#ExploitObserverAlert
GHSA-9xrg-mh99-h5f7
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-9XRG-MH99-H5F7.
GHSS: 9.8
GHSA-9xrg-mh99-h5f7
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-9XRG-MH99-H5F7.
GHSS: 9.8
#ExploitObserverAlert
CVE-2013-0431
DESCRIPTION: Exploit Observer has 26 entries related to CVE-2013-0431. Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.
FIRST-EPSS: 0.974880000
NVD-IS: 2.9
NVD-ES: 10.0
CVE-2013-0431
DESCRIPTION: Exploit Observer has 26 entries related to CVE-2013-0431. Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.
FIRST-EPSS: 0.974880000
NVD-IS: 2.9
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2014-4210
DESCRIPTION: Exploit Observer has 81 entries related to CVE-2014-4210. Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services.
FIRST-EPSS: 0.969550000
NVD-IS: 2.9
NVD-ES: 10.0
CVE-2014-4210
DESCRIPTION: Exploit Observer has 81 entries related to CVE-2014-4210. Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services.
FIRST-EPSS: 0.969550000
NVD-IS: 2.9
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2021-21974
DESCRIPTION: Exploit Observer has 55 entries related to CVE-2021-21974. OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.
FIRST-EPSS: 0.754340000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-21974
DESCRIPTION: Exploit Observer has 55 entries related to CVE-2021-21974. OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.
FIRST-EPSS: 0.754340000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-1326
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-1326. A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-1326
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-1326. A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2018-25031
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2018-25031. Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
FIRST-EPSS: 0.002650000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2018-25031
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2018-25031. Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
FIRST-EPSS: 0.002650000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-48849
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-48849.
FIRST-EPSS: 0.000420000
CVE-2023-48849
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-48849.
FIRST-EPSS: 0.000420000
#ExploitObserverAlert
CVE-2020-25213
DESCRIPTION: Exploit Observer has 53 entries related to CVE-2020-25213. The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.
FIRST-EPSS: 0.973360000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-25213
DESCRIPTION: Exploit Observer has 53 entries related to CVE-2020-25213. The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.
FIRST-EPSS: 0.973360000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-2861
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2023-2861.
FIRST-EPSS: 0.000430000
CVE-2023-2861
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2023-2861.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-48123
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-48123.
CVE-2023-48123
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-48123.
#ExploitObserverAlert
CVE-1999-0517
DESCRIPTION: Exploit Observer has 1 entries related to CVE-1999-0517. An SNMP community name is the default (e.g. public), null, or missing.
FIRST-EPSS: 0.454480000
NVD-IS: 6.4
NVD-ES: 10.0
CVE-1999-0517
DESCRIPTION: Exploit Observer has 1 entries related to CVE-1999-0517. An SNMP community name is the default (e.g. public), null, or missing.
FIRST-EPSS: 0.454480000
NVD-IS: 6.4
NVD-ES: 10.0
#ExploitObserverAlert
CVE-1999-0508
DESCRIPTION: Exploit Observer has 2 entries related to CVE-1999-0508. An account on a router, firewall, or other network device has a default, null, blank, or missing password.
FIRST-EPSS: 0.007170000
NVD-IS: 6.4
NVD-ES: 3.9
CVE-1999-0508
DESCRIPTION: Exploit Observer has 2 entries related to CVE-1999-0508. An account on a router, firewall, or other network device has a default, null, blank, or missing password.
FIRST-EPSS: 0.007170000
NVD-IS: 6.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-39539
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-39539.
CVE-2023-39539
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-39539.
#ExploitObserverAlert
CVE-2017-8529
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2017-8529. Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability".
FIRST-EPSS: 0.002190000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2017-8529
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2017-8529. Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability".
FIRST-EPSS: 0.002190000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-1999-0516
DESCRIPTION: Exploit Observer has 1 entries related to CVE-1999-0516. An SNMP community name is guessable.
FIRST-EPSS: 0.015000000
NVD-IS: 6.4
NVD-ES: 10.0
CVE-1999-0516
DESCRIPTION: Exploit Observer has 1 entries related to CVE-1999-0516. An SNMP community name is guessable.
FIRST-EPSS: 0.015000000
NVD-IS: 6.4
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2022-0492
DESCRIPTION: Exploit Observer has 56 entries related to CVE-2022-0492. A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
FIRST-EPSS: 0.000450000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2022-0492
DESCRIPTION: Exploit Observer has 56 entries related to CVE-2022-0492. A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
FIRST-EPSS: 0.000450000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-26136
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-26136. Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
FIRST-EPSS: 0.001730000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-26136
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-26136. Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
FIRST-EPSS: 0.001730000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-phhr-cqm7-gjv6
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-PHHR-CQM7-GJV6.
GHSS: 8.8
GHSA-phhr-cqm7-gjv6
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-PHHR-CQM7-GJV6.
GHSS: 8.8
#ExploitObserverAlert
CVE-2022-1026
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-1026. Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.
FIRST-EPSS: 0.010110000
NVD-IS: 4.0
NVD-ES: 3.9
CVE-2022-1026
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-1026. Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.
FIRST-EPSS: 0.010110000
NVD-IS: 4.0
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-w4pv-p6xf-qc53
DESCRIPTION: Exploit Observer has 119 entries related to GHSA-W4PV-P6XF-QC53.
GHSS: 9.8
GHSA-w4pv-p6xf-qc53
DESCRIPTION: Exploit Observer has 119 entries related to GHSA-W4PV-P6XF-QC53.
GHSS: 9.8
#ExploitObserverAlert
CVE-2017-1000028
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2017-1000028. Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
FIRST-EPSS: 0.975160000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2017-1000028
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2017-1000028. Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
FIRST-EPSS: 0.975160000
NVD-IS: 3.6
NVD-ES: 3.9