#ExploitObserverAlert
CVE-2023-47541
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-47541. An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 and 2.3.0 through 2.3.3 and 2.2.0 through 2.2.2 and 2.1.0 through 2.1.3 and 2.0.0 through 2.0.3 allows attacker to execute unauthorized code or commands via CLI.
FIRST-EPSS: 0.000430000
CVE-2023-47541
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-47541. An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 and 2.3.0 through 2.3.3 and 2.2.0 through 2.2.2 and 2.1.0 through 2.1.3 and 2.0.0 through 2.0.3 allows attacker to execute unauthorized code or commands via CLI.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-21756
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-21756. A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests..
FIRST-EPSS: 0.000430000
CVE-2024-21756
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-21756. A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests..
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-23671
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-23671. A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
FIRST-EPSS: 0.000430000
CVE-2024-23671
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-23671. A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-49908
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-49908. A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x0045abc8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 1.2
CVE-2023-49908
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-49908. A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x0045abc8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2024-28917
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-28917. Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000430000
NVD-IS: 4.0
NVD-ES: 1.7
CVE-2024-28917
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-28917. Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000430000
NVD-IS: 4.0
NVD-ES: 1.7
#ExploitObserverAlert
CVE-2024-1904
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-1904. The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose draft post titles and excerpts.
FIRST-EPSS: 0.000430000
CVE-2024-1904
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-1904. The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose draft post titles and excerpts.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-6317
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-6317. A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN. Full versions and TV models affected: webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA webOS 5.5.0 - 04.50.51 running on OLED55CXPUA webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA
FIRST-EPSS: 0.000430000
CVE-2023-6317
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-6317. A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN. Full versions and TV models affected: webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA webOS 5.5.0 - 04.50.51 running on OLED55CXPUA webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-21447
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-21447. Windows Authentication Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2024-21447
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-21447. Windows Authentication Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-47542
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-47542. A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates.
FIRST-EPSS: 0.000430000
CVE-2023-47542
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-47542. A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-6320
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-6320. A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to trigger this vulnerability. Full versions and TV models affected: * webOS 5.5.0 - 04.50.51 running on OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB
FIRST-EPSS: 0.000430000
CVE-2023-6320
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-6320. A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to trigger this vulnerability. Full versions and TV models affected: * webOS 5.5.0 - 04.50.51 running on OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-26236
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-26236. Windows Update Stack Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 1.0
CVE-2024-26236
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-26236. Windows Update Stack Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 1.0
#ExploitObserverAlert
CVE-2023-48784
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-48784. A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, version 7.0.14 and below, version 6.4.15 and below command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or commands via specially crafted requests.
FIRST-EPSS: 0.000430000
CVE-2023-48784
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-48784. A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, version 7.0.14 and below, version 6.4.15 and below command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or commands via specially crafted requests.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-1587
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-1587. The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmatic_filter_posts_load_tab_content'. This makes it possible for unauthenticated attackers to view draft posts and post content.
FIRST-EPSS: 0.000430000
CVE-2024-1587
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-1587. The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmatic_filter_posts_load_tab_content'. This makes it possible for unauthenticated attackers to view draft posts and post content.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-2187
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2187. The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonials widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000
CVE-2024-2187
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2187. The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonials widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-1643
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1643. By knowing an organization's ID, an attacker can join the organization without permission and gain the ability to read and modify all data within that organization. This vulnerability allows unauthorized access and modification of sensitive information, posing a significant security risk. The flaw is due to insufficient verification of user permissions when joining an organization.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2024-1643
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1643. By knowing an organization's ID, an attacker can join the organization without permission and gain the ability to read and modify all data within that organization. This vulnerability allows unauthorized access and modification of sensitive information, posing a significant security risk. The flaw is due to insufficient verification of user permissions when joining an organization.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
❤1
#ExploitObserverAlert
CVE-2024-3094
DESCRIPTION: Exploit Observer has 1523 entries in 40 file formats related to CVE-2024-3094. Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
FIRST-EPSS: 0.001200000
NVD-IS: 6.0
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.7568716
CVE-2024-3094
DESCRIPTION: Exploit Observer has 1523 entries in 40 file formats related to CVE-2024-3094. Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
FIRST-EPSS: 0.001200000
NVD-IS: 6.0
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.7568716
#ExploitObserverAlert
CVE-2024-3569
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-3569. A Denial of Service (DoS) vulnerability exists in the mintplex-labs/anything-llm repository when the application is running in 'just me' mode with a password. An attacker can exploit this vulnerability by making a request to the endpoint using the [validatedRequest] middleware with a specially crafted 'Authorization:' header. This vulnerability leads to uncontrolled resource consumption, causing a DoS condition.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2024-3569
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-3569. A Denial of Service (DoS) vulnerability exists in the mintplex-labs/anything-llm repository when the application is running in 'just me' mode with a password. An attacker can exploit this vulnerability by making a request to the endpoint using the [validatedRequest] middleware with a specially crafted 'Authorization:' header. This vulnerability leads to uncontrolled resource consumption, causing a DoS condition.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
#ExploitObserverAlert
CVE-2021-44144
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2021-44144. Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with additional details to be disclosed at a later date.
FIRST-EPSS: 0.001660000
NVD-IS: 5.2
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.5949341
CVE-2021-44144
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2021-44144. Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with additional details to be disclosed at a later date.
FIRST-EPSS: 0.001660000
NVD-IS: 5.2
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.5949341
#ExploitObserverAlert
CVE-2023-51704
DESCRIPTION: Exploit Observer has 8 entries in 2 file formats related to CVE-2023-51704. An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-EXPLOITABILITY: 0.5804944
CVE-2023-51704
DESCRIPTION: Exploit Observer has 8 entries in 2 file formats related to CVE-2023-51704. An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-EXPLOITABILITY: 0.5804944
#ExploitObserverAlert
CVE-2024-3448
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-3448. Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port scan in the back-end. At the time of publication of the CVE no patch is available.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2024-3448
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-3448. Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port scan in the back-end. At the time of publication of the CVE no patch is available.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
#ExploitObserverAlert
CVE-2024-24758
DESCRIPTION: Exploit Observer has 8 entries in 1 file formats related to CVE-2024-24758. Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2024-24758
DESCRIPTION: Exploit Observer has 8 entries in 1 file formats related to CVE-2024-24758. Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347