Live-Hack-CVE/CVE-2022-45766 Hardcoded credentials in Global Facilities Management Software (GFMS) Version 3 software distributed by Key Systems Management permits remote attackers to impact availability, confidentiality, accessibility and dependability of electronic key boxes. CVE project by @Sn0wAlice Create: 2023-02-18 04:01:41 +0000 UTC Push: 2023-02-18 04:01:44 +0000 UTC |

Live-Hack-CVE/CVE-2023-0777 Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. CVE project by @Sn0wAlice Create: 2023-02-18 04:01:37 +0000 UTC Push: 2023-02-18 04:01:39 +0000 UTC |

and0x00/CVE-2021-32789 ? Wordpress WooCommerce users dump exploit Create: 2023-02-18 03:51:24 +0000 UTC Push: 2023-02-18 03:51:25 +0000 UTC |

Live-Hack-CVE/CVE-2023-24388 Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete). CVE project by @Sn0wAlice Create: 2023-02-18 01:48:14 +0000 UTC Push: 2023-02-18 01:48:17 +0000 UTC |

Live-Hack-CVE/CVE-2023-24329 An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. CVE project by @Sn0wAlice Create: 2023-02-18 01:48:11 +0000 UTC Push: 2023-02-18 01:48:12 +0000 UTC |

Live-Hack-CVE/CVE-2023-23899 Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extensions For CF7 plugin <= 2.0.8 versions leads to arbitrary plugin activation. CVE project by @Sn0wAlice Create: 2023-02-18 01:48:07 +0000 UTC Push: 2023-02-18 01:48:10 +0000 UTC |

Live-Hack-CVE/CVE-2022-45701 Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature. CVE project by @Sn0wAlice Create: 2023-02-18 01:48:04 +0000 UTC Push: 2023-02-18 01:48:06 +0000 UTC |

Live-Hack-CVE/CVE-2020-29168 SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attackers to gain sensitive information via the q parameter to the getuser.php endpoint. CVE project by @Sn0wAlice Create: 2023-02-18 01:48:00 +0000 UTC Push: 2023-02-18 01:48:02 +0000 UTC |

Live-Hack-CVE/CVE-2023-21431 Improper input validation in Bixby Vision prior to version 3.7.70.17 allows attacker to access data of Bixby Vision. CVE project by @Sn0wAlice Create: 2023-02-18 01:47:55 +0000 UTC Push: 2023-02-18 01:47:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-21433 Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. CVE project by @Sn0wAlice Create: 2023-02-18 01:47:52 +0000 UTC Push: 2023-02-18 01:47:54 +0000 UTC |

Live-Hack-CVE/CVE-2023-21443 Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands. CVE project by @Sn0wAlice Create: 2023-02-18 01:47:49 +0000 UTC Push: 2023-02-18 01:47:51 +0000 UTC |

Live-Hack-CVE/CVE-2023-21444 Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands. CVE project by @Sn0wAlice Create: 2023-02-18 01:47:45 +0000 UTC Push: 2023-02-18 01:47:47 +0000 UTC |

Live-Hack-CVE/CVE-2023-21447 Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud's privilege via implicit intent. CVE project by @Sn0wAlice Create: 2023-02-18 01:47:41 +0000 UTC Push: 2023-02-18 01:47:44 +0000 UTC |

Live-Hack-CVE/CVE-2023-21448 Path traversal vulnerability in Samsung Cloud prior to version 5.3.0.32 allows attacker to access specific png file. CVE project by @Sn0wAlice Create: 2023-02-18 01:47:38 +0000 UTC Push: 2023-02-18 01:47:40 +0000 UTC |

Live-Hack-CVE/CVE-2023-21450 Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner's widget without authorization via gesture setting. CVE project by @Sn0wAlice Create: 2023-02-18 01:47:34 +0000 UTC Push: 2023-02-18 01:47:37 +0000 UTC |

Live-Hack-CVE/CVE-2023-23007 An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added. CVE project by @Sn0wAlice Create: 2023-02-18 01:47:29 +0000 UTC Push: 2023-02-18 01:47:31 +0000 UTC |

Live-Hack-CVE/CVE-2022-47986 IBM Aspera Faspex 4.4.1 could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 CVE project by @Sn0wAlice Create: 2023-02-18 01:47:25 +0000 UTC Push: 2023-02-18 01:47:27 +0000 UTC |

Live-Hack-CVE/CVE-2023-23592 WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information. CVE project by @Sn0wAlice Create: 2023-02-18 01:47:21 +0000 UTC Push: 2023-02-18 01:47:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-21940 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie. CVE project by @Sn0wAlice Create: 2023-02-18 01:47:17 +0000 UTC Push: 2023-02-18 01:47:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-45699 Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter. CVE project by @Sn0wAlice Create: 2023-02-18 01:47:13 +0000 UTC Push: 2023-02-18 01:47:15 +0000 UTC |