#ExploitObserverAlert
CVE-2022-30321
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-30321. go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Fixed in 1.6.1 and 2.1.0.
FIRST-EPSS: 0.001040000
NVD-IS: 4.7
NVD-ES: 3.9
CVE-2022-30321
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-30321. go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Fixed in 1.6.1 and 2.1.0.
FIRST-EPSS: 0.001040000
NVD-IS: 4.7
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-0493
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-0493. Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.
FIRST-EPSS: 0.002670000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-0493
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-0493. Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.
FIRST-EPSS: 0.002670000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-4388
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-4388. The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11. This is due to missing capability checks on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties.
FIRST-EPSS: 0.001260000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2021-4388
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-4388. The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11. This is due to missing capability checks on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties.
FIRST-EPSS: 0.001260000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-43208
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-43208. NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.
FIRST-EPSS: 0.002520000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-43208
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-43208. NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.
FIRST-EPSS: 0.002520000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-47108
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-47108. OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`.
FIRST-EPSS: 0.000880000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-47108
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-47108. OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`.
FIRST-EPSS: 0.000880000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-9484
DESCRIPTION: Exploit Observer has 114 entries related to CVE-2020-9484. When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.
FIRST-EPSS: 0.883600000
NVD-IS: 5.9
NVD-ES: 1.0
CVE-2020-9484
DESCRIPTION: Exploit Observer has 114 entries related to CVE-2020-9484. When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.
FIRST-EPSS: 0.883600000
NVD-IS: 5.9
NVD-ES: 1.0
#ExploitObserverAlert
CVE-2023-36874
DESCRIPTION: Exploit Observer has 20 entries related to CVE-2023-36874. Windows Error Reporting Service Elevation of Privilege Vulnerability
FIRST-EPSS: 0.001470000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-36874
DESCRIPTION: Exploit Observer has 20 entries related to CVE-2023-36874. Windows Error Reporting Service Elevation of Privilege Vulnerability
FIRST-EPSS: 0.001470000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2020-8927
DESCRIPTION: Exploit Observer has 20 entries related to CVE-2020-8927. A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
FIRST-EPSS: 0.005250000
NVD-IS: 2.5
NVD-ES: 3.9
CVE-2020-8927
DESCRIPTION: Exploit Observer has 20 entries related to CVE-2020-8927. A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
FIRST-EPSS: 0.005250000
NVD-IS: 2.5
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-44228
DESCRIPTION: Exploit Observer has 1853 entries related to CVE-2021-44228. Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
FIRST-EPSS: 0.974540000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2021-44228
DESCRIPTION: Exploit Observer has 1853 entries related to CVE-2021-44228. Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
FIRST-EPSS: 0.974540000
NVD-IS: 6.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-4700
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-4700. The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'royal-elementor-kit' theme. If no such theme is installed doing so can also impact site availability as the site attempts to load a nonexistent theme.
FIRST-EPSS: 0.000680000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2022-4700
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-4700. The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'royal-elementor-kit' theme. If no such theme is installed doing so can also impact site availability as the site attempts to load a nonexistent theme.
FIRST-EPSS: 0.000680000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-38384
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-38384. Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code (i.e., possibly greater than expected permissions).
FIRST-EPSS: 0.004200000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-38384
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-38384. Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code (i.e., possibly greater than expected permissions).
FIRST-EPSS: 0.004200000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-3486
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-3486. GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code.
FIRST-EPSS: 0.000790000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2021-3486
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-3486. GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code.
FIRST-EPSS: 0.000790000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-1472
DESCRIPTION: Exploit Observer has 414 entries related to CVE-2020-1472. An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.
FIRST-EPSS: 0.974450000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2020-1472
DESCRIPTION: Exploit Observer has 414 entries related to CVE-2020-1472. An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.
FIRST-EPSS: 0.974450000
NVD-IS: 6.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-3320
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-3320. The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~/admin/views/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
FIRST-EPSS: 0.007910000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-3320
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-3320. The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~/admin/views/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
FIRST-EPSS: 0.007910000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-28002
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2020-28002. In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. With an empty value for the -D sonar.login option, anonymous authentication is forced. This allows creating and overwriting public and private projects via the /api/ce/submit endpoint.
FIRST-EPSS: 0.001020000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2020-28002
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2020-28002. In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. With an empty value for the -D sonar.login option, anonymous authentication is forced. This allows creating and overwriting public and private projects via the /api/ce/submit endpoint.
FIRST-EPSS: 0.001020000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-9510
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2019-9510. A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic Reconnection of the RDP session will be restored to an unlocked state, regardless of how the remote system was left. By interrupting network connectivity of a system, an attacker with access to a system being used as a Windows RDP client can gain access to a connected remote system, regardless of whether or not the remote system was locked. This issue affects Microsoft Windows 10, version 1803 and later, and Microsoft Windows Server 2019, version 2019 and later.
FIRST-EPSS: 0.000530000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2019-9510
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2019-9510. A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic Reconnection of the RDP session will be restored to an unlocked state, regardless of how the remote system was left. By interrupting network connectivity of a system, an attacker with access to a system being used as a Windows RDP client can gain access to a connected remote system, regardless of whether or not the remote system was locked. This issue affects Microsoft Windows 10, version 1803 and later, and Microsoft Windows Server 2019, version 2019 and later.
FIRST-EPSS: 0.000530000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-30547
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-30547. vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside `handleException()` which can be used to escape the sandbox and run arbitrary code in host context. This vulnerability was patched in the release of version `3.9.17` of `vm2`. There are no known workarounds for this vulnerability. Users are advised to upgrade.
FIRST-EPSS: 0.001020000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2023-30547
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-30547. vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside `handleException()` which can be used to escape the sandbox and run arbitrary code in host context. This vulnerability was patched in the release of version `3.9.17` of `vm2`. There are no known workarounds for this vulnerability. Users are advised to upgrade.
FIRST-EPSS: 0.001020000
NVD-IS: 6.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-0550
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2023-0550. The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu item. This makes it possible for authenticated attackers, with subscriber-level access or higher, to modify or delete arbitrary posts.
FIRST-EPSS: 0.000510000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2023-0550
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2023-0550. The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu item. This makes it possible for authenticated attackers, with subscriber-level access or higher, to modify or delete arbitrary posts.
FIRST-EPSS: 0.000510000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-38831
DESCRIPTION: Exploit Observer has 108 entries related to CVE-2023-38831. RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.
FIRST-EPSS: 0.234040000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-38831
DESCRIPTION: Exploit Observer has 108 entries related to CVE-2023-38831. RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.
FIRST-EPSS: 0.234040000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2022-4476
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-4476. The Download Manager WordPress plugin before 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins.
FIRST-EPSS: 0.000940000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2022-4476
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-4476. The Download Manager WordPress plugin before 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins.
FIRST-EPSS: 0.000940000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2020-13338
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-13338. An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. A stored cross-site scripting vulnerability was discovered when editing references.
FIRST-EPSS: 0.000530000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2020-13338
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-13338. An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. A stored cross-site scripting vulnerability was discovered when editing references.
FIRST-EPSS: 0.000530000
NVD-IS: 2.7
NVD-ES: 2.3