#ExploitObserverAlert
CVE-2024-21665
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-21665. ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in version 1.0.10.
FIRST-EPSS: 0.000480000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2024-21665
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-21665. ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in version 1.0.10.
FIRST-EPSS: 0.000480000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-20592
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-20592. Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2023-20592
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-20592. Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-33758
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-33758. Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the CLIENT_NAME and DEVICE_GUID fields in the login component.
CVE-2023-33758
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-33758. Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the CLIENT_NAME and DEVICE_GUID fields in the login component.
#ExploitObserverAlert
CVE-2023-0794
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-0794. Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
FIRST-EPSS: 0.000480000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-0794
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-0794. Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
FIRST-EPSS: 0.000480000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
GHSA-cwx6-4wmf-c6xv
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-CWX6-4WMF-C6XV. The application allows to create zip files from available files on the site. The parameter "selectedIds", is susceptible to SQL Injection.
GHSA-cwx6-4wmf-c6xv
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-CWX6-4WMF-C6XV. The application allows to create zip files from available files on the site. The parameter "selectedIds", is susceptible to SQL Injection.
#ExploitObserverAlert
CVE-2023-47350
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-47350. Cross-Site Request Forgery (CSRF) vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality.
FIRST-EPSS: 0.000580000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-47350
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-47350. Cross-Site Request Forgery (CSRF) vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality.
FIRST-EPSS: 0.000580000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2024-0260
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0260. A vulnerability, which was classified as problematic, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file change_password_teacher.php of the component Password Change. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249816.
FIRST-EPSS: 0.000540000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2024-0260
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0260. A vulnerability, which was classified as problematic, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file change_password_teacher.php of the component Password Change. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249816.
FIRST-EPSS: 0.000540000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-38153
DESCRIPTION: Exploit Observer has 7 entries in 5 file formats related to CVE-2022-38153. An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a "free(): invalid pointer" message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle.
FIRST-EPSS: 0.002050000
NVD-IS: 3.6
NVD-ES: 2.2
CVE-2022-38153
DESCRIPTION: Exploit Observer has 7 entries in 5 file formats related to CVE-2022-38153. An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a "free(): invalid pointer" message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle.
FIRST-EPSS: 0.002050000
NVD-IS: 3.6
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2024-21306
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2024-21306. Microsoft Bluetooth Driver Spoofing Vulnerability
FIRST-EPSS: 0.000570000
NVD-IS: 3.6
NVD-ES: 2.1
CVE-2024-21306
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2024-21306. Microsoft Bluetooth Driver Spoofing Vulnerability
FIRST-EPSS: 0.000570000
NVD-IS: 3.6
NVD-ES: 2.1
#ExploitObserverAlert
CVE-2023-2160
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-2160. Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-2160
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-2160. Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
PSS-176713
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to PSS-176713. Red Hat Security Advisory 2024-0399-03. Red Hat Security Advisory 2024-0399-03 - An update for gnutls is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
PSS-176713
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to PSS-176713. Red Hat Security Advisory 2024-0399-03. Red Hat Security Advisory 2024-0399-03 - An update for gnutls is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
#ExploitObserverAlert
CVE-2023-52039
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52039. An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function.
CVE-2023-52039
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52039. An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function.
#ExploitObserverAlert
CVE-2024-0349
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0349. A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-250117 was assigned to this vulnerability.
FIRST-EPSS: 0.000520000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2024-0349
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0349. A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-250117 was assigned to this vulnerability.
FIRST-EPSS: 0.000520000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-0788
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-0788. Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
FIRST-EPSS: 0.000760000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-0788
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-0788. Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
FIRST-EPSS: 0.000760000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-9j84-h9rr-927m
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-9J84-H9RR-927M. Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
GHSA-9j84-h9rr-927m
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-9J84-H9RR-927M. Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
#ExploitObserverAlert
GHSA-8p37-w86w-447q
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-8P37-W86W-447Q. The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'disqus_name' parameter in all versions up to, and including, 1.0.92.1 due to insufficient input sanitization and output escaping on the executed JS file. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
GHSA-8p37-w86w-447q
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-8P37-W86W-447Q. The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'disqus_name' parameter in all versions up to, and including, 1.0.92.1 due to insufficient input sanitization and output escaping on the executed JS file. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
#ExploitObserverAlert
CVE-2023-0791
DESCRIPTION: Exploit Observer has 4 entries in 4 file formats related to CVE-2023-0791. Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
FIRST-EPSS: 0.000480000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-0791
DESCRIPTION: Exploit Observer has 4 entries in 4 file formats related to CVE-2023-0791. Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
FIRST-EPSS: 0.000480000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2024-0553
DESCRIPTION: Exploit Observer has 8 entries in 4 file formats related to CVE-2024-0553. A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
FIRST-EPSS: 0.001290000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2024-0553
DESCRIPTION: Exploit Observer has 8 entries in 4 file formats related to CVE-2024-0553. A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
FIRST-EPSS: 0.001290000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-4969
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2023-4969. A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.
FIRST-EPSS: 0.000650000
NVD-IS: 4.0
NVD-ES: 2.0
CVE-2023-4969
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2023-4969. A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.
FIRST-EPSS: 0.000650000
NVD-IS: 4.0
NVD-ES: 2.0
#ExploitObserverAlert
CVE-2024-21668
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-21668. react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging Bridge (ADB) if it is enabled in the phone settings. This bug is not present on iOS devices. By logging the encryption secret to the system logs, attackers can trivially recover the secret by enabling ADB and undermining an app's thread model. This issue has been patched in version 2.11.0.
FIRST-EPSS: 0.000580000
NVD-IS: 3.6
NVD-ES: 1.2
CVE-2024-21668
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-21668. react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging Bridge (ADB) if it is enabled in the phone settings. This bug is not present on iOS devices. By logging the encryption secret to the system logs, attackers can trivially recover the secret by enabling ADB and undermining an app's thread model. This issue has been patched in version 2.11.0.
FIRST-EPSS: 0.000580000
NVD-IS: 3.6
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2024-0184
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-0184. A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/edit_teacher.php of the component Add Enginer. The manipulation of the argument Firstname/Lastname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249442 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000510000
NVD-IS: 2.7
NVD-ES: 1.7
CVE-2024-0184
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-0184. A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/edit_teacher.php of the component Add Enginer. The manipulation of the argument Firstname/Lastname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249442 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000510000
NVD-IS: 2.7
NVD-ES: 1.7