#ExploitObserverAlert
CVE-2023-0566
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2023-0566. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor prior to 2.0.10.
FIRST-EPSS: 0.000510000
NVD-IS: 2.7
NVD-ES: 1.7
CVE-2023-0566
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2023-0566. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor prior to 2.0.10.
FIRST-EPSS: 0.000510000
NVD-IS: 2.7
NVD-ES: 1.7
#ExploitObserverAlert
GHSA-j2p7-j8v8-q5g2
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-j2p7-j8v8-q5g2. Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability was present in the server's error reporting.
GHSA-j2p7-j8v8-q5g2
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-j2p7-j8v8-q5g2. Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability was present in the server's error reporting.
#ExploitObserverAlert
CVE-2023-50290
DESCRIPTION: Exploit Observer has 5 entries in 4 file formats related to CVE-2023-50290. Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host, unlike Java system properties which are set per-Java-proccess. The Solr Metrics API is protected by the "metrics-read" permission. Therefore, Solr Clouds with Authorization setup will only be vulnerable via users with the "metrics-read" permission. This issue affects Apache Solr: from 9.0.0 before 9.3.0. Users are recommended to upgrade to version 9.3.0 or later, in which environment variables are not published via the Metrics API.
FIRST-EPSS: 0.054520000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2023-50290
DESCRIPTION: Exploit Observer has 5 entries in 4 file formats related to CVE-2023-50290. Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host, unlike Java system properties which are set per-Java-proccess. The Solr Metrics API is protected by the "metrics-read" permission. Therefore, Solr Clouds with Authorization setup will only be vulnerable via users with the "metrics-read" permission. This issue affects Apache Solr: from 9.0.0 before 9.3.0. Users are recommended to upgrade to version 9.3.0 or later, in which environment variables are not published via the Metrics API.
FIRST-EPSS: 0.054520000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2024-0181
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-0181. A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin_user.php of the component Admin Panel. The manipulation of the argument Firstname/Lastname/Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249433 was assigned to this vulnerability.
FIRST-EPSS: 0.000510000
NVD-IS: 2.7
NVD-ES: 1.7
CVE-2024-0181
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-0181. A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin_user.php of the component Admin Panel. The manipulation of the argument Firstname/Lastname/Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249433 was assigned to this vulnerability.
FIRST-EPSS: 0.000510000
NVD-IS: 2.7
NVD-ES: 1.7
#ExploitObserverAlert
CVE-2024-22725
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-22725. Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability was present in the server's error reporting.
CVE-2024-22725
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-22725. Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability was present in the server's error reporting.
#ExploitObserverAlert
CVE-2023-1753
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-1753. Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-1753
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-1753. Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-51384
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to CVE-2023-51384. In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
FIRST-EPSS: 0.000450000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-51384
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to CVE-2023-51384. In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
FIRST-EPSS: 0.000450000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
GHSA-cjgm-9vc9-56mx
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-cjgm-9vc9-56mx. Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers.
GHSA-cjgm-9vc9-56mx
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-cjgm-9vc9-56mx. Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers.
#ExploitObserverAlert
CVE-2024-23222
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to CVE-2024-23222. A type confusion issue was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
FIRST-EPSS: 0.001320000
CVE-2024-23222
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to CVE-2024-23222. A type confusion issue was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
FIRST-EPSS: 0.001320000
#ExploitObserverAlert
CVE-2023-50256
DESCRIPTION: Exploit Observer has 4 entries in 4 file formats related to CVE-2023-50256. Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.
FIRST-EPSS: 0.000520000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-50256
DESCRIPTION: Exploit Observer has 4 entries in 4 file formats related to CVE-2023-50256. Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.
FIRST-EPSS: 0.000520000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-23897
DESCRIPTION: Exploit Observer has 6 entries in 5 file formats related to CVE-2024-23897. Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
CVE-2024-23897
DESCRIPTION: Exploit Observer has 6 entries in 5 file formats related to CVE-2024-23897. Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
#ExploitObserverAlert
CVE-2023-5981
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to CVE-2023-5981. A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
FIRST-EPSS: 0.000710000
NVD-IS: 3.6
NVD-ES: 2.2
CVE-2023-5981
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to CVE-2023-5981. A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
FIRST-EPSS: 0.000710000
NVD-IS: 3.6
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2023-44001
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-44001. An issue in Ailand clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-44001
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-44001. An issue in Ailand clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
#ExploitObserverAlert
PSS-176715
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176715. Ubuntu Security Notice USN-6597-1. Ubuntu Security Notice 6597-1 - It was discovered that Puma incorrectly handled parsing chunked transfer encoding bodies. A remote attacker could possibly use this issue to cause Puma to consume resources, leading to a denial of service.
PSS-176715
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176715. Ubuntu Security Notice USN-6597-1. Ubuntu Security Notice 6597-1 - It was discovered that Puma incorrectly handled parsing chunked transfer encoding bodies. A remote attacker could possibly use this issue to cause Puma to consume resources, leading to a denial of service.
#ExploitObserverAlert
CVE-2024-0265
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0265. A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249821 was assigned to this vulnerability.
FIRST-EPSS: 0.001070000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2024-0265
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0265. A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249821 was assigned to this vulnerability.
FIRST-EPSS: 0.001070000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
GHSA-j3m6-gvm8-mhvw
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-j3m6-gvm8-mhvw. Users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using the CSV import form, provided they have create permissions.
GHSA-j3m6-gvm8-mhvw
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-j3m6-gvm8-mhvw. Users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using the CSV import form, provided they have create permissions.
#ExploitObserverAlert
CVE-2023-32845
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-32845. In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01139296 (MSV-860).
FIRST-EPSS: 0.000800000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-32845
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-32845. In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01139296 (MSV-860).
FIRST-EPSS: 0.000800000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-48476
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2022-48476. In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible
FIRST-EPSS: 0.000900000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-48476
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2022-48476. In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible
FIRST-EPSS: 0.000900000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-24453
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-24453. A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.
FIRST-EPSS: 0.000480000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2023-24453
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-24453. A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.
FIRST-EPSS: 0.000480000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-4304
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-4304. Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.
FIRST-EPSS: 0.000440000
NVD-IS: 1.4
NVD-ES: 1.2
CVE-2023-4304
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-4304. Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.
FIRST-EPSS: 0.000440000
NVD-IS: 1.4
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2023-0789
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-0789. Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
FIRST-EPSS: 0.001010000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-0789
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-0789. Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
FIRST-EPSS: 0.001010000
NVD-IS: 5.9
NVD-ES: 3.9