Live-Hack-CVE/CVE-2023-23931 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus CVE project by @Sn0wAlice Create: 2023-02-17 01:15:28 +0000 UTC Push: 2023-02-17 01:15:30 +0000 UTC |

Argonx21/CVE-2022-47373 Reflected Cross Site Scripting Vulnerability in PandoraFMS <= v766 Create: 2023-02-17 01:10:25 +0000 UTC Push: 2023-02-17 01:10:26 +0000 UTC |

damodarnaik/CVE-2022-45436 Create: 2023-02-17 01:03:30 +0000 UTC Push: 2023-02-17 01:03:30 +0000 UTC |

Argonx21/CVE-2022-43980 Stored Cross Site Scripting Vulnerability in the network maps edit functionality Create: 2023-02-17 00:42:12 +0000 UTC Push: 2023-02-17 00:42:13 +0000 UTC |

Live-Hack-CVE/CVE-2022-43969 Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials. CVE project by @Sn0wAlice Create: 2023-02-17 00:07:22 +0000 UTC Push: 2023-02-17 00:07:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-38731 Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server's filesystem from which to load an image. (Only images are displayed to the attacker. All other files are loaded but not displayed.) The Content-Type r CVE project by @Sn0wAlice Create: 2023-02-17 00:07:18 +0000 UTC Push: 2023-02-17 00:07:20 +0000 UTC |

Live-Hack-CVE/CVE-2023-22953 In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user. CVE project by @Sn0wAlice Create: 2023-02-17 00:07:07 +0000 UTC Push: 2023-02-17 00:07:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-0574 Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulati CVE project by @Sn0wAlice Create: 2023-02-17 00:07:03 +0000 UTC Push: 2023-02-17 00:07:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-24813 Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of `image` tags and respects `xlink:href` even if `href` is specified. However, php-svg-lib, wh CVE project by @Sn0wAlice Create: 2023-02-17 00:06:54 +0000 UTC Push: 2023-02-17 00:06:57 +0000 UTC |

Live-Hack-CVE/CVE-2023-0705 Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) CVE project by @Sn0wAlice Create: 2023-02-17 00:06:50 +0000 UTC Push: 2023-02-17 00:06:53 +0000 UTC |

grandDancer/CVE-2017-5124-RCE-0-Day CVE-2017-5124 RCE 0-Day Create: 2023-02-16 23:36:38 +0000 UTC Push: 2023-02-16 23:37:40 +0000 UTC |

0xsu3ks/CVE-2023-0860 Create: 2023-02-16 21:49:20 +0000 UTC Push: 2023-02-16 21:49:21 +0000 UTC |

Live-Hack-CVE/CVE-2023-0662 In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. CVE project by @Sn0wAlice Create: 2023-02-16 19:38:25 +0000 UTC Push: 2023-02-16 19:38:27 +0000 UTC |

Live-Hack-CVE/CVE-2023-0568 In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unaut CVE project by @Sn0wAlice Create: 2023-02-16 19:38:22 +0000 UTC Push: 2023-02-16 19:38:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-0861 NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 b CVE project by @Sn0wAlice Create: 2023-02-16 19:38:18 +0000 UTC Push: 2023-02-16 19:38:20 +0000 UTC |

Live-Hack-CVE/CVE-2023-0862 The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges. This issue affects NSRW: from 4.3.0.0 befor CVE project by @Sn0wAlice Create: 2023-02-16 19:38:15 +0000 UTC Push: 2023-02-16 19:38:17 +0000 UTC |

Live-Hack-CVE/CVE-2023-0860 Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4. CVE project by @Sn0wAlice Create: 2023-02-16 19:38:11 +0000 UTC Push: 2023-02-16 19:38:14 +0000 UTC |

Live-Hack-CVE/CVE-2019-6623 On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, undisclosed traffic sent to BIG-IP iSession virtual server may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS). CVE project by @Sn0wAlice Create: 2023-02-16 15:17:18 +0000 UTC Push: 2023-02-16 15:17:21 +0000 UTC |

Live-Hack-CVE/CVE-2019-6629 On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact to the control plane. CVE project by @Sn0wAlice Create: 2023-02-16 15:17:15 +0000 UTC Push: 2023-02-16 15:17:17 +0000 UTC |

Live-Hack-CVE/CVE-2019-6631 On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual Server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs. CVE project by @Sn0wAlice Create: 2023-02-16 15:17:11 +0000 UTC Push: 2023-02-16 15:17:13 +0000 UTC |