#ExploitObserverAlert
CVE-2024-3025
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-3025. mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can lead to unauthorized reading or deletion of files by utilizing the `/api/system/upload-logo` and `/api/system/logo` endpoints. The issue stems from the lack of filtering or validation on the logo filename, allowing attackers to target sensitive files such as the application's database.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2024-3025
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-3025. mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can lead to unauthorized reading or deletion of files by utilizing the `/api/system/upload-logo` and `/api/system/logo` endpoints. The issue stems from the lack of filtering or validation on the logo filename, allowing attackers to target sensitive files such as the application's database.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
#ExploitObserverAlert
CVE-2024-26362
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-26362. HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2024-26362
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-26362. HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
#ExploitObserverAlert
CVE-2024-1902
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1902. lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker can exploit this by using an old authorization token to send a PATCH request, modifying the organization's name even after being removed from the organization. This issue is due to incorrect synchronization and affects the orgs.patch route.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2024-1902
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1902. lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker can exploit this by using an old authorization token to send a PATCH request, modifying the organization's name even after being removed from the organization. This issue is due to incorrect synchronization and affects the orgs.patch route.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
#ExploitObserverAlert
CVE-2023-48958
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2023-48958. gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 1.8
ARPS-EXPLOITABILITY: 0.5947312
CVE-2023-48958
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2023-48958. gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 1.8
ARPS-EXPLOITABILITY: 0.5947312
#ExploitObserverAlert
CVE-2023-50246
DESCRIPTION: Exploit Observer has 11 entries in 3 file formats related to CVE-2023-50246. jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
ARPS-EXPLOITABILITY: 0.5960356
CVE-2023-50246
DESCRIPTION: Exploit Observer has 11 entries in 3 file formats related to CVE-2023-50246. jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
ARPS-EXPLOITABILITY: 0.5960356
#ExploitObserverAlert
CVE-2024-21509
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-21509. Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.
FIRST-EPSS: 0.000440000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2024-21509
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-21509. Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.
FIRST-EPSS: 0.000440000
ARPS-EXPLOITABILITY: 0.5780347
#ExploitObserverAlert
CVE-2019-10876
DESCRIPTION: Exploit Observer has 13 entries in 3 file formats related to CVE-2019-10876. An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected.
FIRST-EPSS: 0.002740000
NVD-IS: 3.6
NVD-ES: 2.8
ARPS-EXPLOITABILITY: 0.5966958
CVE-2019-10876
DESCRIPTION: Exploit Observer has 13 entries in 3 file formats related to CVE-2019-10876. An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected.
FIRST-EPSS: 0.002740000
NVD-IS: 3.6
NVD-ES: 2.8
ARPS-EXPLOITABILITY: 0.5966958
#ExploitObserverAlert
CVE-2024-2952
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-2952. BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` parameter from the `tokenizer_config.json` file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious `tokenizer_config.json` files that execute arbitrary code on the server.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2024-2952
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-2952. BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` parameter from the `tokenizer_config.json` file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious `tokenizer_config.json` files that execute arbitrary code on the server.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
#ExploitObserverAlert
CVE-2012-3503
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2012-3503. The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token.
FIRST-EPSS: 0.015020000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.5950297
CVE-2012-3503
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2012-3503. The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token.
FIRST-EPSS: 0.015020000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.5950297
#ExploitObserverAlert
CVE-2023-46932
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2023-46932. Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box.
FIRST-EPSS: 0.001180000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.5935014
CVE-2023-46932
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2023-46932. Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box.
FIRST-EPSS: 0.001180000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.5935014
#ExploitObserverAlert
CVE-2023-3430
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2023-3430. A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service.
FIRST-EPSS: 0.000930000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.5917607
CVE-2023-3430
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2023-3430. A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service.
FIRST-EPSS: 0.000930000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.5917607
#ExploitObserverAlert
CVE-2021-22573
DESCRIPTION: Exploit Observer has 10 entries in 2 file formats related to CVE-2021-22573. The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above
FIRST-EPSS: 0.000570000
NVD-IS: 5.2
NVD-ES: 2.1
ARPS-EXPLOITABILITY: 0.5856688
CVE-2021-22573
DESCRIPTION: Exploit Observer has 10 entries in 2 file formats related to CVE-2021-22573. The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above
FIRST-EPSS: 0.000570000
NVD-IS: 5.2
NVD-ES: 2.1
ARPS-EXPLOITABILITY: 0.5856688
#ExploitObserverAlert
CVE-2024-1741
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1741. lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform operations on prompt templates by sending HTTP requests with their previously captured authorization token. This issue exposes organizations to unauthorized access and manipulation of sensitive template data.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2024-1741
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1741. lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform operations on prompt templates by sending HTTP requests with their previously captured authorization token. This issue exposes organizations to unauthorized access and manipulation of sensitive template data.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
#ExploitObserverAlert
CVE-2024-26308
DESCRIPTION: Exploit Observer has 13 entries in 3 file formats related to CVE-2024-26308. Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.
FIRST-EPSS: 0.000610000
NVD-IS: 3.6
NVD-ES: 1.8
ARPS-EXPLOITABILITY: 0.6377505
CVE-2024-26308
DESCRIPTION: Exploit Observer has 13 entries in 3 file formats related to CVE-2024-26308. Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.
FIRST-EPSS: 0.000610000
NVD-IS: 3.6
NVD-ES: 1.8
ARPS-EXPLOITABILITY: 0.6377505
#ExploitObserverAlert
CVE-2024-2221
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-2221. qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTION}/snapshots/upload` endpoint, specifically through the `snapshot` parameter. This vulnerability allows attackers to upload and overwrite any file on the filesystem, leading to potential remote code execution. This issue affects the integrity and availability of the system, enabling unauthorized access and potentially causing the server to malfunction.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2024-2221
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-2221. qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTION}/snapshots/upload` endpoint, specifically through the `snapshot` parameter. This vulnerability allows attackers to upload and overwrite any file on the filesystem, leading to potential remote code execution. This issue affects the integrity and availability of the system, enabling unauthorized access and potentially causing the server to malfunction.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
#ExploitObserverAlert
CVE-2023-45362
DESCRIPTION: Exploit Observer has 10 entries in 2 file formats related to CVE-2023-45362. An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak.
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 2.8
ARPS-EXPLOITABILITY: 0.5829541
CVE-2023-45362
DESCRIPTION: Exploit Observer has 10 entries in 2 file formats related to CVE-2023-45362. An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak.
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 2.8
ARPS-EXPLOITABILITY: 0.5829541
#ExploitObserverAlert
CVE-2024-3516
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-3516. Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.0
CVE-2024-3516
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-3516. Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.0
#ExploitObserverAlert
CVE-2023-45288
DESCRIPTION: Exploit Observer has 45 entries in 10 file formats related to CVE-2023-45288. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
FIRST-EPSS: 0.000450000
ARPS-EXPLOITABILITY: 0.7345311
CVE-2023-45288
DESCRIPTION: Exploit Observer has 45 entries in 10 file formats related to CVE-2023-45288. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
FIRST-EPSS: 0.000450000
ARPS-EXPLOITABILITY: 0.7345311
#ExploitObserverAlert
CVE-2024-29269
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2024-29269. An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.
FIRST-EPSS: 0.000530000
ARPS-EXPLOITABILITY: 0.7514627
CVE-2024-29269
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2024-29269. An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.
FIRST-EPSS: 0.000530000
ARPS-EXPLOITABILITY: 0.7514627
#ExploitObserverAlert
CVE-2013-4477
DESCRIPTION: Exploit Observer has 9 entries in 2 file formats related to CVE-2013-4477. The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.
FIRST-EPSS: 0.000420000
NVD-IS: 4.9
NVD-ES: 3.4
ARPS-EXPLOITABILITY: 0.5829541
CVE-2013-4477
DESCRIPTION: Exploit Observer has 9 entries in 2 file formats related to CVE-2013-4477. The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.
FIRST-EPSS: 0.000420000
NVD-IS: 4.9
NVD-ES: 3.4
ARPS-EXPLOITABILITY: 0.5829541
#ExploitObserverAlert
CVE-2024-3273
DESCRIPTION: Exploit Observer has 46 entries in 8 file formats related to CVE-2024-3273. ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
FIRST-EPSS: 0.000630000
ARPS-EXPLOITABILITY: 0.7598383
CVE-2024-3273
DESCRIPTION: Exploit Observer has 46 entries in 8 file formats related to CVE-2024-3273. ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
FIRST-EPSS: 0.000630000
ARPS-EXPLOITABILITY: 0.7598383