Live-Hack-CVE/CVE-2022-3568 The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action CVE project by @Sn0wAlice Create: 2023-02-17 03:31:05 +0000 UTC Push: 2023-02-17 03:31:08 +0000 UTC |

Live-Hack-CVE/CVE-2022-1722 SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses CVE project by @Sn0wAlice Create: 2023-02-17 03:31:02 +0000 UTC Push: 2023-02-17 03:31:04 +0000 UTC |

Live-Hack-CVE/CVE-2022-1721 Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:58 +0000 UTC Push: 2023-02-17 03:31:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-1713 SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:54 +0000 UTC Push: 2023-02-17 03:30:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-1727 Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:51 +0000 UTC Push: 2023-02-17 03:30:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-1767 Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:47 +0000 UTC Push: 2023-02-17 03:30:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-1774 Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:43 +0000 UTC Push: 2023-02-17 03:30:46 +0000 UTC |

Live-Hack-CVE/CVE-2015-10076 A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has been declared as critical. Affected by this vulnerability is the function createTag of the file app/src/main/java/com/dimtion/shaarlier/TagsSource.java of the component Tag Handler. The manipulation leads to sql injection. Upgrading to version 1.2.3 is CVE project by @Sn0wAlice Create: 2023-02-17 03:30:40 +0000 UTC Push: 2023-02-17 03:30:42 +0000 UTC |

Live-Hack-CVE/CVE-2023-24483 A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:36 +0000 UTC Push: 2023-02-17 03:30:38 +0000 UTC |

Live-Hack-CVE/CVE-2023-23936 Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:33 +0000 UTC Push: 2023-02-17 03:30:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-24807 Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values CVE project by @Sn0wAlice Create: 2023-02-17 03:30:29 +0000 UTC Push: 2023-02-17 03:30:31 +0000 UTC |

Live-Hack-CVE/CVE-2023-24485 Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:25 +0000 UTC Push: 2023-02-17 03:30:27 +0000 UTC |

Live-Hack-CVE/CVE-2023-24484 A malicious user can cause log files to be written to a directory that they do not have permission to write to. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:21 +0000 UTC Push: 2023-02-17 03:30:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-23947 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All Argo CD versions starting with 2.3.0-rc1 and prior to 2.3.17, 2.4.23 2.5.11, and 2.6.2 are vulnerable to an improper authorization bug which allows users who have the ability to update at least one cluster secret to update any cluster secret. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:18 +0000 UTC Push: 2023-02-17 03:30:20 +0000 UTC |

Live-Hack-CVE/CVE-2023-24690 ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:08 +0000 UTC Push: 2023-02-17 03:30:10 +0000 UTC |

Live-Hack-CVE/CVE-2023-24236 TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules. CVE project by @Sn0wAlice Create: 2023-02-17 01:16:44 +0000 UTC Push: 2023-02-17 01:16:47 +0000 UTC |

Live-Hack-CVE/CVE-2023-22579 Due to improper parameter filtering in the sequalize js library, can a attacker peform injection. CVE project by @Sn0wAlice Create: 2023-02-17 01:16:41 +0000 UTC Push: 2023-02-17 01:16:43 +0000 UTC |

Live-Hack-CVE/CVE-2023-22578 Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections. CVE project by @Sn0wAlice Create: 2023-02-17 01:16:37 +0000 UTC Push: 2023-02-17 01:16:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-3843 In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters. CVE project by @Sn0wAlice Create: 2023-02-17 01:16:33 +0000 UTC Push: 2023-02-17 01:16:36 +0000 UTC |

Live-Hack-CVE/CVE-2023-25173 containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary CVE project by @Sn0wAlice Create: 2023-02-17 01:16:29 +0000 UTC Push: 2023-02-17 01:16:32 +0000 UTC |