#ExploitObserverAlert
CVE-2023-52313
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52313. FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52313
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52313. FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
#ExploitObserverAlert
CVE-2023-45559
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-45559. An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.
CVE-2023-45559
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-45559. An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.
#ExploitObserverAlert
GHSA-27wg-99g8-2v4v
DESCRIPTION: Exploit Observer has 4 entries related to GHSA-27WG-99G8-2V4V. In rust-evm, a feature called record_external_operation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack.
GHSS: 5.9
GHSA-27wg-99g8-2v4v
DESCRIPTION: Exploit Observer has 4 entries related to GHSA-27WG-99G8-2V4V. In rust-evm, a feature called record_external_operation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack.
GHSS: 5.9
#ExploitObserverAlert
GHSA-5g66-628f-7cvj
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-5G66-628F-7CVJ. The implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the email is used as a trusted user identifier
GHSS: 8.6
GHSA-5g66-628f-7cvj
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-5G66-628F-7CVJ. The implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the email is used as a trusted user identifier
GHSS: 8.6
#ExploitObserverAlert
CVE-2023-52311
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52311. PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.
CVE-2023-52311
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52311. PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.
#ExploitObserverAlert
CVE-2022-24442
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-24442. JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
FIRST-EPSS: 0.002210000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-24442
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-24442. JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
FIRST-EPSS: 0.002210000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-52308
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52308. FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52308
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52308. FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
#ExploitObserverAlert
CVE-2023-52306
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52306. FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52306
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52306. FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
#ExploitObserverAlert
CVE-2023-29962
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-29962. S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.
CVE-2023-29962
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-29962. S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.
#ExploitObserverAlert
GHSA-4248-p65p-hcrm
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-4248-P65P-HCRM. CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string and impersonate a user thereby obtaining higher privileges.
GHSS: 6.5
GHSA-4248-p65p-hcrm
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-4248-P65P-HCRM. CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string and impersonate a user thereby obtaining higher privileges.
GHSS: 6.5
#ExploitObserverAlert
GHSA-5h9g-x5rv-25wg
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-5H9G-X5RV-25WG. A cross-site scripting (XSS) vulnerability was discovered in the schema validation logic of the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor using the clipboard or editor APIs. This malicious content could then end up in content published outside the editor, if no server-side sanitization was performed. This impacts all users who are using TinyMCE 5.8.2 or lower.
GHSS: 6.1
GHSA-5h9g-x5rv-25wg
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-5H9G-X5RV-25WG. A cross-site scripting (XSS) vulnerability was discovered in the schema validation logic of the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor using the clipboard or editor APIs. This malicious content could then end up in content published outside the editor, if no server-side sanitization was performed. This impacts all users who are using TinyMCE 5.8.2 or lower.
GHSS: 6.1
#ExploitObserverAlert
PD/http/vulnerabilities/dlink/dlink-netgear-xss
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/vulnerabilities/dlink/dlink-netgear-xss. Dlink DSR-250 and Netgear Prosafe are vulnerable to reflected cross site scripting endpoint scgi-bin/platform.cgi in parameter SSLVPN.
PD/http/vulnerabilities/dlink/dlink-netgear-xss
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/vulnerabilities/dlink/dlink-netgear-xss. Dlink DSR-250 and Netgear Prosafe are vulnerable to reflected cross site scripting endpoint scgi-bin/platform.cgi in parameter SSLVPN.
#ExploitObserverAlert
CVE-2023-52314
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52314. PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.
CVE-2023-52314
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52314. PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.
#ExploitObserverAlert
CVE-2023-52312
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52312. Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52312
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52312. Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
#ExploitObserverAlert
CVE-2023-38677
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38677. FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-38677
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38677. FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
#ExploitObserverAlert
CVE-2023-52302
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52302. Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52302
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52302. Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
#ExploitObserverAlert
CVE-2023-52307
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52307. Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.
CVE-2023-52307
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52307. Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.
#ExploitObserverAlert
CVE-2023-7068
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-7068. The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprint_packinglist action in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to export orders which can contain sensitive information.
CVE-2023-7068
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-7068. The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprint_packinglist action in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to export orders which can contain sensitive information.
#ExploitObserverAlert
CVE-2023-5879
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5879. Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication credentials.
CVE-2023-5879
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5879. Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication credentials.
#ExploitObserverAlert
GHSA-xgpm-q3mq-46rq
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-XGPM-Q3MQ-46RQ. Some event attributes are not detected by the isCleanHTML method
GHSS: 8.1
GHSA-xgpm-q3mq-46rq
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-XGPM-Q3MQ-46RQ. Some event attributes are not detected by the isCleanHTML method
GHSS: 8.1
#ExploitObserverAlert
CVE-2023-38675
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38675. FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-38675
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38675. FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.