Live-Hack-CVE/CVE-2019-7635 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. CVE project by @Sn0wAlice Create: 2023-02-09 14:32:01 +0000 UTC Push: 2023-02-09 14:32:03 +0000 UTC |

Live-Hack-CVE/CVE-2020-14410 SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. CVE project by @Sn0wAlice Create: 2023-02-09 14:31:57 +0000 UTC Push: 2023-02-09 14:31:59 +0000 UTC |

Live-Hack-CVE/CVE-2021-33657 There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution. CVE project by @Sn0wAlice Create: 2023-02-09 14:31:53 +0000 UTC Push: 2023-02-09 14:31:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-4743 A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected. CVE project by @Sn0wAlice Create: 2023-02-09 14:31:49 +0000 UTC Push: 2023-02-09 14:31:52 +0000 UTC |

Live-Hack-CVE/CVE-2018-25012 A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). CVE project by @Sn0wAlice Create: 2023-02-09 14:31:46 +0000 UTC Push: 2023-02-09 14:31:48 +0000 UTC |

Live-Hack-CVE/CVE-2018-25013 A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes(). CVE project by @Sn0wAlice Create: 2023-02-09 14:31:43 +0000 UTC Push: 2023-02-09 14:31:45 +0000 UTC |

Live-Hack-CVE/CVE-2018-25014 A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol(). CVE project by @Sn0wAlice Create: 2023-02-09 14:31:39 +0000 UTC Push: 2023-02-09 14:31:41 +0000 UTC |

Live-Hack-CVE/CVE-2020-25659 python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. CVE project by @Sn0wAlice Create: 2023-02-09 14:31:36 +0000 UTC Push: 2023-02-09 14:31:38 +0000 UTC |

Exploitables/CVE-2009-0824 new exploit YIPEEEE Create: 2023-02-09 14:16:56 +0000 UTC Push: 2023-02-09 14:16:58 +0000 UTC |

Live-Hack-CVE/CVE-2017-18539 The weblibrarian plugin before 3.4.8.6 for WordPress has XSS via front-end short codes. CVE project by @Sn0wAlice Create: 2023-02-09 09:58:54 +0000 UTC Push: 2023-02-09 09:58:56 +0000 UTC |

Live-Hack-CVE/CVE-2023-0669 Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2. CVE project by @Sn0wAlice Create: 2023-02-09 09:58:50 +0000 UTC Push: 2023-02-09 09:58:53 +0000 UTC |

Live-Hack-CVE/CVE-2023-0251 Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a buffer overflow through improper restrictions of operations within memory, which could allow an attacker to remotely execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-02-09 09:58:47 +0000 UTC Push: 2023-02-09 09:58:49 +0000 UTC |

Live-Hack-CVE/CVE-2023-0250 Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-02-09 09:58:43 +0000 UTC Push: 2023-02-09 09:58:46 +0000 UTC |

Live-Hack-CVE/CVE-2023-0249 Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-02-09 09:58:40 +0000 UTC Push: 2023-02-09 09:58:42 +0000 UTC |

Live-Hack-CVE/CVE-2023-25168 Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to use this exploit, an attacker must have an existing "server" alloca CVE project by @Sn0wAlice Create: 2023-02-09 09:58:29 +0000 UTC Push: 2023-02-09 09:58:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-40692 Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions. CVE project by @Sn0wAlice Create: 2023-02-09 07:47:40 +0000 UTC Push: 2023-02-09 07:47:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-44585 Cross-Site Request Forgery (CSRF) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5 versions. CVE project by @Sn0wAlice Create: 2023-02-09 07:47:35 +0000 UTC Push: 2023-02-09 07:47:37 +0000 UTC |

Live-Hack-CVE/CVE-2023-25163 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logged. The error message is visible when a u CVE project by @Sn0wAlice Create: 2023-02-09 07:47:30 +0000 UTC Push: 2023-02-09 07:47:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-47648 Bosch Security Systems B420 firmware 02.02.0001 employs IP based authorization in its authentication mechanism, allowing attackers to access the device as long as they are on the same network as a legitimate user. CVE project by @Sn0wAlice Create: 2023-02-09 07:47:27 +0000 UTC Push: 2023-02-09 07:47:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-45982 thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload. CVE project by @Sn0wAlice Create: 2023-02-09 07:47:24 +0000 UTC Push: 2023-02-09 07:47:26 +0000 UTC |