#ExploitObserverAlert
GHSA-gvpg-vgmx-xg6w
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to GHSA-gvpg-vgmx-xg6w. Denial of Service in Connect2id Nimbus JOSE+JWT
GHSA-gvpg-vgmx-xg6w
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to GHSA-gvpg-vgmx-xg6w. Denial of Service in Connect2id Nimbus JOSE+JWT
#ExploitObserverAlert
BDU:2024-02014
DESCRIPTION: Exploit Observer has 27 entries in 8 file formats related to BDU:2024-02014. The vulnerability of the JetBrains TeamCity continuous integration and delivery system (CI/CD) is related to bypassing the authentication procedure by using an alternative path or channel, allowing an attacker to perform arbitrary actions. Exploiting this vulnerability can enable a remote attacker to execute arbitrary actions by bypassing the authentication procedure in the JetBrains TeamCity continuous integration and delivery system (CI/CD) using an alternative path or channel.
BDU:2024-02014
DESCRIPTION: Exploit Observer has 27 entries in 8 file formats related to BDU:2024-02014. The vulnerability of the JetBrains TeamCity continuous integration and delivery system (CI/CD) is related to bypassing the authentication procedure by using an alternative path or channel, allowing an attacker to perform arbitrary actions. Exploiting this vulnerability can enable a remote attacker to execute arbitrary actions by bypassing the authentication procedure in the JetBrains TeamCity continuous integration and delivery system (CI/CD) using an alternative path or channel.
#ExploitObserverAlert
BDU:2024-01953
DESCRIPTION: Exploit Observer has 10 entries in 4 file formats related to BDU:2024-01953. Vulnerability of the panorama.pm component in the monitoring console web interface for Naemon, Nagios, Icinga and Shinken THRUK, allowing an attacker to upload arbitrary files. The vulnerability of the panorama.pm component in the web interface of the monitoring console for Naemon, Nagios, Icinga and Shinken THRUK is related to the incorrect restriction of the directory path name with limited access. Exploiting the vulnerability could allow a remote attacker to upload arbitrary files.
BDU:2024-01953
DESCRIPTION: Exploit Observer has 10 entries in 4 file formats related to BDU:2024-01953. Vulnerability of the panorama.pm component in the monitoring console web interface for Naemon, Nagios, Icinga and Shinken THRUK, allowing an attacker to upload arbitrary files. The vulnerability of the panorama.pm component in the web interface of the monitoring console for Naemon, Nagios, Icinga and Shinken THRUK is related to the incorrect restriction of the directory path name with limited access. Exploiting the vulnerability could allow a remote attacker to upload arbitrary files.
#ExploitObserverAlert
CVE-2024-26475
DESCRIPTION: Exploit Observer has 36 entries in 5 file formats related to CVE-2024-26475. An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function.
FIRST-EPSS: 0.000430000
CVE-2024-26475
DESCRIPTION: Exploit Observer has 36 entries in 5 file formats related to CVE-2024-26475. An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-2193
DESCRIPTION: Exploit Observer has 48 entries in 5 file formats related to CVE-2024-2193. A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
CVE-2024-2193
DESCRIPTION: Exploit Observer has 48 entries in 5 file formats related to CVE-2024-2193. A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
#ExploitObserverAlert
CVE-2024-26503
DESCRIPTION: Exploit Observer has 32 entries in 4 file formats related to CVE-2024-26503. Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint.
FIRST-EPSS: 0.000430000
CVE-2024-26503
DESCRIPTION: Exploit Observer has 32 entries in 4 file formats related to CVE-2024-26503. Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-2480
DESCRIPTION: Exploit Observer has 84 entries in 13 file formats related to CVE-2024-2480. A vulnerability classified as critical was found in MHA Sistemas arMHAzena 9.6.0.0. This vulnerability affects unknown code of the component Executa Page. The manipulation of the argument Companhia/Planta/Agente de/Agente até leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256888. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.000450000
CVE-2024-2480
DESCRIPTION: Exploit Observer has 84 entries in 13 file formats related to CVE-2024-2480. A vulnerability classified as critical was found in MHA Sistemas arMHAzena 9.6.0.0. This vulnerability affects unknown code of the component Executa Page. The manipulation of the argument Companhia/Planta/Agente de/Agente até leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256888. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2024-1795
DESCRIPTION: Exploit Observer has 23 entries in 3 file formats related to CVE-2024-1795. The HUSKY – Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to SQL Injection via the 'name' parameter in the woof shortcode in all versions up to, and including, 1.3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
FIRST-EPSS: 0.000430000
CVE-2024-1795
DESCRIPTION: Exploit Observer has 23 entries in 3 file formats related to CVE-2024-1795. The HUSKY – Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to SQL Injection via the 'name' parameter in the woof shortcode in all versions up to, and including, 1.3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-2485
DESCRIPTION: Exploit Observer has 51 entries in 6 file formats related to CVE-2024-2485. A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.000450000
CVE-2024-2485
DESCRIPTION: Exploit Observer has 51 entries in 6 file formats related to CVE-2024-2485. A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2024-2479
DESCRIPTION: Exploit Observer has 26 entries in 3 file formats related to CVE-2024-2479. A vulnerability classified as problematic has been found in MHA Sistemas arMHAzena 9.6.0.0. This affects an unknown part of the component Cadastro Page. The manipulation of the argument Query leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256887. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.000450000
CVE-2024-2479
DESCRIPTION: Exploit Observer has 26 entries in 3 file formats related to CVE-2024-2479. A vulnerability classified as problematic has been found in MHA Sistemas arMHAzena 9.6.0.0. This affects an unknown part of the component Cadastro Page. The manipulation of the argument Query leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256887. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2024-2488
DESCRIPTION: Exploit Observer has 28 entries in 4 file formats related to CVE-2024-2488. A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIP leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256895. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-2488
DESCRIPTION: Exploit Observer has 28 entries in 4 file formats related to CVE-2024-2488. A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIP leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256895. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
CVE-2024-2481
DESCRIPTION: Exploit Observer has 71 entries in 9 file formats related to CVE-2024-2481. A vulnerability, which was classified as critical, was found in Surya2Developer Hostel Management System 1.0. Affected is an unknown function of the file /admin/manage-students.php. The manipulation of the argument del leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256890 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000450000
CVE-2024-2481
DESCRIPTION: Exploit Observer has 71 entries in 9 file formats related to CVE-2024-2481. A vulnerability, which was classified as critical, was found in Surya2Developer Hostel Management System 1.0. Affected is an unknown function of the file /admin/manage-students.php. The manipulation of the argument del leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256890 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2024-27351
DESCRIPTION: Exploit Observer has 48 entries in 6 file formats related to CVE-2024-27351. In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
CVE-2024-27351
DESCRIPTION: Exploit Observer has 48 entries in 6 file formats related to CVE-2024-27351. In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
#ExploitObserverAlert
CVE-2024-2490
DESCRIPTION: Exploit Observer has 24 entries in 4 file formats related to CVE-2024-2490. A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256897 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-2490
DESCRIPTION: Exploit Observer has 24 entries in 4 file formats related to CVE-2024-2490. A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256897 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
CVE-2024-2249
DESCRIPTION: Exploit Observer has 37 entries in 6 file formats related to CVE-2024-2249. The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LinkWrapper attribute found in several widgets in all versions up to, and including, 1.3.7.4 due to insufficient input sanitization and output escaping the user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000
CVE-2024-2249
DESCRIPTION: Exploit Observer has 37 entries in 6 file formats related to CVE-2024-2249. The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LinkWrapper attribute found in several widgets in all versions up to, and including, 1.3.7.4 due to insufficient input sanitization and output escaping the user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-2180
DESCRIPTION: Exploit Observer has 50 entries in 6 file formats related to CVE-2024-2180. Zemana AntiLogger v2.74.204.664 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x80002020 IOCTL code of the zam64.sys and zamguard64.sys drivers
FIRST-EPSS: 0.000430000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2024-2180
DESCRIPTION: Exploit Observer has 50 entries in 6 file formats related to CVE-2024-2180. Zemana AntiLogger v2.74.204.664 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x80002020 IOCTL code of the zam64.sys and zamguard64.sys drivers
FIRST-EPSS: 0.000430000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2024-2446
DESCRIPTION: Exploit Observer has 31 entries in 3 file formats related to CVE-2024-2446. Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to limit the number of @-mentions processed per message, allowing an authenticated attacker to crash the client applications of other users via large, crafted messages.
CVE-2024-2446
DESCRIPTION: Exploit Observer has 31 entries in 3 file formats related to CVE-2024-2446. Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to limit the number of @-mentions processed per message, allowing an authenticated attacker to crash the client applications of other users via large, crafted messages.
#ExploitObserverAlert
CVE-2024-2537
DESCRIPTION: Exploit Observer has 38 entries in 5 file formats related to CVE-2024-2537. Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on MacOS allows Local Code Inclusion.
CVE-2024-2537
DESCRIPTION: Exploit Observer has 38 entries in 5 file formats related to CVE-2024-2537. Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on MacOS allows Local Code Inclusion.
#ExploitObserverAlert
CVE-2023-28746
DESCRIPTION: Exploit Observer has 67 entries in 7 file formats related to CVE-2023-28746. Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
FIRST-EPSS: 0.000430000
CVE-2023-28746
DESCRIPTION: Exploit Observer has 67 entries in 7 file formats related to CVE-2023-28746. Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-2486
DESCRIPTION: Exploit Observer has 50 entries in 6 file formats related to CVE-2024-2486. A vulnerability was found in Tenda AC18 15.03.05.05. It has been classified as critical. This affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256893 was assigned to this vulnerability.
CVE-2024-2486
DESCRIPTION: Exploit Observer has 50 entries in 6 file formats related to CVE-2024-2486. A vulnerability was found in Tenda AC18 15.03.05.05. It has been classified as critical. This affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256893 was assigned to this vulnerability.
#ExploitObserverAlert
CVE-2024-2482
DESCRIPTION: Exploit Observer has 77 entries in 8 file formats related to CVE-2024-2482. A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /check_availability.php of the component HTTP POST Request Handler. The manipulation of the argument oldpassword leads to observable response discrepancy. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256891.
FIRST-EPSS: 0.000450000
CVE-2024-2482
DESCRIPTION: Exploit Observer has 77 entries in 8 file formats related to CVE-2024-2482. A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /check_availability.php of the component HTTP POST Request Handler. The manipulation of the argument oldpassword leads to observable response discrepancy. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256891.
FIRST-EPSS: 0.000450000