Live-Hack-CVE/CVE-2022-41139 MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on agents. CVE project by @Sn0wAlice Create: 2022-12-29 10:13:23 +0000 UTC Push: 2022-12-29 10:13:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-39403 Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. Successful attacks r CVE project by @Sn0wAlice Create: 2022-12-29 09:32:04 +0000 UTC Push: 2022-12-29 09:32:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-39301 sra-admin is a background rights management system that separates the front and back end. sra-admin version 1.1.1 has a storage cross-site scripting (XSS) vulnerability. After logging into the sra-admin background, an attacker can upload an html page containing xss attack code in "Personal Center" - "Profile Picture Up CVE project by @Sn0wAlice Create: 2022-12-29 08:50:51 +0000 UTC Push: 2022-12-29 08:50:53 +0000 UTC |

Live-Hack-CVE/CVE-2020-24403 Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the REST API. CVE project by @Sn0wAlice Create: 2022-12-29 08:09:41 +0000 UTC Push: 2022-12-29 08:09:43 +0000 UTC |

Live-Hack-CVE/CVE-2021-34748 A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web CVE project by @Sn0wAlice Create: 2022-12-29 07:28:04 +0000 UTC Push: 2022-12-29 07:28:04 +0000 UTC |

Live-Hack-CVE/CVE-2021-21684 Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability. CVE project by @Sn0wAlice Create: 2022-12-29 06:46:53 +0000 UTC Push: 2022-12-29 06:46:55 +0000 UTC |

Live-Hack-CVE/CVE-2020-2687 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successf CVE project by @Sn0wAlice Create: 2022-12-29 06:05:24 +0000 UTC Push: 2022-12-29 06:05:26 +0000 UTC |

Live-Hack-CVE/CVE-2021-24036 Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81. CVE project by @Sn0wAlice Create: 2022-12-29 05:23:55 +0000 UTC Push: 2022-12-29 05:23:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-2819 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. CVE project by @Sn0wAlice Create: 2022-12-29 04:42:13 +0000 UTC Push: 2022-12-29 04:42:15 +0000 UTC |

Live-Hack-CVE/CVE-2021-36776 A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. This issue affects: SUSE Rancher Rancher versions prior to 2.5.10. CVE project by @Sn0wAlice Create: 2022-12-29 04:00:30 +0000 UTC Push: 2022-12-29 04:00:32 +0000 UTC |

Live-Hack-CVE/CVE-2021-37624 FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing. By default, SIP req CVE project by @Sn0wAlice Create: 2022-12-29 03:18:41 +0000 UTC Push: 2022-12-29 03:18:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-3071 Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. CVE project by @Sn0wAlice Create: 2022-12-29 02:35:46 +0000 UTC Push: 2022-12-29 02:35:48 +0000 UTC |

nandin787/Jpg-Png-Exploit-Downloader-Fud-Cryter-Malware-Builder-Cve-2022 Create: 2022-12-29 02:29:22 +0000 UTC Push: 2022-12-29 02:29:23 +0000 UTC |

nandin787/Discord-Image-Token-Password-Grabber-Exploit-Cve-2022 Create: 2022-12-29 02:27:41 +0000 UTC Push: 2022-12-29 02:27:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-39362 Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase CVE project by @Sn0wAlice Create: 2022-12-29 01:53:52 +0000 UTC Push: 2022-12-29 01:53:54 +0000 UTC |

Live-Hack-CVE/CVE-2021-39929 Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file CVE project by @Sn0wAlice Create: 2022-12-29 01:12:06 +0000 UTC Push: 2022-12-29 01:12:08 +0000 UTC |

Live-Hack-CVE/CVE-2022-3409 A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. This vulnerability was identified during mitigation for CVE-2022-2809. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart CVE project by @Sn0wAlice Create: 2022-12-29 00:30:24 +0000 UTC Push: 2022-12-29 00:30:26 +0000 UTC |

Live-Hack-CVE/CVE-2022-3380 The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. CVE project by @Sn0wAlice Create: 2022-12-28 23:48:01 +0000 UTC Push: 2022-12-28 23:48:03 +0000 UTC |

Live-Hack-CVE/CVE-2021-27784 The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages. CVE project by @Sn0wAlice Create: 2022-12-28 23:06:14 +0000 UTC Push: 2022-12-28 23:06:16 +0000 UTC |

Live-Hack-CVE/CVE-2022-32899 The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. CVE project by @Sn0wAlice Create: 2022-12-28 22:24:51 +0000 UTC Push: 2022-12-28 22:24:53 +0000 UTC |