Create: 2022-12-29 17:08:18 +0000 UTC Push: 2022-12-29 17:08:18 +0000 UTC |

Live-Hack-CVE/CVE-2021-33684 SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an att CVE project by @Sn0wAlice Create: 2022-12-29 17:08:16 +0000 UTC Push: 2022-12-29 17:08:18 +0000 UTC |

Live-Hack-CVE/CVE-2017-10115 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple CVE project by @Sn0wAlice Create: 2022-12-29 16:26:46 +0000 UTC Push: 2022-12-29 16:26:48 +0000 UTC |

Live-Hack-CVE/CVE-2021-41657 SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack. CVE project by @Sn0wAlice Create: 2022-12-29 15:45:18 +0000 UTC Push: 2022-12-29 15:45:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-40834 B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_not_like() function. CVE project by @Sn0wAlice Create: 2022-12-29 15:03:31 +0000 UTC Push: 2022-12-29 15:03:33 +0000 UTC |

Live-Hack-CVE/CVE-2021-35226 An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role. CVE project by @Sn0wAlice Create: 2022-12-29 14:21:59 +0000 UTC Push: 2022-12-29 14:22:01 +0000 UTC |

Live-Hack-CVE/CVE-2022-41036 Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38053, CVE-2022-41037, CVE-2022-41038. CVE project by @Sn0wAlice Create: 2022-12-29 13:40:30 +0000 UTC Push: 2022-12-29 13:40:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-21936 On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI. CVE project by @Sn0wAlice Create: 2022-12-29 12:59:04 +0000 UTC Push: 2022-12-29 12:59:06 +0000 UTC |

Live-Hack-CVE/CVE-2019-6830 A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller. CVE project by @Sn0wAlice Create: 2022-12-29 12:17:33 +0000 UTC Push: 2022-12-29 12:17:35 +0000 UTC |

Live-Hack-CVE/CVE-2019-20163 An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_odf_avc_cfg_write_bs() in odf/descriptors.c. CVE project by @Sn0wAlice Create: 2022-12-29 11:36:00 +0000 UTC Push: 2022-12-29 11:36:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-42160 D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings. CVE project by @Sn0wAlice Create: 2022-12-29 10:54:29 +0000 UTC Push: 2022-12-29 10:54:31 +0000 UTC |

Live-Hack-CVE/CVE-2022-41139 MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on agents. CVE project by @Sn0wAlice Create: 2022-12-29 10:13:23 +0000 UTC Push: 2022-12-29 10:13:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-39403 Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. Successful attacks r CVE project by @Sn0wAlice Create: 2022-12-29 09:32:04 +0000 UTC Push: 2022-12-29 09:32:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-39301 sra-admin is a background rights management system that separates the front and back end. sra-admin version 1.1.1 has a storage cross-site scripting (XSS) vulnerability. After logging into the sra-admin background, an attacker can upload an html page containing xss attack code in "Personal Center" - "Profile Picture Up CVE project by @Sn0wAlice Create: 2022-12-29 08:50:51 +0000 UTC Push: 2022-12-29 08:50:53 +0000 UTC |