Live-Hack-CVE/CVE-2022-47936 A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.1 (All versions < V35.1.150). The affected application con CVE project by @Sn0wAlice Create: 2023-02-14 23:16:28 +0000 UTC Push: 2023-02-14 23:16:31 +0000 UTC |

Live-Hack-CVE/CVE-2022-35868 A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions). Affected applications contain an untrusted search path vulnera CVE project by @Sn0wAlice Create: 2023-02-14 23:16:24 +0000 UTC Push: 2023-02-14 23:16:27 +0000 UTC |

Live-Hack-CVE/CVE-2022-31808 A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V2.85.44), SiPass integrated ACC-AP (All versions < V2.85.43). Affected devices improperly sanitize user input on the telnet command line interface. This could allow an authenticated user to escalate privileges by injecting arbitra CVE project by @Sn0wAlice Create: 2023-02-14 23:16:20 +0000 UTC Push: 2023-02-14 23:16:23 +0000 UTC |

Live-Hack-CVE/CVE-2023-25149 TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run with a locked down `search CVE project by @Sn0wAlice Create: 2023-02-14 23:16:16 +0000 UTC Push: 2023-02-14 23:16:19 +0000 UTC |

Live-Hack-CVE/CVE-2023-25141 Apache Sling JCR Base < 3.1.12 has a critical injection vulnerability when running on old JDK versions (JDK 1.8.191 or earlier) through utility functions in RepositoryAccessor. The functions getRepository and getRepositoryFromURL allow an application to access data stored in a remote location via JDNI and RMI. Users of CVE project by @Sn0wAlice Create: 2023-02-14 23:16:12 +0000 UTC Push: 2023-02-14 23:16:15 +0000 UTC |

Live-Hack-CVE/CVE-2023-0827 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 1.5.17. CVE project by @Sn0wAlice Create: 2023-02-14 23:16:08 +0000 UTC Push: 2023-02-14 23:16:11 +0000 UTC |

Live-Hack-CVE/CVE-2023-0173 The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2023-02-14 23:16:03 +0000 UTC Push: 2023-02-14 23:16:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-0171 The jQuery T(-) Countdown Widget WordPress plugin before 2.3.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2023-02-14 23:15:59 +0000 UTC Push: 2023-02-14 23:16:02 +0000 UTC |

Live-Hack-CVE/CVE-2023-0174 The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2023-02-14 23:15:55 +0000 UTC Push: 2023-02-14 23:15:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-0236 The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin CVE project by @Sn0wAlice Create: 2023-02-14 23:15:52 +0000 UTC Push: 2023-02-14 23:15:54 +0000 UTC |

Live-Hack-CVE/CVE-2023-0178 The Annual Archive WordPress plugin before 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2023-02-14 23:15:48 +0000 UTC Push: 2023-02-14 23:15:50 +0000 UTC |

Live-Hack-CVE/CVE-2023-0176 The Giveaways and Contests by RafflePress WordPress plugin before 1.11.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2023-02-14 23:15:44 +0000 UTC Push: 2023-02-14 23:15:46 +0000 UTC |

Live-Hack-CVE/CVE-2021-32936 An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or exe CVE project by @Sn0wAlice Create: 2023-02-14 22:10:28 +0000 UTC Push: 2023-02-14 22:10:30 +0000 UTC |

Live-Hack-CVE/CVE-2021-43391 An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can CVE project by @Sn0wAlice Create: 2023-02-14 22:10:22 +0000 UTC Push: 2023-02-14 22:10:24 +0000 UTC |

Live-Hack-CVE/CVE-2021-43336 An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an alloc CVE project by @Sn0wAlice Create: 2023-02-14 22:10:17 +0000 UTC Push: 2023-02-14 22:10:21 +0000 UTC |

Live-Hack-CVE/CVE-2023-25065 Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tabs – Responsive Tabs Plugin for WordPress plugin <= 2.1.14 versions. CVE project by @Sn0wAlice Create: 2023-02-14 22:09:58 +0000 UTC Push: 2023-02-14 22:10:00 +0000 UTC |

Live-Hack-CVE/CVE-2023-24382 Cross-Site Request Forgery (CSRF) vulnerability in Photon WP Material Design Icons for Page Builders plugin <= 1.4.2 versions. CVE project by @Sn0wAlice Create: 2023-02-14 22:09:54 +0000 UTC Push: 2023-02-14 22:09:56 +0000 UTC |

Live-Hack-CVE/CVE-2023-24377 Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.3 versions. CVE project by @Sn0wAlice Create: 2023-02-14 22:09:50 +0000 UTC Push: 2023-02-14 22:09:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-46862 Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.7 versions. CVE project by @Sn0wAlice Create: 2023-02-14 22:09:46 +0000 UTC Push: 2023-02-14 22:09:49 +0000 UTC |

Live-Hack-CVE/CVE-2023-25066 Cross-Site Request Forgery (CSRF) vulnerability in FolioVision FV Flowplayer Video Player plugin <= 7.5.30.7212 versions. CVE project by @Sn0wAlice Create: 2023-02-14 19:56:15 +0000 UTC Push: 2023-02-14 19:56:18 +0000 UTC |