#ExploitObserverAlert
CVE-2023-43995
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-43995. An issue in picot.golf mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-43995
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-43995. An issue in picot.golf mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
#ExploitObserverAlert
CVE-2023-20218
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-20218. A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks. Cisco will not release software updates that address this vulnerability. {{value}} ["%7b%7bvalue%7d%7d"])}]]
FIRST-EPSS: 0.000590000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-20218
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-20218. A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks. Cisco will not release software updates that address this vulnerability. {{value}} ["%7b%7bvalue%7d%7d"])}]]
FIRST-EPSS: 0.000590000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2024-0713
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0713. A vulnerability was found in Monitorr 1.7.6m. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assets/php/upload.php of the component Services Configuration. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251539. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.000450000
CVE-2024-0713
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0713. A vulnerability was found in Monitorr 1.7.6m. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assets/php/upload.php of the component Services Configuration. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251539. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2023-1885
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-1885. Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-1885
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-1885. Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-20702
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-20702. In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00921261; Issue ID: MOLY01128895.
FIRST-EPSS: 0.000800000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-20702
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-20702. In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00921261; Issue ID: MOLY01128895.
FIRST-EPSS: 0.000800000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-22309
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-22309. Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0.
CVE-2024-22309
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-22309. Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0.
#ExploitObserverAlert
CVE-2023-50944
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-50944. Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.
CVE-2023-50944
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-50944. Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.
#ExploitObserverAlert
CVE-2024-0192
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-0192. A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file downloadable.php of the component Add Downloadable. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249505 was assigned to this vulnerability.
FIRST-EPSS: 0.000510000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2024-0192
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-0192. A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file downloadable.php of the component Add Downloadable. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249505 was assigned to this vulnerability.
FIRST-EPSS: 0.000510000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2022-39173
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2022-39173. In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message.
FIRST-EPSS: 0.003080000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-39173
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2022-39173. In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message.
FIRST-EPSS: 0.003080000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-21665
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-21665. ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in version 1.0.10.
FIRST-EPSS: 0.000480000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2024-21665
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-21665. ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in version 1.0.10.
FIRST-EPSS: 0.000480000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-20592
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-20592. Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2023-20592
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-20592. Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-33758
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-33758. Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the CLIENT_NAME and DEVICE_GUID fields in the login component.
CVE-2023-33758
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-33758. Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the CLIENT_NAME and DEVICE_GUID fields in the login component.
#ExploitObserverAlert
CVE-2023-0794
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-0794. Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
FIRST-EPSS: 0.000480000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-0794
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-0794. Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
FIRST-EPSS: 0.000480000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
GHSA-cwx6-4wmf-c6xv
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-CWX6-4WMF-C6XV. The application allows to create zip files from available files on the site. The parameter "selectedIds", is susceptible to SQL Injection.
GHSA-cwx6-4wmf-c6xv
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-CWX6-4WMF-C6XV. The application allows to create zip files from available files on the site. The parameter "selectedIds", is susceptible to SQL Injection.
#ExploitObserverAlert
CVE-2023-47350
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-47350. Cross-Site Request Forgery (CSRF) vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality.
FIRST-EPSS: 0.000580000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-47350
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-47350. Cross-Site Request Forgery (CSRF) vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality.
FIRST-EPSS: 0.000580000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2024-0260
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0260. A vulnerability, which was classified as problematic, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file change_password_teacher.php of the component Password Change. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249816.
FIRST-EPSS: 0.000540000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2024-0260
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0260. A vulnerability, which was classified as problematic, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file change_password_teacher.php of the component Password Change. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249816.
FIRST-EPSS: 0.000540000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-38153
DESCRIPTION: Exploit Observer has 7 entries in 5 file formats related to CVE-2022-38153. An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a "free(): invalid pointer" message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle.
FIRST-EPSS: 0.002050000
NVD-IS: 3.6
NVD-ES: 2.2
CVE-2022-38153
DESCRIPTION: Exploit Observer has 7 entries in 5 file formats related to CVE-2022-38153. An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a "free(): invalid pointer" message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle.
FIRST-EPSS: 0.002050000
NVD-IS: 3.6
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2024-21306
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2024-21306. Microsoft Bluetooth Driver Spoofing Vulnerability
FIRST-EPSS: 0.000570000
NVD-IS: 3.6
NVD-ES: 2.1
CVE-2024-21306
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2024-21306. Microsoft Bluetooth Driver Spoofing Vulnerability
FIRST-EPSS: 0.000570000
NVD-IS: 3.6
NVD-ES: 2.1
#ExploitObserverAlert
CVE-2023-2160
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-2160. Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-2160
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-2160. Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
PSS-176713
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to PSS-176713. Red Hat Security Advisory 2024-0399-03. Red Hat Security Advisory 2024-0399-03 - An update for gnutls is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
PSS-176713
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to PSS-176713. Red Hat Security Advisory 2024-0399-03. Red Hat Security Advisory 2024-0399-03 - An update for gnutls is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
#ExploitObserverAlert
CVE-2023-52039
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52039. An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function.
CVE-2023-52039
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52039. An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function.