#ExploitObserverAlert
CVE-2023-37306
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-37306. MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.
FIRST-EPSS: 0.000590000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-37306
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-37306. MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.
FIRST-EPSS: 0.000590000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-3078
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-3078. An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-3078
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-3078. An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-39439
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-39439. SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.
FIRST-EPSS: 0.000910000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-39439
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-39439. SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.
FIRST-EPSS: 0.000910000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-22503
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22503. Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team. The affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0.
FIRST-EPSS: 0.000690000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-22503
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22503. Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team. The affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0.
FIRST-EPSS: 0.000690000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-21312
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-21312. In IntentResolver, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-21312
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-21312. In IntentResolver, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-49860
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49860. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts: from n/a through 2.6.7.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-49860
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49860. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts: from n/a through 2.6.7.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-52181
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52181. Deserialization of Untrusted Data vulnerability in Presslabs Theme per user.This issue affects Theme per user: from n/a through 1.0.1.
FIRST-EPSS: 0.000450000
CVE-2023-52181
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52181. Deserialization of Untrusted Data vulnerability in Presslabs Theme per user.This issue affects Theme per user: from n/a through 1.0.1.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2023-42363
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-42363. A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-42363
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-42363. A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-49068
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-49068. Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the mean time, we recommend you make sure the logs are only available to trusted operators.
FIRST-EPSS: 0.000560000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-49068
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-49068. Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the mean time, we recommend you make sure the logs are only available to trusted operators.
FIRST-EPSS: 0.000560000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-22121
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22121. Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data as well as unauthorized read access to a subset of Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).
FIRST-EPSS: 0.000520000
NVD-IS: 2.5
NVD-ES: 2.8
CVE-2023-22121
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22121. Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data as well as unauthorized read access to a subset of Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).
FIRST-EPSS: 0.000520000
NVD-IS: 2.5
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-21797
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-21797. Microsoft ODBC Driver Remote Code Execution Vulnerability
FIRST-EPSS: 0.063150000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-21797
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-21797. Microsoft ODBC Driver Remote Code Execution Vulnerability
FIRST-EPSS: 0.063150000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-38250
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38250. Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.
FIRST-EPSS: 0.000790000
NVD-IS: 5.9
NVD-ES: 0.7
CVE-2023-38250
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38250. Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.
FIRST-EPSS: 0.000790000
NVD-IS: 5.9
NVD-ES: 0.7
#ExploitObserverAlert
CVE-2023-31169
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-31169. An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 2.1
CVE-2023-31169
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-31169. An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 2.1
#ExploitObserverAlert
CVE-2023-1301
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-1301. A vulnerability, which was classified as critical, has been found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Affected by this issue is some unknown functionality of the file deleteorder.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222662 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-1301
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-1301. A vulnerability, which was classified as critical, has been found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Affected by this issue is some unknown functionality of the file deleteorder.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222662 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-4606
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4606. An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
FIRST-EPSS: 0.000460000
NVD-IS: 5.2
NVD-ES: 2.8
CVE-2023-4606
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4606. An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
FIRST-EPSS: 0.000460000
NVD-IS: 5.2
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-22425
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-22425. Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.
FIRST-EPSS: 0.000920000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-22425
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-22425. Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.
FIRST-EPSS: 0.000920000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-27133
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-27133. TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remote Access product, not the TSplus Remote Work product.
FIRST-EPSS: 0.001300000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-27133
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-27133. TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remote Access product, not the TSplus Remote Work product.
FIRST-EPSS: 0.001300000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-50765
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-50765. A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID.
FIRST-EPSS: 0.000440000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2023-50765
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-50765. A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID.
FIRST-EPSS: 0.000440000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-26465
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-26465. Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-26465
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-26465. Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-32448
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-32448. PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext vulnerability. A local user with access to the installation directory can retrieve the license key of the product and use it to install and license PowerPath on different systems.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-32448
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-32448. PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext vulnerability. A local user with access to the installation directory can retrieve the license key of the product and use it to install and license PowerPath on different systems.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-37601
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-37601. Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts.
FIRST-EPSS: 0.000880000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-37601
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-37601. Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts.
FIRST-EPSS: 0.000880000
NVD-IS: 3.6
NVD-ES: 3.9