#ExploitObserverAlert
PD/http/misconfiguration/cookies-without-httponly
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/misconfiguration/cookies-without-httponly. Checks whether cookies in the HTTP response contain the HttpOnly attribute. If the HttpOnly flag is set, it means that the cookie is HTTP-only
PD/http/misconfiguration/cookies-without-httponly
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/misconfiguration/cookies-without-httponly. Checks whether cookies in the HTTP response contain the HttpOnly attribute. If the HttpOnly flag is set, it means that the cookie is HTTP-only
#ExploitObserverAlert
GHSA-r6r4-5pr8-gjcp
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-R6R4-5PR8-GJCP. Vapor's vapor_urlparser_parse function uses uint16_t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs.
GHSS: 6.5
GHSA-r6r4-5pr8-gjcp
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-R6R4-5PR8-GJCP. Vapor's vapor_urlparser_parse function uses uint16_t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs.
GHSS: 6.5
#ExploitObserverAlert
CVE-2023-5881
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5881. Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect (Retrofit-Kit Model ALDCM) "Garage Door Control Module Setup" and modify the Garage door's SSID settings.
CVE-2023-5881
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5881. Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect (Retrofit-Kit Model ALDCM) "Garage Door Control Module Setup" and modify the Garage door's SSID settings.
#ExploitObserverAlert
CVE-2023-52313
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52313. FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52313
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52313. FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
#ExploitObserverAlert
CVE-2023-45559
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-45559. An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.
CVE-2023-45559
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-45559. An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.
#ExploitObserverAlert
GHSA-27wg-99g8-2v4v
DESCRIPTION: Exploit Observer has 4 entries related to GHSA-27WG-99G8-2V4V. In rust-evm, a feature called record_external_operation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack.
GHSS: 5.9
GHSA-27wg-99g8-2v4v
DESCRIPTION: Exploit Observer has 4 entries related to GHSA-27WG-99G8-2V4V. In rust-evm, a feature called record_external_operation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack.
GHSS: 5.9
#ExploitObserverAlert
GHSA-5g66-628f-7cvj
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-5G66-628F-7CVJ. The implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the email is used as a trusted user identifier
GHSS: 8.6
GHSA-5g66-628f-7cvj
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-5G66-628F-7CVJ. The implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the email is used as a trusted user identifier
GHSS: 8.6
#ExploitObserverAlert
CVE-2023-52311
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52311. PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.
CVE-2023-52311
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52311. PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.
#ExploitObserverAlert
CVE-2022-24442
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-24442. JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
FIRST-EPSS: 0.002210000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-24442
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-24442. JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
FIRST-EPSS: 0.002210000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-52308
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52308. FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52308
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52308. FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
#ExploitObserverAlert
CVE-2023-52306
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52306. FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52306
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52306. FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
#ExploitObserverAlert
CVE-2023-29962
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-29962. S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.
CVE-2023-29962
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-29962. S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.
#ExploitObserverAlert
GHSA-4248-p65p-hcrm
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-4248-P65P-HCRM. CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string and impersonate a user thereby obtaining higher privileges.
GHSS: 6.5
GHSA-4248-p65p-hcrm
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-4248-P65P-HCRM. CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string and impersonate a user thereby obtaining higher privileges.
GHSS: 6.5
#ExploitObserverAlert
GHSA-5h9g-x5rv-25wg
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-5H9G-X5RV-25WG. A cross-site scripting (XSS) vulnerability was discovered in the schema validation logic of the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor using the clipboard or editor APIs. This malicious content could then end up in content published outside the editor, if no server-side sanitization was performed. This impacts all users who are using TinyMCE 5.8.2 or lower.
GHSS: 6.1
GHSA-5h9g-x5rv-25wg
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-5H9G-X5RV-25WG. A cross-site scripting (XSS) vulnerability was discovered in the schema validation logic of the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor using the clipboard or editor APIs. This malicious content could then end up in content published outside the editor, if no server-side sanitization was performed. This impacts all users who are using TinyMCE 5.8.2 or lower.
GHSS: 6.1
#ExploitObserverAlert
PD/http/vulnerabilities/dlink/dlink-netgear-xss
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/vulnerabilities/dlink/dlink-netgear-xss. Dlink DSR-250 and Netgear Prosafe are vulnerable to reflected cross site scripting endpoint scgi-bin/platform.cgi in parameter SSLVPN.
PD/http/vulnerabilities/dlink/dlink-netgear-xss
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/vulnerabilities/dlink/dlink-netgear-xss. Dlink DSR-250 and Netgear Prosafe are vulnerable to reflected cross site scripting endpoint scgi-bin/platform.cgi in parameter SSLVPN.
#ExploitObserverAlert
CVE-2023-52314
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52314. PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.
CVE-2023-52314
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52314. PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.
#ExploitObserverAlert
CVE-2023-52312
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52312. Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52312
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52312. Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
#ExploitObserverAlert
CVE-2023-38677
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38677. FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-38677
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38677. FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
#ExploitObserverAlert
CVE-2023-52302
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52302. Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52302
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52302. Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
#ExploitObserverAlert
CVE-2023-52307
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52307. Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.
CVE-2023-52307
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52307. Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.
#ExploitObserverAlert
CVE-2023-7068
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-7068. The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprint_packinglist action in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to export orders which can contain sensitive information.
CVE-2023-7068
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-7068. The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprint_packinglist action in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to export orders which can contain sensitive information.