#ExploitObserverAlert
CVE-2024-1672
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1672. Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
FIRST-EPSS: 0.000430000
CVE-2024-1672
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1672. Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-42945
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42945. A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may gain unauthorized access to Bluetooth.
FIRST-EPSS: 0.000430000
CVE-2023-42945
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42945. A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may gain unauthorized access to Bluetooth.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-24798
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-24798. Cross-Site Request Forgery (CSRF) vulnerability in SoniNow Team Debug.This issue affects Debug: from n/a through 1.10.
FIRST-EPSS: 0.000430000
CVE-2024-24798
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-24798. Cross-Site Request Forgery (CSRF) vulnerability in SoniNow Team Debug.This issue affects Debug: from n/a through 1.10.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-1081
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1081. The 3D FlipBook – PDF Flipbook WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bookmark feature in all versions up to, and including, 1.15.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000
CVE-2024-1081
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1081. The 3D FlipBook – PDF Flipbook WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bookmark feature in all versions up to, and including, 1.15.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-1631
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1631. Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using secure randomness. However, a recent change broke this guarantee and uses an insecure seed for key pair generation. Since the private key of this identity (535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe) is compromised, one could lose funds associated with the principal on ledgers or lose access to a canister where this principal is the controller.
FIRST-EPSS: 0.000450000
CVE-2024-1631
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1631. Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using secure randomness. However, a recent change broke this guarantee and uses an insecure seed for key pair generation. Since the private key of this identity (535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe) is compromised, one could lose funds associated with the principal on ledgers or lose access to a canister where this principal is the controller.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2024-22235
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22235. VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
FIRST-EPSS: 0.000430000
CVE-2024-22235
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22235. VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-1676
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1676. Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)
FIRST-EPSS: 0.000430000
CVE-2024-1676
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1676. Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-42840
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42840. The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.
FIRST-EPSS: 0.000450000
CVE-2023-42840
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42840. The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2023-42834
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42834. A privacy issue was addressed with improved handling of files. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.
FIRST-EPSS: 0.000450000
CVE-2023-42834
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42834. A privacy issue was addressed with improved handling of files. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2024-25904
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25904. Cross-Site Request Forgery (CSRF) vulnerability in David Stockl TinyMCE and TinyMCE Advanced Professsional Formats and Styles.This issue affects TinyMCE and TinyMCE Advanced Professsional Formats and Styles: from n/a through 1.1.2.
FIRST-EPSS: 0.000430000
CVE-2024-25904
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25904. Cross-Site Request Forgery (CSRF) vulnerability in David Stockl TinyMCE and TinyMCE Advanced Professsional Formats and Styles.This issue affects TinyMCE and TinyMCE Advanced Professsional Formats and Styles: from n/a through 1.1.2.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-23758
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23758. An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information via the Enterprise ManagementInstaller_msi.log file.
FIRST-EPSS: 0.000430000
CVE-2024-23758
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23758. An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information via the Enterprise ManagementInstaller_msi.log file.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-25905
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25905. Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form.This issue affects Multi Step Form: from n/a through 1.7.18.
FIRST-EPSS: 0.000430000
CVE-2024-25905
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25905. Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form.This issue affects Multi Step Form: from n/a through 1.7.18.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-25601
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25601. Stored cross-site scripting (XSS) vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the name text field of a geolocation custom field.
FIRST-EPSS: 0.000430000
CVE-2024-25601
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25601. Stored cross-site scripting (XSS) vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the name text field of a geolocation custom field.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-1669
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1669. Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000430000
CVE-2024-1669
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1669. Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-1673
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1673. Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
FIRST-EPSS: 0.000430000
CVE-2024-1673
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1673. Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-1674
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1674. Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
FIRST-EPSS: 0.000430000
CVE-2024-1674
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1674. Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-42843
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42843. An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.
FIRST-EPSS: 0.000450000
CVE-2023-42843
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42843. An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2023-52442
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52442. In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in compound request `smb2_get_msg()` in smb2_get_ksmbd_tcon() and smb2_check_user_session() will always return the first request smb2 header in a compound request. if `SMB2_TREE_CONNECT_HE` is the first command in compound request, will return 0, i.e. The tree id check is skipped. This patch use ksmbd_req_buf_next() to get current command in compound.
FIRST-EPSS: 0.000450000
CVE-2023-52442
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52442. In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in compound request `smb2_get_msg()` in smb2_get_ksmbd_tcon() and smb2_check_user_session() will always return the first request smb2 header in a compound request. if `SMB2_TREE_CONNECT_HE` is the first command in compound request, will return 0, i.e. The tree id check is skipped. This patch use ksmbd_req_buf_next() to get current command in compound.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2023-42952
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42952. The issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.1. An app with root privileges may be able to access private information.
FIRST-EPSS: 0.000450000
CVE-2023-42952
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42952. The issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.1. An app with root privileges may be able to access private information.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2024-25602
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25602. Stored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into an organization’s “Name” text field
FIRST-EPSS: 0.000430000
CVE-2024-25602
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25602. Stored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into an organization’s “Name” text field
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-26269
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26269. Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via the anchor (hash) part of a URL.
FIRST-EPSS: 0.000430000
CVE-2024-26269
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26269. Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via the anchor (hash) part of a URL.
FIRST-EPSS: 0.000430000