#ExploitObserverAlert
CVE-2024-1674
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1674. Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
FIRST-EPSS: 0.000430000
CVE-2024-1674
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1674. Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-42843
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42843. An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.
FIRST-EPSS: 0.000450000
CVE-2023-42843
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42843. An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2023-52442
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52442. In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in compound request `smb2_get_msg()` in smb2_get_ksmbd_tcon() and smb2_check_user_session() will always return the first request smb2 header in a compound request. if `SMB2_TREE_CONNECT_HE` is the first command in compound request, will return 0, i.e. The tree id check is skipped. This patch use ksmbd_req_buf_next() to get current command in compound.
FIRST-EPSS: 0.000450000
CVE-2023-52442
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52442. In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in compound request `smb2_get_msg()` in smb2_get_ksmbd_tcon() and smb2_check_user_session() will always return the first request smb2 header in a compound request. if `SMB2_TREE_CONNECT_HE` is the first command in compound request, will return 0, i.e. The tree id check is skipped. This patch use ksmbd_req_buf_next() to get current command in compound.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2023-42952
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42952. The issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.1. An app with root privileges may be able to access private information.
FIRST-EPSS: 0.000450000
CVE-2023-42952
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42952. The issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.1. An app with root privileges may be able to access private information.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2024-25602
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25602. Stored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into an organization’s “Name” text field
FIRST-EPSS: 0.000430000
CVE-2024-25602
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25602. Stored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into an organization’s “Name” text field
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-26269
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26269. Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via the anchor (hash) part of a URL.
FIRST-EPSS: 0.000430000
CVE-2024-26269
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26269. Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via the anchor (hash) part of a URL.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-42836
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42836. A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An attacker may be able to access connected network volumes mounted in the home directory.
FIRST-EPSS: 0.000450000
CVE-2023-42836
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42836. A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An attacker may be able to access connected network volumes mounted in the home directory.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2023-42835
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42835. A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1. An attacker may be able to access user data.
FIRST-EPSS: 0.000430000
CVE-2023-42835
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42835. A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1. An attacker may be able to access user data.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-1108
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1108. The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_init() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin, which can also cause a denial of service due to a misconfiguration.
FIRST-EPSS: 0.000430000
CVE-2024-1108
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1108. The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_init() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin, which can also cause a denial of service due to a misconfiguration.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-24802
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-24802. Cross-Site Request Forgery (CSRF) vulnerability in John Tendik JTRT Responsive Tables.This issue affects JTRT Responsive Tables: from n/a through 4.1.9.
FIRST-EPSS: 0.000430000
CVE-2024-24802
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-24802. Cross-Site Request Forgery (CSRF) vulnerability in John Tendik JTRT Responsive Tables.This issue affects JTRT Responsive Tables: from n/a through 4.1.9.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-42496
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42496. Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_roles_admin_web_portlet_RolesAdminPortlet_tabs2 parameter.
FIRST-EPSS: 0.000430000
CVE-2023-42496
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42496. Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_roles_admin_web_portlet_RolesAdminPortlet_tabs2 parameter.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-42860
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42860. A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system.
FIRST-EPSS: 0.000450000
CVE-2023-42860
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42860. A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2024-25147
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25147. Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via crafted javascript: style links.
FIRST-EPSS: 0.000430000
CVE-2024-25147
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25147. Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via crafted javascript: style links.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-42889
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42889. The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to bypass certain Privacy preferences.
FIRST-EPSS: 0.000450000
CVE-2023-42889
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42889. The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to bypass certain Privacy preferences.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2024-24876
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-24876. Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12.
FIRST-EPSS: 0.000430000
CVE-2024-24876
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-24876. Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-42951
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42951. The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1. A user may be unable to delete browsing history items.
FIRST-EPSS: 0.000430000
CVE-2023-42951
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42951. The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1. A user may be unable to delete browsing history items.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-42942
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42942. This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able to gain root privileges.
FIRST-EPSS: 0.000440000
CVE-2023-42942
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42942. This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able to gain root privileges.
FIRST-EPSS: 0.000440000
#ExploitObserverAlert
CVE-2023-42928
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42928. The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.1 and iPadOS 17.1. An app may be able to gain elevated privileges.
FIRST-EPSS: 0.000430000
CVE-2023-42928
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42928. The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.1 and iPadOS 17.1. An app may be able to gain elevated privileges.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-25151
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25151. The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote authenticated users to inject arbitrary web script or HTML via the title of a calendar event or the user's name. This may lead to a content spoofing or cross-site scripting (XSS) attacks depending on the capability of the receiver's mail client.
FIRST-EPSS: 0.000430000
CVE-2024-25151
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25151. The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote authenticated users to inject arbitrary web script or HTML via the title of a calendar event or the user's name. This may lead to a content spoofing or cross-site scripting (XSS) attacks depending on the capability of the receiver's mail client.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-25152
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25152. Stored cross-site scripting (XSS) vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via the filename of an attachment.
FIRST-EPSS: 0.000430000
CVE-2024-25152
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25152. Stored cross-site scripting (XSS) vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via the filename of an attachment.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-24849
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-24849. Cross-Site Request Forgery (CSRF) vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1.
FIRST-EPSS: 0.000430000
CVE-2024-24849
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-24849. Cross-Site Request Forgery (CSRF) vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1.
FIRST-EPSS: 0.000430000