Live-Hack-CVE/CVE-2023-25572 react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and using the `<RichTextField> CVE project by @Sn0wAlice Create: 2023-02-14 07:42:03 +0000 UTC Push: 2023-02-14 07:42:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-25241 bgERP v22.31 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:59 +0000 UTC Push: 2023-02-14 07:42:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-25240 An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:55 +0000 UTC Push: 2023-02-14 07:41:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-25162 Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to 24.0.8 and 23.0.12 and Nextcloud Enterprise server prior to 24.0.8 and 23.0.12 are vulnerable to server-side request forgery (SSRF). Attackers can leverage enclosed alphanumeric payloads to bypass CVE project by @Sn0wAlice Create: 2023-02-14 07:41:52 +0000 UTC Push: 2023-02-14 07:41:54 +0000 UTC |

Live-Hack-CVE/CVE-2023-25161 Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 25.0.1 24.0.8, and 23.0.12 missing rate limiting on password reset functionality. This could result in service slowdown, storage overflow, or cost impact wh CVE project by @Sn0wAlice Create: 2023-02-14 07:41:48 +0000 UTC Push: 2023-02-14 07:41:50 +0000 UTC |

Live-Hack-CVE/CVE-2023-25160 Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25, Mail 1.14.5 for Nextcloud 22-24, Mail 1. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:44 +0000 UTC Push: 2023-02-14 07:41:47 +0000 UTC |

Live-Hack-CVE/CVE-2023-24648 Zstore v6.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:40 +0000 UTC Push: 2023-02-14 07:41:43 +0000 UTC |

Live-Hack-CVE/CVE-2023-24647 Food Ordering System v2.0 was discovered to contain a SQL injection vulnerability via the email parameter. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:37 +0000 UTC Push: 2023-02-14 07:41:39 +0000 UTC |

Live-Hack-CVE/CVE-2023-24646 An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:33 +0000 UTC Push: 2023-02-14 07:41:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-24086 SLIMS v9.5.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /customs/loan_by_class.php?reportView. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:29 +0000 UTC Push: 2023-02-14 07:41:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-4905 A vulnerability was found in UDX Stateless Media Plugin 3.1.1. It has been declared as problematic. This vulnerability affects the function setup_wizard_interface of the file lib/classes/class-settings.php. The manipulation of the argument settings leads to cross site scripting. The attack can be initiated remotely. Up CVE project by @Sn0wAlice Create: 2023-02-14 07:41:26 +0000 UTC Push: 2023-02-14 07:41:28 +0000 UTC |

Live-Hack-CVE/CVE-2023-24084 ChiKoi v1.0 was discovered to contain a SQL injection vulnerability via the load_file function. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:22 +0000 UTC Push: 2023-02-14 07:41:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-45962 Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via CalendarModal.php. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:19 +0000 UTC Push: 2023-02-14 07:41:21 +0000 UTC |

Live-Hack-CVE/CVE-2022-0355 Exposure of Sensitive Information to an Unauthorized Actor in NPM simple-get prior to 4.0.1. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:15 +0000 UTC Push: 2023-02-14 07:41:17 +0000 UTC |

Live-Hack-CVE/CVE-2023-0819 Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:10 +0000 UTC Push: 2023-02-14 07:41:13 +0000 UTC |

Live-Hack-CVE/CVE-2023-0818 Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:06 +0000 UTC Push: 2023-02-14 07:41:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-0817 Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:03 +0000 UTC Push: 2023-02-14 07:41:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-47034 A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to bypass authentication. CVE project by @Sn0wAlice Create: 2023-02-14 07:40:59 +0000 UTC Push: 2023-02-14 07:41:02 +0000 UTC |

Live-Hack-CVE/CVE-2015-10079 A vulnerability was found in juju2143 WalrusIRC 0.0.2. It has been rated as problematic. This issue affects the function parseLinks of the file public/parser.js. The manipulation of the argument text leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 0.0.3 is able to address this CVE project by @Sn0wAlice Create: 2023-02-14 07:40:56 +0000 UTC Push: 2023-02-14 07:40:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-25719 ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to execute malicious queri CVE project by @Sn0wAlice Create: 2023-02-14 05:27:31 +0000 UTC Push: 2023-02-14 05:27:34 +0000 UTC |