TurtleARM/CVE-2023-0179-PoC Create: 2023-01-21 09:02:01 +0000 UTC Push: 2023-01-21 09:02:02 +0000 UTC |

Live-Hack-CVE/CVE-2020-16145 Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15. CVE project by @Sn0wAlice Create: 2023-01-21 07:23:42 +0000 UTC Push: 2023-01-21 07:23:45 +0000 UTC |

Live-Hack-CVE/CVE-2020-15953 LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response in CVE project by @Sn0wAlice Create: 2023-01-21 07:23:38 +0000 UTC Push: 2023-01-21 07:23:40 +0000 UTC |

Live-Hack-CVE/CVE-2023-24025 CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may allow universal forgeries of digital signatures via a template side-channel attack because of intermediate data leakage of one vector. CVE project by @Sn0wAlice Create: 2023-01-21 07:23:34 +0000 UTC Push: 2023-01-21 07:23:36 +0000 UTC |

Live-Hack-CVE/CVE-2023-23607 erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. The file /www/include/filesave.php allows for any file to uploaded to anywhere. If an attacker uploads a php file they can execute code on the s CVE project by @Sn0wAlice Create: 2023-01-21 07:23:30 +0000 UTC Push: 2023-01-21 07:23:32 +0000 UTC |

Live-Hack-CVE/CVE-2021-33642 When a file is processed, an infinite loop occurs in next_inline() of the more_curly() function. CVE project by @Sn0wAlice Create: 2023-01-21 07:23:27 +0000 UTC Push: 2023-01-21 07:23:29 +0000 UTC |

Live-Hack-CVE/CVE-2021-33641 When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory (use after free). CVE project by @Sn0wAlice Create: 2023-01-21 07:23:23 +0000 UTC Push: 2023-01-21 07:23:25 +0000 UTC |

Live-Hack-CVE/CVE-2020-25502 Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.343 and above, and 20.2.X and above has a DLL hijacking vulnerability, which could allow a local attacker to execute code with elevated privileges. CVE project by @Sn0wAlice Create: 2023-01-21 07:23:19 +0000 UTC Push: 2023-01-21 07:23:21 +0000 UTC |

Live-Hack-CVE/CVE-2022-46732 Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status. CVE project by @Sn0wAlice Create: 2023-01-21 07:23:09 +0000 UTC Push: 2023-01-21 07:23:11 +0000 UTC |

Live-Hack-CVE/CVE-2023-24028 In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function. CVE project by @Sn0wAlice Create: 2023-01-21 07:23:05 +0000 UTC Push: 2023-01-21 07:23:08 +0000 UTC |

Live-Hack-CVE/CVE-2023-24027 In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name. CVE project by @Sn0wAlice Create: 2023-01-21 07:23:01 +0000 UTC Push: 2023-01-21 07:23:04 +0000 UTC |

Live-Hack-CVE/CVE-2023-24026 In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload. CVE project by @Sn0wAlice Create: 2023-01-21 07:22:57 +0000 UTC Push: 2023-01-21 07:22:59 +0000 UTC |

Live-Hack-CVE/CVE-2023-22726 act is a project which allows for local running of github actions. The artifact server that stores artifacts from Github Action runs does not sanitize path inputs. This allows an attacker to download and overwrite arbitrary files on the host from a Github Action. This issue may lead to privilege escalation. The /upload CVE project by @Sn0wAlice Create: 2023-01-21 07:22:53 +0000 UTC Push: 2023-01-21 07:22:56 +0000 UTC |

Live-Hack-CVE/CVE-2023-0052 SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and mod CVE project by @Sn0wAlice Create: 2023-01-21 07:22:49 +0000 UTC Push: 2023-01-21 07:22:52 +0000 UTC |

Live-Hack-CVE/CVE-2019-20085 TVT NVMS-1000 devices allow GET /.. Directory Traversal CVE project by @Sn0wAlice Create: 2023-01-21 06:18:41 +0000 UTC Push: 2023-01-21 06:18:43 +0000 UTC |

Live-Hack-CVE/CVE-2019-20093 The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp. CVE project by @Sn0wAlice Create: 2023-01-21 06:18:37 +0000 UTC Push: 2023-01-21 06:18:39 +0000 UTC |

Live-Hack-CVE/CVE-2020-15562 An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists. CVE project by @Sn0wAlice Create: 2023-01-21 06:18:33 +0000 UTC Push: 2023-01-21 06:18:36 +0000 UTC |

Live-Hack-CVE/CVE-2020-6509 Use after free in extensions in Google Chrome prior to 83.0.4103.116 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. CVE project by @Sn0wAlice Create: 2023-01-21 06:18:29 +0000 UTC Push: 2023-01-21 06:18:32 +0000 UTC |

Live-Hack-CVE/CVE-2020-13625 PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message. CVE project by @Sn0wAlice Create: 2023-01-21 06:18:25 +0000 UTC Push: 2023-01-21 06:18:28 +0000 UTC |

Live-Hack-CVE/CVE-2019-4343 IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information. An attacker could exploit this vulnerability to access content that should be restricted. IBM X-Force ID: 161422. CVE project by @Sn0wAlice Create: 2023-01-21 06:18:22 +0000 UTC Push: 2023-01-21 06:18:24 +0000 UTC |