#ExploitObserverAlert
CVE-2021-41072
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2021-41072. squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.
FIRST-EPSS: 0.002930000
NVD-IS: 5.2
NVD-ES: 2.8
CVE-2021-41072
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2021-41072. squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.
FIRST-EPSS: 0.002930000
NVD-IS: 5.2
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-27518
DESCRIPTION: Exploit Observer has 10 entries in 2 file formats related to CVE-2022-27518. Unauthenticated remote arbitrary code execution
FIRST-EPSS: 0.042960000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-27518
DESCRIPTION: Exploit Observer has 10 entries in 2 file formats related to CVE-2022-27518. Unauthenticated remote arbitrary code execution
FIRST-EPSS: 0.042960000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-8fwg-w59v-g942
DESCRIPTION: Exploit Observer has 13 entries in 3 file formats related to GHSA-8FWG-W59V-G942. This issue was addressed with improved state management. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, tvOS 16.6, watchOS 9.6, macOS Ventura 13.5, iOS 15.7.8 and iPadOS 15.7.8. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
GHSS: 5.5
GHSA-8fwg-w59v-g942
DESCRIPTION: Exploit Observer has 13 entries in 3 file formats related to GHSA-8FWG-W59V-G942. This issue was addressed with improved state management. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, tvOS 16.6, watchOS 9.6, macOS Ventura 13.5, iOS 15.7.8 and iPadOS 15.7.8. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
GHSS: 5.5
#ExploitObserverAlert
CVE-2022-41922
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2022-41922. `yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.
FIRST-EPSS: 0.003850000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-41922
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2022-41922. `yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.
FIRST-EPSS: 0.003850000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-45866
DESCRIPTION: Exploit Observer has 23 entries in 2 file formats related to CVE-2023-45866. Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
FIRST-EPSS: 0.000640000
NVD-IS: 3.4
NVD-ES: 2.8
CVE-2023-45866
DESCRIPTION: Exploit Observer has 23 entries in 2 file formats related to CVE-2023-45866. Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
FIRST-EPSS: 0.000640000
NVD-IS: 3.4
NVD-ES: 2.8
#ExploitObserverAlert
GHSA-h5c8-rqwp-cp95
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-H5C8-RQWP-CP95. The xmlattr filter in affected versions of Jinja accepts keys containing spaces. XML/HTML attributes cannot contain spaces, as each would then be interpreted as a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. Note that accepting keys as user input is not common or a particularly intended use case of the xmlattr filter, and an application doing so should already be verifying what keys are provided regardless of this fix.
GHSS: 5.4
GHSA-h5c8-rqwp-cp95
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-H5C8-RQWP-CP95. The xmlattr filter in affected versions of Jinja accepts keys containing spaces. XML/HTML attributes cannot contain spaces, as each would then be interpreted as a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. Note that accepting keys as user input is not common or a particularly intended use case of the xmlattr filter, and an application doing so should already be verifying what keys are provided regardless of this fix.
GHSS: 5.4
#ExploitObserverAlert
CVE-2023-6063
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2023-6063. The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.
FIRST-EPSS: 0.033290000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-6063
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2023-6063. The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.
FIRST-EPSS: 0.033290000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-1397
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-1397. API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2022-1397
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-1397. API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2024-22209
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-22209. Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f.
CVE-2024-22209
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-22209. Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f.
#ExploitObserverAlert
CVE-2023-38507
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-38507. Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack increases. Version 4.12.1 has a fix for this issue.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-38507
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-38507. Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack increases. Version 4.12.1 has a fix for this issue.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-mf6c-8r47-23j5
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-MF6C-8R47-23J5. Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
GHSS: 4.0
GHSA-mf6c-8r47-23j5
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-MF6C-8R47-23J5. Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
GHSS: 4.0
#ExploitObserverAlert
CVE-2020-15719
DESCRIPTION: Exploit Observer has 11 entries in 2 file formats related to CVE-2020-15719. libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.
FIRST-EPSS: 0.001550000
NVD-IS: 2.5
NVD-ES: 1.6
CVE-2020-15719
DESCRIPTION: Exploit Observer has 11 entries in 2 file formats related to CVE-2020-15719. libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.
FIRST-EPSS: 0.001550000
NVD-IS: 2.5
NVD-ES: 1.6
#ExploitObserverAlert
CVE-2022-32230
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2022-32230. Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot.
FIRST-EPSS: 0.001220000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-32230
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2022-32230. Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot.
FIRST-EPSS: 0.001220000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-26625
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2020-26625. A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.
FIRST-EPSS: 0.001110000
NVD-IS: 2.5
NVD-ES: 1.2
CVE-2020-26625
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2020-26625. A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.
FIRST-EPSS: 0.001110000
NVD-IS: 2.5
NVD-ES: 1.2
#ExploitObserverAlert
GHSA-4g3h-v9fp-pgm4
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-4G3H-V9FP-PGM4. A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.
GHSS: 6.2
GHSA-4g3h-v9fp-pgm4
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-4G3H-V9FP-PGM4. A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.
GHSS: 6.2
#ExploitObserverAlert
GHSA-8h2x-gr2c-c275
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-8H2X-GR2C-C275. A vulnerability was found in CubeFS that could allow users to read sensitive data from the logs which could allow them escalate privileges.
GHSS: 4.8
GHSA-8h2x-gr2c-c275
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-8H2X-GR2C-C275. A vulnerability was found in CubeFS that could allow users to read sensitive data from the logs which could allow them escalate privileges.
GHSS: 4.8
#ExploitObserverAlert
CVE-2023-46805
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2023-46805. An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
NVD-IS: 4.2
NVD-ES: 3.9
CVE-2023-46805
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2023-46805. An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
NVD-IS: 4.2
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-22942
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2022-22942. The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.
FIRST-EPSS: 0.000720000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2022-22942
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2022-22942. The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.
FIRST-EPSS: 0.000720000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-30145
DESCRIPTION: Exploit Observer has 11 entries in 3 file formats related to CVE-2023-30145. Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.
FIRST-EPSS: 0.015460000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-30145
DESCRIPTION: Exploit Observer has 11 entries in 3 file formats related to CVE-2023-30145. Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.
FIRST-EPSS: 0.015460000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-cx99-25hr-5jxf
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-CX99-25HR-5JXF. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned.
GHSS: 4.3
GHSA-cx99-25hr-5jxf
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-CX99-25HR-5JXF. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned.
GHSS: 4.3
#ExploitObserverAlert
CVE-2022-30076
DESCRIPTION: Exploit Observer has 30 entries in 2 file formats related to CVE-2022-30076. ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting.
FIRST-EPSS: 0.000540000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2022-30076
DESCRIPTION: Exploit Observer has 30 entries in 2 file formats related to CVE-2022-30076. ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting.
FIRST-EPSS: 0.000540000
NVD-IS: 1.4
NVD-ES: 3.9