#ExploitObserverAlert
CVE-2022-24442
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-24442. JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
FIRST-EPSS: 0.002210000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-24442
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-24442. JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
FIRST-EPSS: 0.002210000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-52308
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52308. FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52308
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52308. FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
#ExploitObserverAlert
CVE-2023-52306
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52306. FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52306
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52306. FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
#ExploitObserverAlert
CVE-2023-29962
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-29962. S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.
CVE-2023-29962
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-29962. S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.
#ExploitObserverAlert
GHSA-4248-p65p-hcrm
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-4248-P65P-HCRM. CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string and impersonate a user thereby obtaining higher privileges.
GHSS: 6.5
GHSA-4248-p65p-hcrm
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-4248-P65P-HCRM. CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string and impersonate a user thereby obtaining higher privileges.
GHSS: 6.5
#ExploitObserverAlert
GHSA-5h9g-x5rv-25wg
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-5H9G-X5RV-25WG. A cross-site scripting (XSS) vulnerability was discovered in the schema validation logic of the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor using the clipboard or editor APIs. This malicious content could then end up in content published outside the editor, if no server-side sanitization was performed. This impacts all users who are using TinyMCE 5.8.2 or lower.
GHSS: 6.1
GHSA-5h9g-x5rv-25wg
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-5H9G-X5RV-25WG. A cross-site scripting (XSS) vulnerability was discovered in the schema validation logic of the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor using the clipboard or editor APIs. This malicious content could then end up in content published outside the editor, if no server-side sanitization was performed. This impacts all users who are using TinyMCE 5.8.2 or lower.
GHSS: 6.1
#ExploitObserverAlert
PD/http/vulnerabilities/dlink/dlink-netgear-xss
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/vulnerabilities/dlink/dlink-netgear-xss. Dlink DSR-250 and Netgear Prosafe are vulnerable to reflected cross site scripting endpoint scgi-bin/platform.cgi in parameter SSLVPN.
PD/http/vulnerabilities/dlink/dlink-netgear-xss
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/vulnerabilities/dlink/dlink-netgear-xss. Dlink DSR-250 and Netgear Prosafe are vulnerable to reflected cross site scripting endpoint scgi-bin/platform.cgi in parameter SSLVPN.
#ExploitObserverAlert
CVE-2023-52314
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52314. PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.
CVE-2023-52314
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52314. PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.
#ExploitObserverAlert
CVE-2023-52312
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52312. Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52312
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52312. Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
#ExploitObserverAlert
CVE-2023-38677
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38677. FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-38677
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38677. FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
#ExploitObserverAlert
CVE-2023-52302
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52302. Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52302
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52302. Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
#ExploitObserverAlert
CVE-2023-52307
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52307. Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.
CVE-2023-52307
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52307. Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.
#ExploitObserverAlert
CVE-2023-7068
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-7068. The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprint_packinglist action in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to export orders which can contain sensitive information.
CVE-2023-7068
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-7068. The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprint_packinglist action in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to export orders which can contain sensitive information.
#ExploitObserverAlert
CVE-2023-5879
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5879. Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication credentials.
CVE-2023-5879
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5879. Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication credentials.
#ExploitObserverAlert
GHSA-xgpm-q3mq-46rq
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-XGPM-Q3MQ-46RQ. Some event attributes are not detected by the isCleanHTML method
GHSS: 8.1
GHSA-xgpm-q3mq-46rq
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-XGPM-Q3MQ-46RQ. Some event attributes are not detected by the isCleanHTML method
GHSS: 8.1
#ExploitObserverAlert
CVE-2023-38675
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38675. FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-38675
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38675. FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
#ExploitObserverAlert
CVE-2023-52322
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-52322. ecrire/public/assembler.php in SPIP before 4.1.3 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.
CVE-2023-52322
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-52322. ecrire/public/assembler.php in SPIP before 4.1.3 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.
#ExploitObserverAlert
CVE-2023-6733
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-6733. The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including user emails, password hashes, usernames, and more.
CVE-2023-6733
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-6733. The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including user emails, password hashes, usernames, and more.
#ExploitObserverAlert
CVE-2023-46740
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-46740. CubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string and impersonate a user thereby obtaining higher privileges. When CubeFS creates new users, it creates a piece of sensitive information for the user called the “accessKey”. To create the "accesKey", CubeFS uses an insecure string generator which makes it easy to guess and thereby impersonate the created user. An attacker could leverage the predictable random string generator and guess a users access key and impersonate the user to obtain higher privileges. The issue has been fixed in v3.3.1. There is no other mitigation than to upgrade.
CVE-2023-46740
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-46740. CubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string and impersonate a user thereby obtaining higher privileges. When CubeFS creates new users, it creates a piece of sensitive information for the user called the “accessKey”. To create the "accesKey", CubeFS uses an insecure string generator which makes it easy to guess and thereby impersonate the created user. An attacker could leverage the predictable random string generator and guess a users access key and impersonate the user to obtain higher privileges. The issue has been fixed in v3.3.1. There is no other mitigation than to upgrade.
#ExploitObserverAlert
GHSA-8x6f-956f-q43w
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-8X6F-956F-Q43W. There is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output.
GHSS: 6.1
GHSA-8x6f-956f-q43w
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-8X6F-956F-Q43W. There is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output.
GHSS: 6.1
#ExploitObserverAlert
CVE-2023-6004
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-6004. A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.
CVE-2023-6004
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-6004. A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.