#ExploitObserverAlert
CVE-2023-38488
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-38488. Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update a Kirby content file (e.g. via a contact or comment form). Kirby sites are *not* affected if they don't allow write access for untrusted users or visitors. A field injection in a content storage implementation is a type of vulnerability that allows attackers with content write access to overwrite content fields that the site developer didn't intend to be modified. In a Kirby site this can be used to alter site content, break site behavior or inject malicious data or code. The exact security risk depends on the field type and usage. Kirby stores content of the site, of pages, files and users in text files by default. The text files use Kirby's KirbyData format where each field is separated by newlines and a line with four dashes (`----`). When reading a KirbyData file, the affected code first removed the Unicode BOM sequence from the file contents and afterwards split the content into fields by the field separator. When writing to a KirbyData file, field separators in field data are escaped to prevent user input from interfering with the field structure. However this escaping could be tricked by including a Unicode BOM sequence in a field separator (e.g. `--\xEF\xBB\xBF--`). When writing, this was not detected as a separator, but because the BOM was removed during reading, it could be abused by attackers to inject other field data into content files. Because each field can only be defined once per content file, this vulnerability only affects fields in the content file that were defined above the vulnerable user-writable field or not at all. Fields that are defined below the vulnerable field override the injected field content and were therefore already protected. The problem has been patched in Kirby 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6. In all of the mentioned releases, the maintainers have fixed the affected code to only remove the Unicode BOM sequence at the beginning of the file. This fixes this vulnerability both for newly written as well as for existing content files.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-38488
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-38488. Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update a Kirby content file (e.g. via a contact or comment form). Kirby sites are *not* affected if they don't allow write access for untrusted users or visitors. A field injection in a content storage implementation is a type of vulnerability that allows attackers with content write access to overwrite content fields that the site developer didn't intend to be modified. In a Kirby site this can be used to alter site content, break site behavior or inject malicious data or code. The exact security risk depends on the field type and usage. Kirby stores content of the site, of pages, files and users in text files by default. The text files use Kirby's KirbyData format where each field is separated by newlines and a line with four dashes (`----`). When reading a KirbyData file, the affected code first removed the Unicode BOM sequence from the file contents and afterwards split the content into fields by the field separator. When writing to a KirbyData file, field separators in field data are escaped to prevent user input from interfering with the field structure. However this escaping could be tricked by including a Unicode BOM sequence in a field separator (e.g. `--\xEF\xBB\xBF--`). When writing, this was not detected as a separator, but because the BOM was removed during reading, it could be abused by attackers to inject other field data into content files. Because each field can only be defined once per content file, this vulnerability only affects fields in the content file that were defined above the vulnerable user-writable field or not at all. Fields that are defined below the vulnerable field override the injected field content and were therefore already protected. The problem has been patched in Kirby 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6. In all of the mentioned releases, the maintainers have fixed the affected code to only remove the Unicode BOM sequence at the beginning of the file. This fixes this vulnerability both for newly written as well as for existing content files.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-38937
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38937. Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-38937
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38937. Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-3565
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-3565. Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-3565
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-3565. Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-47390
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-47390. Headscale through 0.22.3 writes bearer tokens to info-level logs.
FIRST-EPSS: 0.000840000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-47390
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-47390. Headscale through 0.22.3 writes bearer tokens to info-level logs.
FIRST-EPSS: 0.000840000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-23487
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-23487. IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. IBM X-Force ID: 245918.
FIRST-EPSS: 0.000550000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2023-23487
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-23487. IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. IBM X-Force ID: 245918.
FIRST-EPSS: 0.000550000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-0558
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-0558. The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys.
FIRST-EPSS: 0.001650000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-0558
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-0558. The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys.
FIRST-EPSS: 0.001650000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-4774
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-4774. The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000510000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-4774
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-4774. The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000510000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-20729
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-20729. In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573552; Issue ID: ALPS07573575.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 0.8
CVE-2023-20729
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-20729. In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573552; Issue ID: ALPS07573575.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 0.8
#ExploitObserverAlert
CVE-2023-41966
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-41966. The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter.
FIRST-EPSS: 0.000500000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-41966
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-41966. The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter.
FIRST-EPSS: 0.000500000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-43577
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-43577. A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 0.8
CVE-2023-43577
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-43577. A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 0.8
#ExploitObserverAlert
CVE-2023-5903
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-5903. Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-5903
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-5903. Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
GHSA-fwfg-vprh-97ph
DESCRIPTION: Exploit Observer has 6 entries related to GHSA-FWFG-VPRH-97PH. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script through the Settings that will allow code execution during rendering of that script.
GHSS: 6.5
GHSA-fwfg-vprh-97ph
DESCRIPTION: Exploit Observer has 6 entries related to GHSA-FWFG-VPRH-97PH. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script through the Settings that will allow code execution during rendering of that script.
GHSS: 6.5
#ExploitObserverAlert
CVE-2023-2091
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-2091. A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function adjust_cpufreq_scaling_governer. The manipulation leads to os command injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.4.13 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-226099.
FIRST-EPSS: 0.000650000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-2091
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-2091. A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function adjust_cpufreq_scaling_governer. The manipulation leads to os command injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.4.13 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-226099.
FIRST-EPSS: 0.000650000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
GHSA-5h3x-9wvq-w4m2
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-5H3X-9WVQ-W4M2. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all.
GHSS: 5.3
GHSA-5h3x-9wvq-w4m2
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-5H3X-9WVQ-W4M2. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all.
GHSS: 5.3
#ExploitObserverAlert
CVE-2023-24476
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-24476. An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid.
FIRST-EPSS: 0.000420000
NVD-IS: 1.4
NVD-ES: 1.8
CVE-2023-24476
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-24476. An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid.
FIRST-EPSS: 0.000420000
NVD-IS: 1.4
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-1913
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-1913. The Maps Widget for Google Maps for WordPress is vulnerable to Stored Cross-Site Scripting via widget settings in versions up to, and including, 4.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 1.7
CVE-2023-1913
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-1913. The Maps Widget for Google Maps for WordPress is vulnerable to Stored Cross-Site Scripting via widget settings in versions up to, and including, 4.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 1.7
#ExploitObserverAlert
CVE-2023-23158
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-23158. A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter on the enquiry page.
FIRST-EPSS: 0.000510000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-23158
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-23158. A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter on the enquiry page.
FIRST-EPSS: 0.000510000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-37070
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-37070. Code Projects Hospital Information System 1.0 is vulnerable to Cross Site Scripting (XSS)
FIRST-EPSS: 0.000510000
NVD-IS: 2.7
NVD-ES: 1.7
CVE-2023-37070
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-37070. Code Projects Hospital Information System 1.0 is vulnerable to Cross Site Scripting (XSS)
FIRST-EPSS: 0.000510000
NVD-IS: 2.7
NVD-ES: 1.7
#ExploitObserverAlert
CVE-2023-50256
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-50256. Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.
CVE-2023-50256
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-50256. Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.
#ExploitObserverAlert
CVE-2023-46742
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-46742. CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to the logs to retrieve sensitive information and impersonate other users with higher privileges than themselves. The issue has been patched in v3.3.1. There is no other mitigation than upgrading CubeFS.
CVE-2023-46742
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-46742. CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to the logs to retrieve sensitive information and impersonate other users with higher privileges than themselves. The issue has been patched in v3.3.1. There is no other mitigation than upgrading CubeFS.
#ExploitObserverAlert
CVE-2022-41049
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2022-41049. Windows Mark of the Web Security Feature Bypass Vulnerability
FIRST-EPSS: 0.002150000
NVD-IS: 2.5
NVD-ES: 2.8
CVE-2022-41049
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2022-41049. Windows Mark of the Web Security Feature Bypass Vulnerability
FIRST-EPSS: 0.002150000
NVD-IS: 2.5
NVD-ES: 2.8