Live-Hack-CVE/CVE-2022-26841 Insufficient control flow management for the Intel(R) SGX SDK software for Linux before version 2.16.100.1 may allow an authenticated user to potentially enable information disclosure via local access. CVE project by @Sn0wAlice Create: 2023-02-17 05:43:00 +0000 UTC Push: 2023-02-17 05:43:01 +0000 UTC |

Live-Hack-CVE/CVE-2022-40080 Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges. CVE project by @Sn0wAlice Create: 2023-02-17 05:42:57 +0000 UTC Push: 2023-02-17 05:42:59 +0000 UTC |

Live-Hack-CVE/CVE-2022-26076 Uncontrolled search path element in the Intel(R) oneAPI Deep Neural Network (oneDNN) before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice Create: 2023-02-17 05:42:53 +0000 UTC Push: 2023-02-17 05:42:55 +0000 UTC |

Live-Hack-CVE/CVE-2023-0745 Relative Path Traversal vulnerability in YugaByte, Inc. Yugabyte Managed (PlatformReplicationManager.Java modules) allows Path Traversal. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects Yugabyte Managed: from 2.0 through 2.13. CVE project by @Sn0wAlice Create: 2023-02-17 05:42:46 +0000 UTC Push: 2023-02-17 05:42:48 +0000 UTC |

Live-Hack-CVE/CVE-2023-0771 SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,develop. CVE project by @Sn0wAlice Create: 2023-02-17 03:31:09 +0000 UTC Push: 2023-02-17 03:31:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-3568 The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action CVE project by @Sn0wAlice Create: 2023-02-17 03:31:05 +0000 UTC Push: 2023-02-17 03:31:08 +0000 UTC |

Live-Hack-CVE/CVE-2022-1722 SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses CVE project by @Sn0wAlice Create: 2023-02-17 03:31:02 +0000 UTC Push: 2023-02-17 03:31:04 +0000 UTC |

Live-Hack-CVE/CVE-2022-1721 Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:58 +0000 UTC Push: 2023-02-17 03:31:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-1713 SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:54 +0000 UTC Push: 2023-02-17 03:30:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-1727 Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:51 +0000 UTC Push: 2023-02-17 03:30:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-1767 Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:47 +0000 UTC Push: 2023-02-17 03:30:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-1774 Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:43 +0000 UTC Push: 2023-02-17 03:30:46 +0000 UTC |

Live-Hack-CVE/CVE-2015-10076 A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has been declared as critical. Affected by this vulnerability is the function createTag of the file app/src/main/java/com/dimtion/shaarlier/TagsSource.java of the component Tag Handler. The manipulation leads to sql injection. Upgrading to version 1.2.3 is CVE project by @Sn0wAlice Create: 2023-02-17 03:30:40 +0000 UTC Push: 2023-02-17 03:30:42 +0000 UTC |

Live-Hack-CVE/CVE-2023-24483 A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:36 +0000 UTC Push: 2023-02-17 03:30:38 +0000 UTC |

Live-Hack-CVE/CVE-2023-23936 Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:33 +0000 UTC Push: 2023-02-17 03:30:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-24807 Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values CVE project by @Sn0wAlice Create: 2023-02-17 03:30:29 +0000 UTC Push: 2023-02-17 03:30:31 +0000 UTC |

Live-Hack-CVE/CVE-2023-24485 Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:25 +0000 UTC Push: 2023-02-17 03:30:27 +0000 UTC |

Live-Hack-CVE/CVE-2023-24484 A malicious user can cause log files to be written to a directory that they do not have permission to write to. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:21 +0000 UTC Push: 2023-02-17 03:30:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-23947 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All Argo CD versions starting with 2.3.0-rc1 and prior to 2.3.17, 2.4.23 2.5.11, and 2.6.2 are vulnerable to an improper authorization bug which allows users who have the ability to update at least one cluster secret to update any cluster secret. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:18 +0000 UTC Push: 2023-02-17 03:30:20 +0000 UTC |

Live-Hack-CVE/CVE-2023-24690 ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:08 +0000 UTC Push: 2023-02-17 03:30:10 +0000 UTC |