#ExploitObserverAlert
CVE-2022-42905
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2022-42905. In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)
FIRST-EPSS: 0.001410000
NVD-IS: 5.2
NVD-ES: 3.9
CVE-2022-42905
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2022-42905. In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)
FIRST-EPSS: 0.001410000
NVD-IS: 5.2
NVD-ES: 3.9
#ExploitObserverAlert
WLB-2024010074
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010074. GL.iNet Unauthenticated Remote Command Execution.
WLB-2024010074
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010074. GL.iNet Unauthenticated Remote Command Execution.
#ExploitObserverAlert
CVE-2023-0564
DESCRIPTION: Exploit Observer has 4 entries in 4 file formats related to CVE-2023-0564. Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10.
FIRST-EPSS: 0.000540000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-0564
DESCRIPTION: Exploit Observer has 4 entries in 4 file formats related to CVE-2023-0564. Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10.
FIRST-EPSS: 0.000540000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-0531
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0531. A vulnerability was found in Tenda A15 15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/setBlackRule of the component Web-based Management Interface. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250701 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.001140000
NVD-IS: 5.9
NVD-ES: 1.2
CVE-2024-0531
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0531. A vulnerability was found in Tenda A15 15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/setBlackRule of the component Web-based Management Interface. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250701 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.001140000
NVD-IS: 5.9
NVD-ES: 1.2
#ExploitObserverAlert
GHSA-x6wx-5g28-fwp2
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-X6WX-5G28-FWP2. Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
GHSA-x6wx-5g28-fwp2
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-X6WX-5G28-FWP2. Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
#ExploitObserverAlert
PSS-176720
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176720. GNU Privacy Guard 2.4.4. GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
PSS-176720
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176720. GNU Privacy Guard 2.4.4. GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
#ExploitObserverAlert
CVE-2023-33760
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-33760. SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue can allow attackers to eavesdrop on communications via a man-in-the-middle attack.
CVE-2023-33760
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-33760. SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue can allow attackers to eavesdrop on communications via a man-in-the-middle attack.
#ExploitObserverAlert
CVE-2023-0880
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-0880. Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
FIRST-EPSS: 0.000510000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2023-0880
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-0880. Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
FIRST-EPSS: 0.000510000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2024-0230
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2024-0230. A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.
FIRST-EPSS: 0.000440000
NVD-IS: 1.4
NVD-ES: 0.9
CVE-2024-0230
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2024-0230. A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.
FIRST-EPSS: 0.000440000
NVD-IS: 1.4
NVD-ES: 0.9
#ExploitObserverAlert
CVE-2023-52084
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-52084. Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-52084
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-52084. Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-20188
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-20188. A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device. Cisco has not released software updates to address this vulnerability.
FIRST-EPSS: 0.000480000
NVD-IS: 2.7
NVD-ES: 1.7
CVE-2023-20188
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-20188. A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device. Cisco has not released software updates to address this vulnerability.
FIRST-EPSS: 0.000480000
NVD-IS: 2.7
NVD-ES: 1.7
#ExploitObserverAlert
CVE-2024-0534
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0534. A vulnerability classified as critical has been found in Tenda A15 15.13.07.13. Affected is an unknown function of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250704. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.001140000
NVD-IS: 5.9
NVD-ES: 1.2
CVE-2024-0534
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-0534. A vulnerability classified as critical has been found in Tenda A15 15.13.07.13. Affected is an unknown function of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250704. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.001140000
NVD-IS: 5.9
NVD-ES: 1.2
#ExploitObserverAlert
WLB-2024010073
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010073. Saltstack Minion Payload Deployer.
WLB-2024010073
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010073. Saltstack Minion Payload Deployer.
#ExploitObserverAlert
CVE-2023-33757
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-33757. A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and before, and iPCS (Android App) v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack.
CVE-2023-33757
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-33757. A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and before, and iPCS (Android App) v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack.
#ExploitObserverAlert
CVE-2024-0211
DESCRIPTION: Exploit Observer has 5 entries in 4 file formats related to CVE-2024-0211. DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2024-0211
DESCRIPTION: Exploit Observer has 5 entries in 4 file formats related to CVE-2024-0211. DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-23726
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23726. Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit.
FIRST-EPSS: 0.000470000
CVE-2024-23726
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23726. Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit.
FIRST-EPSS: 0.000470000
#ExploitObserverAlert
CVE-2024-0350
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-0350. A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-250118 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000540000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2024-0350
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-0350. A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-250118 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000540000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-1116
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-1116. Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.
FIRST-EPSS: 0.000900000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-1116
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-1116. Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.
FIRST-EPSS: 0.000900000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-43998
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-43998. An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-43998
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-43998. An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
#ExploitObserverAlert
CVE-2023-6890
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-6890. Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-6890
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-6890. Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
GHSA-xvj9-4p6c-c3xm
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-XVJ9-4P6C-C3XM. Dynamics Finance and Operations Cross-site Scripting Vulnerability
GHSA-xvj9-4p6c-c3xm
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-XVJ9-4P6C-C3XM. Dynamics Finance and Operations Cross-site Scripting Vulnerability