Live-Hack-CVE/CVE-2022-42414 This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The CVE project by @Sn0wAlice Create: 2023-01-28 14:34:41 +0000 UTC Push: 2023-01-28 14:34:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-42423 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data CVE project by @Sn0wAlice Create: 2023-01-28 14:34:38 +0000 UTC Push: 2023-01-28 14:34:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-42421 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data CVE project by @Sn0wAlice Create: 2023-01-28 14:34:33 +0000 UTC Push: 2023-01-28 14:34:35 +0000 UTC |

Live-Hack-CVE/CVE-2022-42420 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data CVE project by @Sn0wAlice Create: 2023-01-28 14:34:30 +0000 UTC Push: 2023-01-28 14:34:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-42419 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data CVE project by @Sn0wAlice Create: 2023-01-28 14:34:26 +0000 UTC Push: 2023-01-28 14:34:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-42418 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue re CVE project by @Sn0wAlice Create: 2023-01-28 14:34:23 +0000 UTC Push: 2023-01-28 14:34:25 +0000 UTC |

Live-Hack-CVE/CVE-2023-0047 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2023. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-28 10:03:39 +0000 UTC Push: 2023-01-28 10:03:41 +0000 UTC |

Live-Hack-CVE/CVE-2022-39324 Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the r CVE project by @Sn0wAlice Create: 2023-01-28 10:03:35 +0000 UTC Push: 2023-01-28 10:03:38 +0000 UTC |

Live-Hack-CVE/CVE-2022-23552 Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.16, 9.2.10, and 9.3.4, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible because SVG files weren't properly sanitized and allowed a CVE project by @Sn0wAlice Create: 2023-01-28 10:03:32 +0000 UTC Push: 2023-01-28 10:03:34 +0000 UTC |

Live-Hack-CVE/CVE-2023-23627 Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site Scripting. When Sanitize is configured with a custom allowlist that allows `noscript` elements, attackers are able to include arbitrary HTML, resulting in XSS (cross-site scripting) or other und CVE project by @Sn0wAlice Create: 2023-01-28 10:03:29 +0000 UTC Push: 2023-01-28 10:03:31 +0000 UTC |

Live-Hack-CVE/CVE-2023-23624 Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, someone can use the `exclude_tag param` to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse site using hid CVE project by @Sn0wAlice Create: 2023-01-28 10:03:25 +0000 UTC Push: 2023-01-28 10:03:27 +0000 UTC |

Live-Hack-CVE/CVE-2023-23621 Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0.1 on the `stable` CVE project by @Sn0wAlice Create: 2023-01-28 10:03:22 +0000 UTC Push: 2023-01-28 10:03:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-23620 Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version 3.0.1 on the `stable` branch and 3.1.0.b CVE project by @Sn0wAlice Create: 2023-01-28 10:03:18 +0000 UTC Push: 2023-01-28 10:03:20 +0000 UTC |

Live-Hack-CVE/CVE-2023-23617 OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds. CVE project by @Sn0wAlice Create: 2023-01-28 10:03:15 +0000 UTC Push: 2023-01-28 10:03:17 +0000 UTC |

Live-Hack-CVE/CVE-2023-23616 Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to flood the database CVE project by @Sn0wAlice Create: 2023-01-28 10:03:11 +0000 UTC Push: 2023-01-28 10:03:13 +0000 UTC |

Live-Hack-CVE/CVE-2023-22737 wire-server provides back end services for Wire, a team communication and collaboration platform. Prior to version 2022-12-09, every member of a Conversation can remove a Bot from a Conversation due to a missing permissions check. Only Conversation admins should be able to remove Bots. Regular Conversations are not all CVE project by @Sn0wAlice Create: 2023-01-28 10:03:07 +0000 UTC Push: 2023-01-28 10:03:10 +0000 UTC |

Live-Hack-CVE/CVE-2020-13640 A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. (No 7.x versions are affected.) CVE project by @Sn0wAlice Create: 2023-01-28 10:03:04 +0000 UTC Push: 2023-01-28 10:03:06 +0000 UTC |

Live-Hack-CVE/CVE-2020-14966 An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a security-relevant impac CVE project by @Sn0wAlice Create: 2023-01-28 10:03:00 +0000 UTC Push: 2023-01-28 10:03:02 +0000 UTC |

Live-Hack-CVE/CVE-2020-14967 An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts (it decrypts modified ciphertexts without error). An attacker might prepend these bytes with the goal of triggering mem CVE project by @Sn0wAlice Create: 2023-01-28 10:02:57 +0000 UTC Push: 2023-01-28 10:02:59 +0000 UTC |

Live-Hack-CVE/CVE-2020-17366 An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate Revocation List files from th CVE project by @Sn0wAlice Create: 2023-01-28 07:53:13 +0000 UTC Push: 2023-01-28 07:53:15 +0000 UTC |