#ExploitObserverAlert
CVE-2023-39638
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-39638. D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain a command injection vulnerability via the lxmldbc_system function at /htdocs/cgibin.
FIRST-EPSS: 0.000660000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-39638
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-39638. D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain a command injection vulnerability via the lxmldbc_system function at /htdocs/cgibin.
FIRST-EPSS: 0.000660000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-31418
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-31418. An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.
FIRST-EPSS: 0.000660000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-31418
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-31418. An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.
FIRST-EPSS: 0.000660000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-21438
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-21438. Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder.
FIRST-EPSS: 0.000440000
NVD-IS: 1.4
NVD-ES: 0.9
CVE-2023-21438
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-21438. Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder.
FIRST-EPSS: 0.000440000
NVD-IS: 1.4
NVD-ES: 0.9
#ExploitObserverAlert
CVE-2023-24256
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-24256. An issue in the com.nextev.datastatistic component of NIO EC6 Aspen before v3.3.0 allows attackers to escalate privileges via path traversal.
FIRST-EPSS: 0.000440000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-24256
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-24256. An issue in the com.nextev.datastatistic component of NIO EC6 Aspen before v3.3.0 allows attackers to escalate privileges via path traversal.
FIRST-EPSS: 0.000440000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-39850
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-39850. Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php.
FIRST-EPSS: 0.000760000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-39850
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-39850. Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php.
FIRST-EPSS: 0.000760000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-5506
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-5506. The ImageMapper plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'imgmap_delete_area_ajax' function in versions up to, and including, 1.2.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts and pages.
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2023-5506
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-5506. The ImageMapper plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'imgmap_delete_area_ajax' function in versions up to, and including, 1.2.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts and pages.
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-38488
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-38488. Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update a Kirby content file (e.g. via a contact or comment form). Kirby sites are *not* affected if they don't allow write access for untrusted users or visitors. A field injection in a content storage implementation is a type of vulnerability that allows attackers with content write access to overwrite content fields that the site developer didn't intend to be modified. In a Kirby site this can be used to alter site content, break site behavior or inject malicious data or code. The exact security risk depends on the field type and usage. Kirby stores content of the site, of pages, files and users in text files by default. The text files use Kirby's KirbyData format where each field is separated by newlines and a line with four dashes (`----`). When reading a KirbyData file, the affected code first removed the Unicode BOM sequence from the file contents and afterwards split the content into fields by the field separator. When writing to a KirbyData file, field separators in field data are escaped to prevent user input from interfering with the field structure. However this escaping could be tricked by including a Unicode BOM sequence in a field separator (e.g. `--\xEF\xBB\xBF--`). When writing, this was not detected as a separator, but because the BOM was removed during reading, it could be abused by attackers to inject other field data into content files. Because each field can only be defined once per content file, this vulnerability only affects fields in the content file that were defined above the vulnerable user-writable field or not at all. Fields that are defined below the vulnerable field override the injected field content and were therefore already protected. The problem has been patched in Kirby 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6. In all of the mentioned releases, the maintainers have fixed the affected code to only remove the Unicode BOM sequence at the beginning of the file. This fixes this vulnerability both for newly written as well as for existing content files.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-38488
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-38488. Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update a Kirby content file (e.g. via a contact or comment form). Kirby sites are *not* affected if they don't allow write access for untrusted users or visitors. A field injection in a content storage implementation is a type of vulnerability that allows attackers with content write access to overwrite content fields that the site developer didn't intend to be modified. In a Kirby site this can be used to alter site content, break site behavior or inject malicious data or code. The exact security risk depends on the field type and usage. Kirby stores content of the site, of pages, files and users in text files by default. The text files use Kirby's KirbyData format where each field is separated by newlines and a line with four dashes (`----`). When reading a KirbyData file, the affected code first removed the Unicode BOM sequence from the file contents and afterwards split the content into fields by the field separator. When writing to a KirbyData file, field separators in field data are escaped to prevent user input from interfering with the field structure. However this escaping could be tricked by including a Unicode BOM sequence in a field separator (e.g. `--\xEF\xBB\xBF--`). When writing, this was not detected as a separator, but because the BOM was removed during reading, it could be abused by attackers to inject other field data into content files. Because each field can only be defined once per content file, this vulnerability only affects fields in the content file that were defined above the vulnerable user-writable field or not at all. Fields that are defined below the vulnerable field override the injected field content and were therefore already protected. The problem has been patched in Kirby 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6. In all of the mentioned releases, the maintainers have fixed the affected code to only remove the Unicode BOM sequence at the beginning of the file. This fixes this vulnerability both for newly written as well as for existing content files.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-38937
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38937. Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-38937
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38937. Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-3565
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-3565. Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-3565
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-3565. Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-47390
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-47390. Headscale through 0.22.3 writes bearer tokens to info-level logs.
FIRST-EPSS: 0.000840000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-47390
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-47390. Headscale through 0.22.3 writes bearer tokens to info-level logs.
FIRST-EPSS: 0.000840000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-23487
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-23487. IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. IBM X-Force ID: 245918.
FIRST-EPSS: 0.000550000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2023-23487
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-23487. IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. IBM X-Force ID: 245918.
FIRST-EPSS: 0.000550000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-0558
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-0558. The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys.
FIRST-EPSS: 0.001650000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-0558
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-0558. The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys.
FIRST-EPSS: 0.001650000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-4774
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-4774. The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000510000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-4774
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-4774. The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000510000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-20729
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-20729. In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573552; Issue ID: ALPS07573575.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 0.8
CVE-2023-20729
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-20729. In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573552; Issue ID: ALPS07573575.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 0.8
#ExploitObserverAlert
CVE-2023-41966
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-41966. The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter.
FIRST-EPSS: 0.000500000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-41966
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-41966. The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter.
FIRST-EPSS: 0.000500000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-43577
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-43577. A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 0.8
CVE-2023-43577
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-43577. A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 0.8
#ExploitObserverAlert
CVE-2023-5903
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-5903. Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-5903
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-5903. Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
GHSA-fwfg-vprh-97ph
DESCRIPTION: Exploit Observer has 6 entries related to GHSA-FWFG-VPRH-97PH. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script through the Settings that will allow code execution during rendering of that script.
GHSS: 6.5
GHSA-fwfg-vprh-97ph
DESCRIPTION: Exploit Observer has 6 entries related to GHSA-FWFG-VPRH-97PH. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script through the Settings that will allow code execution during rendering of that script.
GHSS: 6.5
#ExploitObserverAlert
CVE-2023-2091
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-2091. A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function adjust_cpufreq_scaling_governer. The manipulation leads to os command injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.4.13 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-226099.
FIRST-EPSS: 0.000650000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-2091
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-2091. A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function adjust_cpufreq_scaling_governer. The manipulation leads to os command injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.4.13 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-226099.
FIRST-EPSS: 0.000650000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
GHSA-5h3x-9wvq-w4m2
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-5H3X-9WVQ-W4M2. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all.
GHSS: 5.3
GHSA-5h3x-9wvq-w4m2
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-5H3X-9WVQ-W4M2. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all.
GHSS: 5.3
#ExploitObserverAlert
CVE-2023-24476
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-24476. An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid.
FIRST-EPSS: 0.000420000
NVD-IS: 1.4
NVD-ES: 1.8
CVE-2023-24476
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-24476. An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid.
FIRST-EPSS: 0.000420000
NVD-IS: 1.4
NVD-ES: 1.8