Live-Hack-CVE/CVE-2022-4473 The Widget Shortcode WordPress plugin through 0.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as adm CVE project by @Sn0wAlice Create: 2023-02-14 02:06:54 +0000 UTC Push: 2023-02-14 02:06:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-4471 The YARPP WordPress plugin through 5.30.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. CVE project by @Sn0wAlice Create: 2023-02-14 02:06:50 +0000 UTC Push: 2023-02-14 02:06:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-4458 The amr shortcode any widget WordPress plugin through 4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such CVE project by @Sn0wAlice Create: 2023-02-14 02:06:46 +0000 UTC Push: 2023-02-14 02:06:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-4448 The GiveWP WordPress plugin before 2.24.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks CVE project by @Sn0wAlice Create: 2023-02-14 02:06:42 +0000 UTC Push: 2023-02-14 02:06:45 +0000 UTC |

Live-Hack-CVE/CVE-2022-4445 The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. CVE project by @Sn0wAlice Create: 2023-02-14 02:06:39 +0000 UTC Push: 2023-02-14 02:06:41 +0000 UTC |

Live-Hack-CVE/CVE-2022-40022 Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability. CVE project by @Sn0wAlice Create: 2023-02-14 02:06:35 +0000 UTC Push: 2023-02-14 02:06:37 +0000 UTC |

Live-Hack-CVE/CVE-2022-3891 The WP FullCalendar WordPress plugin before 1.5 does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected ones. CVE project by @Sn0wAlice Create: 2023-02-14 02:06:31 +0000 UTC Push: 2023-02-14 02:06:34 +0000 UTC |

Live-Hack-CVE/CVE-2023-23937 Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature (p.e. GIF89) and CVE project by @Sn0wAlice Create: 2023-02-14 02:06:27 +0000 UTC Push: 2023-02-14 02:06:30 +0000 UTC |

Live-Hack-CVE/CVE-2021-37374 ** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Clip all firmware versions allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates t CVE project by @Sn0wAlice Create: 2023-02-14 02:06:24 +0000 UTC Push: 2023-02-14 02:06:26 +0000 UTC |

Live-Hack-CVE/CVE-2022-45725 Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request CVE project by @Sn0wAlice Create: 2023-02-13 23:54:53 +0000 UTC Push: 2023-02-13 23:54:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-45724 Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSION_ID, and using this SESSION_ID an attacker can then perform authenticated requests. CVE project by @Sn0wAlice Create: 2023-02-13 23:54:49 +0000 UTC Push: 2023-02-13 23:54:51 +0000 UTC |

Live-Hack-CVE/CVE-2021-37315 Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the source for COPY and MOVE operations. CVE project by @Sn0wAlice Create: 2023-02-13 23:54:43 +0000 UTC Push: 2023-02-13 23:54:45 +0000 UTC |

Live-Hack-CVE/CVE-2021-37317 Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations. CVE project by @Sn0wAlice Create: 2023-02-13 23:54:36 +0000 UTC Push: 2023-02-13 23:54:38 +0000 UTC |

Live-Hack-CVE/CVE-2020-36661 A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic. This vulnerability affects the function is_header of the file src/multipart.lua. The manipulation leads to inefficient regular expression complexity. Upgrading to version 0.5.9-1 is able to address this issue. The name of the CVE project by @Sn0wAlice Create: 2023-02-13 21:42:38 +0000 UTC Push: 2023-02-13 21:42:40 +0000 UTC |

Live-Hack-CVE/CVE-2023-22367 Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0 improperly verify server certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. CVE project by @Sn0wAlice Create: 2023-02-13 21:42:31 +0000 UTC Push: 2023-02-13 21:42:34 +0000 UTC |

Live-Hack-CVE/CVE-2023-22362 SUSHIRO App for Android outputs sensitive information to the log file, which may result in an attacker obtaining a credential information from the log file. Affected products/versions are as follows: SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUS CVE project by @Sn0wAlice Create: 2023-02-13 21:42:28 +0000 UTC Push: 2023-02-13 21:42:30 +0000 UTC |

Live-Hack-CVE/CVE-2023-22360 Use-after free vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process even when an error was detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. CVE project by @Sn0wAlice Create: 2023-02-13 21:42:23 +0000 UTC Push: 2023-02-13 21:42:26 +0000 UTC |

Live-Hack-CVE/CVE-2023-22353 Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing control management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbit CVE project by @Sn0wAlice Create: 2023-02-13 21:42:19 +0000 UTC Push: 2023-02-13 21:42:22 +0000 UTC |

Live-Hack-CVE/CVE-2023-22350 Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing parts management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitra CVE project by @Sn0wAlice Create: 2023-02-13 21:42:15 +0000 UTC Push: 2023-02-13 21:42:18 +0000 UTC |

Live-Hack-CVE/CVE-2023-22349 Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing screen management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitr CVE project by @Sn0wAlice Create: 2023-02-13 21:42:11 +0000 UTC Push: 2023-02-13 21:42:14 +0000 UTC |