Live-Hack-CVE/CVE-2022-39040 aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. CVE project by @Sn0wAlice Create: 2023-01-03 14:37:43 +0000 UTC Push: 2023-01-03 14:37:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-39039 aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTP(s) request to launch Server-Side Request Forgery (SSRF) attack, to perform arbitrary system command or disrupt service. CVE project by @Sn0wAlice Create: 2023-01-03 14:37:39 +0000 UTC Push: 2023-01-03 14:37:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-43931 Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors. CVE project by @Sn0wAlice Create: 2023-01-03 14:37:34 +0000 UTC Push: 2023-01-03 14:37:37 +0000 UTC |

Trinadh465/frameworks_minikin_AOSP10_r33-CVE-2022-20473 Create: 2023-01-03 12:51:12 +0000 UTC Push: 2023-01-03 12:51:12 +0000 UTC |

wh-gov/CVE-2022-46366 CVE-2022-46366 Create: 2023-01-03 12:04:29 +0000 UTC Push: 2023-01-03 12:04:30 +0000 UTC |

Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20470 Create: 2023-01-03 11:43:46 +0000 UTC Push: 2023-01-03 11:43:46 +0000 UTC |

LalieA/CVE-2021-46398 A Proof of Concept for the CVE-2021-46398 flaw exploitation Create: 2023-01-03 09:49:22 +0000 UTC Push: 2023-09-10 23:04:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-4025 Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low) CVE project by @Sn0wAlice Create: 2023-01-03 09:12:30 +0000 UTC Push: 2023-01-03 09:12:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-3863 Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) CVE project by @Sn0wAlice Create: 2023-01-03 09:12:25 +0000 UTC Push: 2023-01-03 09:12:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-3842 Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE project by @Sn0wAlice Create: 2023-01-03 09:12:21 +0000 UTC Push: 2023-01-03 09:12:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-2743 Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High) CVE project by @Sn0wAlice Create: 2023-01-03 09:12:17 +0000 UTC Push: 2023-01-03 09:12:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-2742 Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chrome security severity: High) CVE project by @Sn0wAlice Create: 2023-01-03 09:12:12 +0000 UTC Push: 2023-01-03 09:12:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-0801 Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium) CVE project by @Sn0wAlice Create: 2023-01-03 09:12:08 +0000 UTC Push: 2023-01-03 09:12:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-0337 Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. (Chrome security severity: High) CVE project by @Sn0wAlice Create: 2023-01-03 09:12:05 +0000 UTC Push: 2023-01-03 09:12:07 +0000 UTC |

Live-Hack-CVE/CVE-2021-30558 Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chrome security severity: Medium) CVE project by @Sn0wAlice Create: 2023-01-03 09:12:01 +0000 UTC Push: 2023-01-03 09:12:03 +0000 UTC |

Live-Hack-CVE/CVE-2021-21200 Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low) CVE project by @Sn0wAlice Create: 2023-01-03 09:11:56 +0000 UTC Push: 2023-01-03 09:11:59 +0000 UTC |

Live-Hack-CVE/CVE-2019-13768 Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: High) CVE project by @Sn0wAlice Create: 2023-01-03 09:11:52 +0000 UTC Push: 2023-01-03 09:11:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-3460 In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview. CVE project by @Sn0wAlice Create: 2023-01-03 09:11:48 +0000 UTC Push: 2023-01-03 09:11:51 +0000 UTC |

Live-Hack-CVE/CVE-2022-4324 The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog. CVE project by @Sn0wAlice Create: 2023-01-03 08:07:06 +0000 UTC Push: 2023-01-03 08:07:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-4302 The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. CVE project by @Sn0wAlice Create: 2023-01-03 08:07:03 +0000 UTC Push: 2023-01-03 08:07:05 +0000 UTC |