#ExploitObserverAlert
CVE-2023-40191
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-40191. Reflected cross-site scripting (XSS) vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 44 through 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the “Blocked Email Domains” text field
FIRST-EPSS: 0.000430000
CVE-2023-40191
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-40191. Reflected cross-site scripting (XSS) vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 44 through 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the “Blocked Email Domains” text field
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-42878
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42878. A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.
FIRST-EPSS: 0.000450000
CVE-2023-42878
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42878. A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2023-42873
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42873. The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges.
FIRST-EPSS: 0.000440000
CVE-2023-42873
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42873. The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges.
FIRST-EPSS: 0.000440000
#ExploitObserverAlert
CVE-2023-42838
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42838. An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.
FIRST-EPSS: 0.000450000
CVE-2023-42838
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42838. An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2023-42823
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42823. The issue was resolved by sanitizing logging This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.
FIRST-EPSS: 0.000440000
CVE-2023-42823
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42823. The issue was resolved by sanitizing logging This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.
FIRST-EPSS: 0.000440000
#ExploitObserverAlert
CVE-2024-1672
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1672. Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
FIRST-EPSS: 0.000430000
CVE-2024-1672
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1672. Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-42945
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42945. A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may gain unauthorized access to Bluetooth.
FIRST-EPSS: 0.000430000
CVE-2023-42945
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42945. A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may gain unauthorized access to Bluetooth.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-24798
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-24798. Cross-Site Request Forgery (CSRF) vulnerability in SoniNow Team Debug.This issue affects Debug: from n/a through 1.10.
FIRST-EPSS: 0.000430000
CVE-2024-24798
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-24798. Cross-Site Request Forgery (CSRF) vulnerability in SoniNow Team Debug.This issue affects Debug: from n/a through 1.10.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-1081
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1081. The 3D FlipBook – PDF Flipbook WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bookmark feature in all versions up to, and including, 1.15.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000
CVE-2024-1081
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1081. The 3D FlipBook – PDF Flipbook WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bookmark feature in all versions up to, and including, 1.15.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-1631
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1631. Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using secure randomness. However, a recent change broke this guarantee and uses an insecure seed for key pair generation. Since the private key of this identity (535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe) is compromised, one could lose funds associated with the principal on ledgers or lose access to a canister where this principal is the controller.
FIRST-EPSS: 0.000450000
CVE-2024-1631
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1631. Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using secure randomness. However, a recent change broke this guarantee and uses an insecure seed for key pair generation. Since the private key of this identity (535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe) is compromised, one could lose funds associated with the principal on ledgers or lose access to a canister where this principal is the controller.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2024-22235
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22235. VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
FIRST-EPSS: 0.000430000
CVE-2024-22235
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22235. VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-1676
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1676. Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)
FIRST-EPSS: 0.000430000
CVE-2024-1676
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1676. Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-42840
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42840. The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.
FIRST-EPSS: 0.000450000
CVE-2023-42840
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42840. The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2023-42834
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42834. A privacy issue was addressed with improved handling of files. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.
FIRST-EPSS: 0.000450000
CVE-2023-42834
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42834. A privacy issue was addressed with improved handling of files. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2024-25904
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25904. Cross-Site Request Forgery (CSRF) vulnerability in David Stockl TinyMCE and TinyMCE Advanced Professsional Formats and Styles.This issue affects TinyMCE and TinyMCE Advanced Professsional Formats and Styles: from n/a through 1.1.2.
FIRST-EPSS: 0.000430000
CVE-2024-25904
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25904. Cross-Site Request Forgery (CSRF) vulnerability in David Stockl TinyMCE and TinyMCE Advanced Professsional Formats and Styles.This issue affects TinyMCE and TinyMCE Advanced Professsional Formats and Styles: from n/a through 1.1.2.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-23758
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23758. An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information via the Enterprise ManagementInstaller_msi.log file.
FIRST-EPSS: 0.000430000
CVE-2024-23758
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23758. An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information via the Enterprise ManagementInstaller_msi.log file.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-25905
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25905. Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form.This issue affects Multi Step Form: from n/a through 1.7.18.
FIRST-EPSS: 0.000430000
CVE-2024-25905
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25905. Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form.This issue affects Multi Step Form: from n/a through 1.7.18.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-25601
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25601. Stored cross-site scripting (XSS) vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the name text field of a geolocation custom field.
FIRST-EPSS: 0.000430000
CVE-2024-25601
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25601. Stored cross-site scripting (XSS) vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the name text field of a geolocation custom field.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-1669
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1669. Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000430000
CVE-2024-1669
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1669. Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-1673
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1673. Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
FIRST-EPSS: 0.000430000
CVE-2024-1673
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1673. Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-1674
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1674. Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
FIRST-EPSS: 0.000430000
CVE-2024-1674
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1674. Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
FIRST-EPSS: 0.000430000