#ExploitObserverAlert
CVE-2019-3465
DESCRIPTION: Exploit Observer has 27 entries related to CVE-2019-3465. Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message.
FIRST-EPSS: 0.002370000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2019-3465
DESCRIPTION: Exploit Observer has 27 entries related to CVE-2019-3465. Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message.
FIRST-EPSS: 0.002370000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-2094
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2094. A vulnerability has been found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/mechanics/manage_mechanic.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226102 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-2094
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2094. A vulnerability has been found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/mechanics/manage_mechanic.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226102 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-46604
DESCRIPTION: Exploit Observer has 102 entries related to CVE-2023-46604. The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
FIRST-EPSS: 0.968050000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-46604
DESCRIPTION: Exploit Observer has 102 entries related to CVE-2023-46604. The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
FIRST-EPSS: 0.968050000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-44638
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2022-44638. In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.
FIRST-EPSS: 0.002310000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2022-44638
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2022-44638. In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.
FIRST-EPSS: 0.002310000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-37454
DESCRIPTION: Exploit Observer has 22 entries related to CVE-2022-37454. The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
FIRST-EPSS: 0.010150000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-37454
DESCRIPTION: Exploit Observer has 22 entries related to CVE-2022-37454. The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
FIRST-EPSS: 0.010150000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-26257
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-26257. An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c.
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-26257
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-26257. An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c.
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-32219
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-32219. A Mazda model (2015-2016) can be unlocked via an unspecified method.
FIRST-EPSS: 0.000480000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-32219
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-32219. A Mazda model (2015-2016) can be unlocked via an unspecified method.
FIRST-EPSS: 0.000480000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-2097
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-2097. A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226105 was assigned to this vulnerability.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-2097
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-2097. A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226105 was assigned to this vulnerability.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-21839
DESCRIPTION: Exploit Observer has 57 entries related to CVE-2023-21839. Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
FIRST-EPSS: 0.956630000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-21839
DESCRIPTION: Exploit Observer has 57 entries related to CVE-2023-21839. Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
FIRST-EPSS: 0.956630000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-2773
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2773. A vulnerability has been found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file view_admin.php. The manipulation of the argument adminid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229279.
FIRST-EPSS: 0.000640000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-2773
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2773. A vulnerability has been found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file view_admin.php. The manipulation of the argument adminid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229279.
FIRST-EPSS: 0.000640000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2019-9893
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2019-9893. libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.
FIRST-EPSS: 0.013380000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-9893
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2019-9893. libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.
FIRST-EPSS: 0.013380000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2016-3189
DESCRIPTION: Exploit Observer has 39 entries related to CVE-2016-3189. Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
FIRST-EPSS: 0.026890000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2016-3189
DESCRIPTION: Exploit Observer has 39 entries related to CVE-2016-3189. Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
FIRST-EPSS: 0.026890000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2019-12900
DESCRIPTION: Exploit Observer has 28 entries related to CVE-2019-12900. BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
FIRST-EPSS: 0.015890000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-12900
DESCRIPTION: Exploit Observer has 28 entries related to CVE-2019-12900. BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
FIRST-EPSS: 0.015890000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-2100
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2100. A vulnerability classified as problematic was found in SourceCodester Vehicle Service Management System 1.0. This vulnerability affects unknown code of the file /admin/report/index.php. The manipulation of the argument date_end leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226108.
FIRST-EPSS: 0.000520000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-2100
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2100. A vulnerability classified as problematic was found in SourceCodester Vehicle Service Management System 1.0. This vulnerability affects unknown code of the file /admin/report/index.php. The manipulation of the argument date_end leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226108.
FIRST-EPSS: 0.000520000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-38716
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-38716. Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds
CVE-2022-38716
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-38716. Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds
#ExploitObserverAlert
CVE-2013-0340
DESCRIPTION: Exploit Observer has 27 entries related to CVE-2013-0340. expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
FIRST-EPSS: 0.005430000
NVD-IS: 6.4
NVD-ES: 8.6
CVE-2013-0340
DESCRIPTION: Exploit Observer has 27 entries related to CVE-2013-0340. expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
FIRST-EPSS: 0.005430000
NVD-IS: 6.4
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2019-10742
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2019-10742. Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.
FIRST-EPSS: 0.002040000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2019-10742
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2019-10742. Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.
FIRST-EPSS: 0.002040000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-10735
DESCRIPTION: Exploit Observer has 33 entries related to CVE-2020-10735. A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.
FIRST-EPSS: 0.002910000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2020-10735
DESCRIPTION: Exploit Observer has 33 entries related to CVE-2020-10735. A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.
FIRST-EPSS: 0.002910000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-21907
DESCRIPTION: Exploit Observer has 66 entries related to CVE-2022-21907. HTTP Protocol Stack Remote Code Execution Vulnerability.
FIRST-EPSS: 0.891490000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-21907
DESCRIPTION: Exploit Observer has 66 entries related to CVE-2022-21907. HTTP Protocol Stack Remote Code Execution Vulnerability.
FIRST-EPSS: 0.891490000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-8617
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2018-8617. A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8618, CVE-2018-8624, CVE-2018-8629.
FIRST-EPSS: 0.966630000
NVD-IS: 5.9
NVD-ES: 1.6
CVE-2018-8617
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2018-8617. A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8618, CVE-2018-8624, CVE-2018-8629.
FIRST-EPSS: 0.966630000
NVD-IS: 5.9
NVD-ES: 1.6
#ExploitObserverAlert
CVE-2022-4216
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-4216. The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'facebook_appid' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000600000
NVD-IS: 2.7
NVD-ES: 1.7
CVE-2022-4216
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-4216. The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'facebook_appid' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000600000
NVD-IS: 2.7
NVD-ES: 1.7