#ExploitObserverAlert
CVE-2023-48014
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2023-48014. GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c.
FIRST-EPSS: 0.000530000
NVD-IS: 5.9
NVD-ES: 1.8
ARPS-EXPLOITABILITY: 0.5935014
CVE-2023-48014
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2023-48014. GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c.
FIRST-EPSS: 0.000530000
NVD-IS: 5.9
NVD-ES: 1.8
ARPS-EXPLOITABILITY: 0.5935014
#ExploitObserverAlert
CVE-2023-49558
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2023-49558. An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component.
FIRST-EPSS: 0.000680000
NVD-IS: 3.6
NVD-ES: 1.8
ARPS-EXPLOITABILITY: 0.5963488
CVE-2023-49558
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2023-49558. An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component.
FIRST-EPSS: 0.000680000
NVD-IS: 3.6
NVD-ES: 1.8
ARPS-EXPLOITABILITY: 0.5963488
#ExploitObserverAlert
CVE-2024-1520
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1520. An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' parameter. Attackers can exploit this vulnerability by injecting malicious OS commands, leading to unauthorized command execution on the underlying operating system. This could result in unauthorized access, data leakage, or complete system compromise.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2024-1520
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1520. An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' parameter. Attackers can exploit this vulnerability by injecting malicious OS commands, leading to unauthorized command execution on the underlying operating system. This could result in unauthorized access, data leakage, or complete system compromise.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
#ExploitObserverAlert
CVE-2023-47471
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2023-47471. Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service via the slice_segment_header function in the slice.cc component.
FIRST-EPSS: 0.000520000
NVD-IS: 3.6
NVD-ES: 2.8
ARPS-EXPLOITABILITY: 0.5917607
CVE-2023-47471
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2023-47471. Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service via the slice_segment_header function in the slice.cc component.
FIRST-EPSS: 0.000520000
NVD-IS: 3.6
NVD-ES: 2.8
ARPS-EXPLOITABILITY: 0.5917607
#ExploitObserverAlert
CVE-2023-48013
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2023-48013. GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c.
FIRST-EPSS: 0.000530000
NVD-IS: 5.9
NVD-ES: 1.8
ARPS-EXPLOITABILITY: 0.5935014
CVE-2023-48013
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2023-48013. GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c.
FIRST-EPSS: 0.000530000
NVD-IS: 5.9
NVD-ES: 1.8
ARPS-EXPLOITABILITY: 0.5935014
#ExploitObserverAlert
CVE-2024-30260
DESCRIPTION: Exploit Observer has 8 entries in 2 file formats related to CVE-2024-30260. Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
FIRST-EPSS: 0.000450000
ARPS-EXPLOITABILITY: 0.6982505
CVE-2024-30260
DESCRIPTION: Exploit Observer has 8 entries in 2 file formats related to CVE-2024-30260. Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
FIRST-EPSS: 0.000450000
ARPS-EXPLOITABILITY: 0.6982505
#ExploitObserverAlert
CVE-2024-3570
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-3570. A stored Cross-Site Scripting (XSS) vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to perform actions on behalf of the user, such as creating a new admin account or changing the user's password, leading to a complete takeover of the AnythingLLM application. The vulnerability stems from the improper sanitization of user and ChatBot input, specifically through the use of `dangerouslySetInnerHTML`. Successful exploitation requires convincing an admin to add a malicious LocalAI ChatBot to their AnythingLLM instance.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2024-3570
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-3570. A stored Cross-Site Scripting (XSS) vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to perform actions on behalf of the user, such as creating a new admin account or changing the user's password, leading to a complete takeover of the AnythingLLM application. The vulnerability stems from the improper sanitization of user and ChatBot input, specifically through the use of `dangerouslySetInnerHTML`. Successful exploitation requires convincing an admin to add a malicious LocalAI ChatBot to their AnythingLLM instance.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
#ExploitObserverAlert
CVE-2023-49554
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2023-49554. Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component.
FIRST-EPSS: 0.000670000
NVD-IS: 3.6
NVD-ES: 1.8
ARPS-EXPLOITABILITY: 0.5963488
CVE-2023-49554
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2023-49554. Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component.
FIRST-EPSS: 0.000670000
NVD-IS: 3.6
NVD-ES: 1.8
ARPS-EXPLOITABILITY: 0.5963488
#ExploitObserverAlert
CVE-2024-1511
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1511. The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various endpoints. The vulnerability can be exploited even when the service is bound to localhost, through cross-site requests facilitated by malicious HTML/JS pages.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2024-1511
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1511. The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various endpoints. The vulnerability can be exploited even when the service is bound to localhost, through cross-site requests facilitated by malicious HTML/JS pages.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
#ExploitObserverAlert
CVE-2023-45360
DESCRIPTION: Exploit Observer has 8 entries in 2 file formats related to CVE-2023-45360. An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
ARPS-EXPLOITABILITY: 0.5804944
CVE-2023-45360
DESCRIPTION: Exploit Observer has 8 entries in 2 file formats related to CVE-2023-45360. An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
ARPS-EXPLOITABILITY: 0.5804944
#ExploitObserverAlert
CVE-2024-3025
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-3025. mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can lead to unauthorized reading or deletion of files by utilizing the `/api/system/upload-logo` and `/api/system/logo` endpoints. The issue stems from the lack of filtering or validation on the logo filename, allowing attackers to target sensitive files such as the application's database.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2024-3025
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-3025. mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can lead to unauthorized reading or deletion of files by utilizing the `/api/system/upload-logo` and `/api/system/logo` endpoints. The issue stems from the lack of filtering or validation on the logo filename, allowing attackers to target sensitive files such as the application's database.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
#ExploitObserverAlert
CVE-2024-26362
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-26362. HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2024-26362
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-26362. HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
#ExploitObserverAlert
CVE-2024-1902
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1902. lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker can exploit this by using an old authorization token to send a PATCH request, modifying the organization's name even after being removed from the organization. This issue is due to incorrect synchronization and affects the orgs.patch route.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2024-1902
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1902. lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker can exploit this by using an old authorization token to send a PATCH request, modifying the organization's name even after being removed from the organization. This issue is due to incorrect synchronization and affects the orgs.patch route.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
#ExploitObserverAlert
CVE-2023-48958
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2023-48958. gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 1.8
ARPS-EXPLOITABILITY: 0.5947312
CVE-2023-48958
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2023-48958. gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 1.8
ARPS-EXPLOITABILITY: 0.5947312
#ExploitObserverAlert
CVE-2023-50246
DESCRIPTION: Exploit Observer has 11 entries in 3 file formats related to CVE-2023-50246. jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
ARPS-EXPLOITABILITY: 0.5960356
CVE-2023-50246
DESCRIPTION: Exploit Observer has 11 entries in 3 file formats related to CVE-2023-50246. jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
ARPS-EXPLOITABILITY: 0.5960356
#ExploitObserverAlert
CVE-2024-21509
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-21509. Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.
FIRST-EPSS: 0.000440000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2024-21509
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-21509. Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.
FIRST-EPSS: 0.000440000
ARPS-EXPLOITABILITY: 0.5780347
#ExploitObserverAlert
CVE-2019-10876
DESCRIPTION: Exploit Observer has 13 entries in 3 file formats related to CVE-2019-10876. An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected.
FIRST-EPSS: 0.002740000
NVD-IS: 3.6
NVD-ES: 2.8
ARPS-EXPLOITABILITY: 0.5966958
CVE-2019-10876
DESCRIPTION: Exploit Observer has 13 entries in 3 file formats related to CVE-2019-10876. An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected.
FIRST-EPSS: 0.002740000
NVD-IS: 3.6
NVD-ES: 2.8
ARPS-EXPLOITABILITY: 0.5966958
#ExploitObserverAlert
CVE-2024-2952
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-2952. BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` parameter from the `tokenizer_config.json` file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious `tokenizer_config.json` files that execute arbitrary code on the server.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2024-2952
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-2952. BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` parameter from the `tokenizer_config.json` file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious `tokenizer_config.json` files that execute arbitrary code on the server.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
#ExploitObserverAlert
CVE-2012-3503
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2012-3503. The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token.
FIRST-EPSS: 0.015020000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.5950297
CVE-2012-3503
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2012-3503. The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token.
FIRST-EPSS: 0.015020000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.5950297
#ExploitObserverAlert
CVE-2023-46932
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2023-46932. Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box.
FIRST-EPSS: 0.001180000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.5935014
CVE-2023-46932
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2023-46932. Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box.
FIRST-EPSS: 0.001180000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.5935014
#ExploitObserverAlert
CVE-2023-3430
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2023-3430. A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service.
FIRST-EPSS: 0.000930000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.5917607
CVE-2023-3430
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2023-3430. A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service.
FIRST-EPSS: 0.000930000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.5917607