Live-Hack-CVE/CVE-2023-25153 containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in contai CVE project by @Sn0wAlice Create: 2023-02-17 01:16:26 +0000 UTC Push: 2023-02-17 01:16:28 +0000 UTC |

Live-Hack-CVE/CVE-2023-24238 TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules. CVE project by @Sn0wAlice Create: 2023-02-17 01:16:22 +0000 UTC Push: 2023-02-17 01:16:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-22580 Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure. CVE project by @Sn0wAlice Create: 2023-02-17 01:16:18 +0000 UTC Push: 2023-02-17 01:16:21 +0000 UTC |

Live-Hack-CVE/CVE-2023-22735 Zulip is an open-source team collaboration tool. In versions of zulip prior to commit `2f6c5a8` but after commit `04cf68b` users could upload files with arbitrary `Content-Type` which would be served from the Zulip hostname with `Content-Disposition: inline` and no `Content-Security-Policy` header, allowing them to tri CVE project by @Sn0wAlice Create: 2023-02-17 01:16:15 +0000 UTC Push: 2023-02-17 01:16:17 +0000 UTC |

Live-Hack-CVE/CVE-2023-24814 TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows attackers to inject malicious content. In combination with th CVE project by @Sn0wAlice Create: 2023-02-17 01:16:10 +0000 UTC Push: 2023-02-17 01:16:12 +0000 UTC |

Live-Hack-CVE/CVE-2023-23926 APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. An XML External Entity (XXE) vulnerability found in the apoc.import.graphml procedure of APOC core plugin prior to version 5.5.0 in Neo4j graph database. XML External Entity (XXE) injection occurs when the XML parser allows external entities to be reso CVE project by @Sn0wAlice Create: 2023-02-17 01:16:06 +0000 UTC Push: 2023-02-17 01:16:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-23558 In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local attacker can create /tmp/.sentry-native-etserver with mode 0777 before the etserver process is started. The attacker can choose to read sensitive information from that file, or modify the information in that file. CVE project by @Sn0wAlice Create: 2023-02-17 01:16:02 +0000 UTC Push: 2023-02-17 01:16:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-48308 It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to interc CVE project by @Sn0wAlice Create: 2023-02-17 01:15:59 +0000 UTC Push: 2023-02-17 01:16:01 +0000 UTC |

Live-Hack-CVE/CVE-2022-48307 It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to inter CVE project by @Sn0wAlice Create: 2023-02-17 01:15:55 +0000 UTC Push: 2023-02-17 01:15:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-48306 Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify netwo CVE project by @Sn0wAlice Create: 2023-02-17 01:15:52 +0000 UTC Push: 2023-02-17 01:15:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-27897 Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch server. CVE project by @Sn0wAlice Create: 2023-02-17 01:15:48 +0000 UTC Push: 2023-02-17 01:15:50 +0000 UTC |

Live-Hack-CVE/CVE-2022-27892 Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service. CVE project by @Sn0wAlice Create: 2023-02-17 01:15:44 +0000 UTC Push: 2023-02-17 01:15:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-27891 Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected services to the latest versio CVE project by @Sn0wAlice Create: 2023-02-17 01:15:41 +0000 UTC Push: 2023-02-17 01:15:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-27890 It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to interc CVE project by @Sn0wAlice Create: 2023-02-17 01:15:37 +0000 UTC Push: 2023-02-17 01:15:39 +0000 UTC |

Live-Hack-CVE/CVE-2021-40555 Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows attackers to execute arbitrary code via description field on the new page creation form. CVE project by @Sn0wAlice Create: 2023-02-17 01:15:34 +0000 UTC Push: 2023-02-17 01:15:36 +0000 UTC |

Live-Hack-CVE/CVE-2023-23931 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus CVE project by @Sn0wAlice Create: 2023-02-17 01:15:28 +0000 UTC Push: 2023-02-17 01:15:30 +0000 UTC |

Argonx21/CVE-2022-47373 Reflected Cross Site Scripting Vulnerability in PandoraFMS <= v766 Create: 2023-02-17 01:10:25 +0000 UTC Push: 2023-02-17 01:10:26 +0000 UTC |

damodarnaik/CVE-2022-45436 Create: 2023-02-17 01:03:30 +0000 UTC Push: 2023-02-17 01:03:30 +0000 UTC |

Argonx21/CVE-2022-43980 Stored Cross Site Scripting Vulnerability in the network maps edit functionality Create: 2023-02-17 00:42:12 +0000 UTC Push: 2023-02-17 00:42:13 +0000 UTC |

Live-Hack-CVE/CVE-2022-43969 Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials. CVE project by @Sn0wAlice Create: 2023-02-17 00:07:22 +0000 UTC Push: 2023-02-17 00:07:24 +0000 UTC |