Live-Hack-CVE/CVE-2023-24422 A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM CVE project by @Sn0wAlice Create: 2023-02-04 15:05:25 +0000 UTC Push: 2023-02-04 15:05:27 +0000 UTC |

Live-Hack-CVE/CVE-2023-24022 Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.) CVE project by @Sn0wAlice Create: 2023-02-04 15:05:21 +0000 UTC Push: 2023-02-04 15:05:23 +0000 UTC |

Live-Hack-CVE/CVE-2023-0671 Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10. CVE project by @Sn0wAlice Create: 2023-02-04 15:05:18 +0000 UTC Push: 2023-02-04 15:05:20 +0000 UTC |

Live-Hack-CVE/CVE-2018-25079 A vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version 1.2.3 is able to address CVE project by @Sn0wAlice Create: 2023-02-04 15:05:15 +0000 UTC Push: 2023-02-04 15:05:17 +0000 UTC |

Live-Hack-CVE/CVE-2015-10072 A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address this issue. The name of CVE project by @Sn0wAlice Create: 2023-02-04 15:05:11 +0000 UTC Push: 2023-02-04 15:05:13 +0000 UTC |

MaskCyberSecurityTeam/CVE-2022-26134_Behinder_MemShell Create: 2023-02-04 14:51:47 +0000 UTC Push: 2023-02-04 14:51:48 +0000 UTC |

swzhouu/CVE-2022-48311 HP Deskjet 2540 series printer HTTP configuration page Cross Site Scripting (XSS) Vulnerability Create: 2023-02-04 13:44:46 +0000 UTC Push: 2023-02-04 13:44:46 +0000 UTC |

swzhouu/CVE-2022-48311-2 XSS Vulnerability in HP Deskjet 2540 series printer HTTP configuration page Create: 2023-02-04 13:44:46 +0000 UTC Push: 2023-02-04 14:08:44 +0000 UTC |

jnschaeffer/cve-2022-44268-detector Detect images that likely exploit CVE-2022-44268 Create: 2023-02-04 09:35:08 +0000 UTC Push: 2023-02-04 09:35:09 +0000 UTC |

Live-Hack-CVE/CVE-2020-10883 This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the f CVE project by @Sn0wAlice Create: 2023-02-04 09:29:16 +0000 UTC Push: 2023-02-04 09:29:19 +0000 UTC |

Live-Hack-CVE/CVE-2020-10882 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by defau CVE project by @Sn0wAlice Create: 2023-02-04 09:29:12 +0000 UTC Push: 2023-02-04 09:29:14 +0000 UTC |

Live-Hack-CVE/CVE-2020-6806 By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR CVE project by @Sn0wAlice Create: 2023-02-04 09:29:08 +0000 UTC Push: 2023-02-04 09:29:10 +0000 UTC |

Live-Hack-CVE/CVE-2019-4309 IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035. CVE project by @Sn0wAlice Create: 2023-02-04 09:29:04 +0000 UTC Push: 2023-02-04 09:29:07 +0000 UTC |

Live-Hack-CVE/CVE-2019-3721 Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain an Improper Range Header Processing Vulnerability. A remote unauthenticated attacker may send crafted requests with overlapping ranges to cause the application to compress each of the requested bytes, resulting in a crash due to excessive CVE project by @Sn0wAlice Create: 2023-02-04 09:29:01 +0000 UTC Push: 2023-02-04 09:29:03 +0000 UTC |

Live-Hack-CVE/CVE-2019-13725 Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:57 +0000 UTC Push: 2023-02-04 09:29:00 +0000 UTC |

Live-Hack-CVE/CVE-2019-18422 An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing process CVE project by @Sn0wAlice Create: 2023-02-04 09:28:54 +0000 UTC Push: 2023-02-04 09:28:56 +0000 UTC |

Live-Hack-CVE/CVE-2021-45868 In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:48 +0000 UTC Push: 2023-02-04 09:28:51 +0000 UTC |

Live-Hack-CVE/CVE-2019-13750 Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:44 +0000 UTC Push: 2023-02-04 09:28:47 +0000 UTC |

Live-Hack-CVE/CVE-2019-13754 Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:41 +0000 UTC Push: 2023-02-04 09:28:43 +0000 UTC |

Live-Hack-CVE/CVE-2021-24374 The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leake CVE project by @Sn0wAlice Create: 2023-02-04 09:28:37 +0000 UTC Push: 2023-02-04 09:28:39 +0000 UTC |