unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
Github CVE
Github Tools
编码/解码
文件传输
管理
Twitter Bot
Telegram Bot
Search
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2019-20387
repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema. CVE project by @Sn0wAlice
Create: 2023-02-01 06:07:43 +0800 CST Push: 2023-02-01 06:07:45 +0800 CST |
Live-Hack-CVE/CVE-2018-3914
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 2000 bytes. An attacker can send an arbitrarily l CVE project by @Sn0wAlice
Create: 2023-02-01 06:07:39 +0800 CST Push: 2023-02-01 06:07:41 +0800 CST |
Live-Hack-CVE/CVE-2019-3691
A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1. openSUSE Factory munge versio CVE project by @Sn0wAlice
Create: 2023-02-01 06:07:34 +0800 CST Push: 2023-02-01 06:07:37 +0800 CST |
Live-Hack-CVE/CVE-2019-19547
Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access contr CVE project by @Sn0wAlice
Create: 2023-02-01 06:07:30 +0800 CST Push: 2023-02-01 06:07:33 +0800 CST |
Live-Hack-CVE/CVE-2019-20361
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability). CVE project by @Sn0wAlice
Create: 2023-02-01 06:07:27 +0800 CST Push: 2023-02-01 06:07:29 +0800 CST |
Live-Hack-CVE/CVE-2019-17190
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the elevated process cl CVE project by @Sn0wAlice
Create: 2023-02-01 06:07:22 +0800 CST Push: 2023-02-01 06:07:25 +0800 CST |
Live-Hack-CVE/CVE-2020-1767
Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and prior ver CVE project by @Sn0wAlice
Create: 2023-02-01 06:07:18 +0800 CST Push: 2023-02-01 06:07:21 +0800 CST |
Live-Hack-CVE/CVE-2019-18859
Digi AnywhereUSB 14 allows XSS via a link for the Digi Page. CVE project by @Sn0wAlice
Create: 2023-02-01 06:07:15 +0800 CST Push: 2023-02-01 06:07:17 +0800 CST |
Live-Hack-CVE/CVE-2020-7108
The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field. CVE project by @Sn0wAlice
Create: 2023-02-01 06:07:11 +0800 CST Push: 2023-02-01 06:07:13 +0800 CST |
Live-Hack-CVE/CVE-2020-7105
async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked. CVE project by @Sn0wAlice
Create: 2023-02-01 06:07:07 +0800 CST Push: 2023-02-01 06:07:10 +0800 CST |
Halcy0nic/CVE-2022-36234
Create: 2023-02-01 04:59:35 +0800 CST Push: 2023-02-01 04:59:35 +0800 CST |
Live-Hack-CVE/CVE-2022-45172
An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected by flaws in authorizati CVE project by @Sn0wAlice
Create: 2023-02-01 03:58:26 +0800 CST Push: 2023-02-01 03:58:28 +0800 CST |
Live-Hack-CVE/CVE-2022-47854
i-librarian 4.10 is vulnerable to Arbitrary file upload in ajaxsupplement.php. CVE project by @Sn0wAlice
Create: 2023-02-01 03:58:22 +0800 CST Push: 2023-02-01 03:58:25 +0800 CST |
Live-Hack-CVE/CVE-2022-47701
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting (XSS). CVE project by @Sn0wAlice
Create: 2023-02-01 03:58:19 +0800 CST Push: 2023-02-01 03:58:21 +0800 CST |
Live-Hack-CVE/CVE-2022-47700
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Incorrect Access Control. Improper authentication allows requests to be made to back-end scripts without a valid session or authentication. CVE project by @Sn0wAlice
Create: 2023-02-01 03:58:15 +0800 CST Push: 2023-02-01 03:58:17 +0800 CST |
Live-Hack-CVE/CVE-2022-47699
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Incorrect Access Control. CVE project by @Sn0wAlice
Create: 2023-02-01 03:58:12 +0800 CST Push: 2023-02-01 03:58:14 +0800 CST |
Live-Hack-CVE/CVE-2022-47698
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting (XSS) via the URL filtering feature in the router. CVE project by @Sn0wAlice
Create: 2023-02-01 03:58:08 +0800 CST Push: 2023-02-01 03:58:10 +0800 CST |
Live-Hack-CVE/CVE-2022-47697
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Account takeover. Anyone can reset the password of the admin accounts. CVE project by @Sn0wAlice
Create: 2023-02-01 03:58:04 +0800 CST Push: 2023-02-01 03:58:06 +0800 CST |
Live-Hack-CVE/CVE-2023-22610
A CWE-285: Improper Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure™ Geo SCADA Expert 2019, EcoStruxure™ Geo SCADA Expert 2020, EcoStruxure™ Geo SCADA Expert CVE project by @Sn0wAlice
Create: 2023-02-01 03:58:01 +0800 CST Push: 2023-02-01 03:58:03 +0800 CST |
Live-Hack-CVE/CVE-2022-0316
The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill doe CVE project by @Sn0wAlice
Create: 2023-02-01 03:57:57 +0800 CST Push: 2023-02-01 03:57:59 +0800 CST |
Previous
14
15
16
17
18
19
20
21
Next