#ExploitObserverAlert
CVE-2024-2626
DESCRIPTION: Exploit Observer has 22 entries in 5 file formats related to CVE-2024-2626. Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
FIRST-EPSS: 0.000000000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2024-2626
DESCRIPTION: Exploit Observer has 22 entries in 5 file formats related to CVE-2024-2626. Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
FIRST-EPSS: 0.000000000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2024-1664
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1664. The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
FIRST-EPSS: 0.000000000
CVE-2024-1664
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1664. The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
FIRST-EPSS: 0.000000000
#ExploitObserverAlert
CVE-2024-2511
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-2511. Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.
FIRST-EPSS: 0.000000000
CVE-2024-2511
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-2511. Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.
FIRST-EPSS: 0.000000000
#ExploitObserverAlert
CVE-2024-27983
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to CVE-2024-27983. An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.
FIRST-EPSS: 0.000000000
CVE-2024-27983
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to CVE-2024-27983. An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.
FIRST-EPSS: 0.000000000
#ExploitObserverAlert
CVE-2023-7164
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2023-7164. The BackWPup WordPress plugin before 4.0.4 does not prevent visitors from leaking key information about ongoing backups, allowing unauthenticated attackers to download backups of a site's database.
FIRST-EPSS: 0.000000000
CVE-2023-7164
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2023-7164. The BackWPup WordPress plugin before 4.0.4 does not prevent visitors from leaking key information about ongoing backups, allowing unauthenticated attackers to download backups of a site's database.
FIRST-EPSS: 0.000000000
#ExploitObserverAlert
CVE-2024-2879
DESCRIPTION: Exploit Observer has 32 entries in 8 file formats related to CVE-2024-2879. The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
FIRST-EPSS: 0.000000000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2024-2879
DESCRIPTION: Exploit Observer has 32 entries in 8 file formats related to CVE-2024-2879. The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
FIRST-EPSS: 0.000000000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-2198
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2198. The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_address’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
FIRST-EPSS: 0.000430000
CVE-2024-2198
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2198. The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_address’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-2039
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2039. The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post(v2) block title tag in all versions up to, and including, 3.12.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000
CVE-2024-2039
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2039. The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post(v2) block title tag in all versions up to, and including, 3.12.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-2957
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2957. The Simple Ajax Chat – Add a Fast, Secure Chat Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field in all versions up to, and including, 20240216 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000
CVE-2024-2957
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2957. The Simple Ajax Chat – Add a Fast, Secure Chat Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field in all versions up to, and including, 20240216 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-47540
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-47540. An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.0.5 through 3.0.7 may allows attacker to execute unauthorized code or commands via CLI.
FIRST-EPSS: 0.000430000
CVE-2023-47540
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-47540. An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.0.5 through 3.0.7 may allows attacker to execute unauthorized code or commands via CLI.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-41677
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-41677. A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack
FIRST-EPSS: 0.000430000
CVE-2023-41677
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-41677. A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-49913
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-49913. A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x422448` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.
FIRST-EPSS: 0.000430000
CVE-2023-49913
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-49913. A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x422448` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-49907
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-49907. A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x0045aad8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 1.2
CVE-2023-49907
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-49907. A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x0045aad8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2024-23662
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-23662. An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests.
FIRST-EPSS: 0.000430000
CVE-2024-23662
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-23662. An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-2138
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2138. The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000
CVE-2024-2138
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2138. The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-48724
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-48724. A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device's web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability.
FIRST-EPSS: 0.000430000
CVE-2023-48724
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-48724. A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device's web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-2325
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2325. The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchll parameter in all versions up to, and including, 7.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
FIRST-EPSS: 0.000430000
CVE-2024-2325
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2325. The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchll parameter in all versions up to, and including, 7.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-1458
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-1458. The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘text_alignment’ attribute of the Animated Text widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000
CVE-2024-1458
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-1458. The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘text_alignment’ attribute of the Animated Text widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-2347
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2347. The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000
CVE-2024-2347
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2347. The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-29988
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-29988. SmartScreen Prompt Security Feature Bypass Vulnerability
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2024-29988
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-29988. SmartScreen Prompt Security Feature Bypass Vulnerability
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2024-2287
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2287. The Knight Lab Timeline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.9.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000
CVE-2024-2287
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2287. The Knight Lab Timeline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.9.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000