#ExploitObserverAlert
CVE-2018-25031
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2018-25031. Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
FIRST-EPSS: 0.002650000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2018-25031
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2018-25031. Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
FIRST-EPSS: 0.002650000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-48849
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-48849.
FIRST-EPSS: 0.000420000
CVE-2023-48849
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-48849.
FIRST-EPSS: 0.000420000
#ExploitObserverAlert
CVE-2020-25213
DESCRIPTION: Exploit Observer has 53 entries related to CVE-2020-25213. The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.
FIRST-EPSS: 0.973360000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-25213
DESCRIPTION: Exploit Observer has 53 entries related to CVE-2020-25213. The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.
FIRST-EPSS: 0.973360000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-2861
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2023-2861.
FIRST-EPSS: 0.000430000
CVE-2023-2861
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2023-2861.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-48123
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-48123.
CVE-2023-48123
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-48123.
#ExploitObserverAlert
CVE-1999-0517
DESCRIPTION: Exploit Observer has 1 entries related to CVE-1999-0517. An SNMP community name is the default (e.g. public), null, or missing.
FIRST-EPSS: 0.454480000
NVD-IS: 6.4
NVD-ES: 10.0
CVE-1999-0517
DESCRIPTION: Exploit Observer has 1 entries related to CVE-1999-0517. An SNMP community name is the default (e.g. public), null, or missing.
FIRST-EPSS: 0.454480000
NVD-IS: 6.4
NVD-ES: 10.0
#ExploitObserverAlert
CVE-1999-0508
DESCRIPTION: Exploit Observer has 2 entries related to CVE-1999-0508. An account on a router, firewall, or other network device has a default, null, blank, or missing password.
FIRST-EPSS: 0.007170000
NVD-IS: 6.4
NVD-ES: 3.9
CVE-1999-0508
DESCRIPTION: Exploit Observer has 2 entries related to CVE-1999-0508. An account on a router, firewall, or other network device has a default, null, blank, or missing password.
FIRST-EPSS: 0.007170000
NVD-IS: 6.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-39539
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-39539.
CVE-2023-39539
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-39539.
#ExploitObserverAlert
CVE-2017-8529
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2017-8529. Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability".
FIRST-EPSS: 0.002190000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2017-8529
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2017-8529. Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability".
FIRST-EPSS: 0.002190000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-1999-0516
DESCRIPTION: Exploit Observer has 1 entries related to CVE-1999-0516. An SNMP community name is guessable.
FIRST-EPSS: 0.015000000
NVD-IS: 6.4
NVD-ES: 10.0
CVE-1999-0516
DESCRIPTION: Exploit Observer has 1 entries related to CVE-1999-0516. An SNMP community name is guessable.
FIRST-EPSS: 0.015000000
NVD-IS: 6.4
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2022-0492
DESCRIPTION: Exploit Observer has 56 entries related to CVE-2022-0492. A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
FIRST-EPSS: 0.000450000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2022-0492
DESCRIPTION: Exploit Observer has 56 entries related to CVE-2022-0492. A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
FIRST-EPSS: 0.000450000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-26136
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-26136. Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
FIRST-EPSS: 0.001730000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-26136
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-26136. Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
FIRST-EPSS: 0.001730000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-phhr-cqm7-gjv6
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-PHHR-CQM7-GJV6.
GHSS: 8.8
GHSA-phhr-cqm7-gjv6
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-PHHR-CQM7-GJV6.
GHSS: 8.8
#ExploitObserverAlert
CVE-2022-1026
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-1026. Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.
FIRST-EPSS: 0.010110000
NVD-IS: 4.0
NVD-ES: 3.9
CVE-2022-1026
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-1026. Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.
FIRST-EPSS: 0.010110000
NVD-IS: 4.0
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-w4pv-p6xf-qc53
DESCRIPTION: Exploit Observer has 119 entries related to GHSA-W4PV-P6XF-QC53.
GHSS: 9.8
GHSA-w4pv-p6xf-qc53
DESCRIPTION: Exploit Observer has 119 entries related to GHSA-W4PV-P6XF-QC53.
GHSS: 9.8
#ExploitObserverAlert
CVE-2017-1000028
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2017-1000028. Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
FIRST-EPSS: 0.975160000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2017-1000028
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2017-1000028. Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
FIRST-EPSS: 0.975160000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-28432
DESCRIPTION: Exploit Observer has 42 entries related to CVE-2023-28432. Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
FIRST-EPSS: 0.156100000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-28432
DESCRIPTION: Exploit Observer has 42 entries related to CVE-2023-28432. Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
FIRST-EPSS: 0.156100000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-28017
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-28017.
CVE-2023-28017
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-28017.
#ExploitObserverAlert
CVE-2023-24078
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-24078. Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vulnerability via the component /FuguHub/cmsdocs/.
FIRST-EPSS: 0.003400000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-24078
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-24078. Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vulnerability via the component /FuguHub/cmsdocs/.
FIRST-EPSS: 0.003400000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
GHSA-rqpg-32gg-fvxh
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-RQPG-32GG-FVXH.
GHSS: 7.3
GHSA-rqpg-32gg-fvxh
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-RQPG-32GG-FVXH.
GHSS: 7.3
#ExploitObserverAlert
CVE-2022-45362
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-45362.
CVE-2022-45362
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-45362.