#ExploitObserverAlert
CVE-2024-23726
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23726. Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit.
FIRST-EPSS: 0.000470000
CVE-2024-23726
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23726. Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit.
FIRST-EPSS: 0.000470000
#ExploitObserverAlert
CVE-2024-0350
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-0350. A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-250118 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000540000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2024-0350
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-0350. A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-250118 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000540000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-1116
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-1116. Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.
FIRST-EPSS: 0.000900000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-1116
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-1116. Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.
FIRST-EPSS: 0.000900000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-43998
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-43998. An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-43998
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-43998. An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
#ExploitObserverAlert
CVE-2023-6890
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-6890. Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-6890
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-6890. Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
GHSA-xvj9-4p6c-c3xm
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-XVJ9-4P6C-C3XM. Dynamics Finance and Operations Cross-site Scripting Vulnerability
GHSA-xvj9-4p6c-c3xm
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-XVJ9-4P6C-C3XM. Dynamics Finance and Operations Cross-site Scripting Vulnerability
#ExploitObserverAlert
CVE-2023-43996
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-43996. An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-43996
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-43996. An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
#ExploitObserverAlert
CVE-2024-23646
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23646. Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter `selectedIds` is susceptible to SQL Injection. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. Version 1.3.2 contains a fix for this issue.
CVE-2024-23646
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23646. Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter `selectedIds` is susceptible to SQL Injection. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. Version 1.3.2 contains a fix for this issue.
#ExploitObserverAlert
CVE-2023-0793
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2023-0793. Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
FIRST-EPSS: 0.000560000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-0793
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2023-0793. Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
FIRST-EPSS: 0.000560000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
PSS-176714
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176714. Gabriels FTP Server 1.2 Denial Of Service. Gabriels FTP Server version 1.2 remote denial of service exploit.
PSS-176714
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176714. Gabriels FTP Server 1.2 Denial Of Service. Gabriels FTP Server version 1.2 remote denial of service exploit.
#ExploitObserverAlert
CVE-2023-0565
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-0565. Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10.
FIRST-EPSS: 0.000510000
NVD-IS: 3.6
NVD-ES: 1.2
CVE-2023-0565
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-0565. Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10.
FIRST-EPSS: 0.000510000
NVD-IS: 3.6
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2023-0786
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-0786. Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
FIRST-EPSS: 0.000510000
NVD-IS: 2.7
NVD-ES: 1.7
CVE-2023-0786
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-0786. Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
FIRST-EPSS: 0.000510000
NVD-IS: 2.7
NVD-ES: 1.7
#ExploitObserverAlert
PSS-176710
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to PSS-176710. Red Hat Security Advisory 2024-0386-03. Red Hat Security Advisory 2024-0386-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a use-after-free vulnerability.
PSS-176710
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to PSS-176710. Red Hat Security Advisory 2024-0386-03. Red Hat Security Advisory 2024-0386-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a use-after-free vulnerability.
#ExploitObserverAlert
GHSA-vrx4-754w-fhfx
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-VRX4-754W-FHFX. TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg
GHSA-vrx4-754w-fhfx
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-VRX4-754W-FHFX. TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg
#ExploitObserverAlert
CVE-2024-22233
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-22233. In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpath Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.
FIRST-EPSS: 0.000430000
CVE-2024-22233
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-22233. In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpath Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-23641
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23641. SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg `{}` to a built and previewed/hosted sveltekit app throws `Request with GET/HEAD method cannot have body.` and crashes the preview/hosting. After this happens, one must manually restart the app. `TRACE` requests will also cause the app to crash. Prerendered pages and SvelteKit 1 apps are not affected. `@sveltejs/adapter-node` versions 2.1.2, 3.0.3, and 4.0.1 and `@sveltejs/kit` version 2.4.3 contain a patch for this issue.
CVE-2024-23641
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23641. SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg `{}` to a built and previewed/hosted sveltekit app throws `Request with GET/HEAD method cannot have body.` and crashes the preview/hosting. After this happens, one must manually restart the app. `TRACE` requests will also cause the app to crash. Prerendered pages and SvelteKit 1 apps are not affected. `@sveltejs/adapter-node` versions 2.1.2, 3.0.3, and 4.0.1 and `@sveltejs/kit` version 2.4.3 contain a patch for this issue.
#ExploitObserverAlert
CVE-2023-0787
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-0787. Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
FIRST-EPSS: 0.000510000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-0787
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-0787. Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
FIRST-EPSS: 0.000510000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2024-22751
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-22751. D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the sub_477AA0 function.
CVE-2024-22751
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-22751. D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the sub_477AA0 function.
#ExploitObserverAlert
CVE-2024-22195
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to CVE-2024-22195. Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2024-22195
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to CVE-2024-22195. Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-6148
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2023-6148. Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which it was possible to control response for certain request which could be injected with XSS payloads leading to XSS while processing the response data
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-6148
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2023-6148. Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which it was possible to control response for certain request which could be injected with XSS payloads leading to XSS while processing the response data
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2024-0264
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0264. A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /LoginRegistration.php. The manipulation of the argument formToken leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249820.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2024-0264
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0264. A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /LoginRegistration.php. The manipulation of the argument formToken leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249820.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9