#ExploitObserverAlert
CVE-2024-1741
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1741. lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform operations on prompt templates by sending HTTP requests with their previously captured authorization token. This issue exposes organizations to unauthorized access and manipulation of sensitive template data.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2024-1741
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1741. lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform operations on prompt templates by sending HTTP requests with their previously captured authorization token. This issue exposes organizations to unauthorized access and manipulation of sensitive template data.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
#ExploitObserverAlert
CVE-2024-26308
DESCRIPTION: Exploit Observer has 13 entries in 3 file formats related to CVE-2024-26308. Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.
FIRST-EPSS: 0.000610000
NVD-IS: 3.6
NVD-ES: 1.8
ARPS-EXPLOITABILITY: 0.6377505
CVE-2024-26308
DESCRIPTION: Exploit Observer has 13 entries in 3 file formats related to CVE-2024-26308. Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.
FIRST-EPSS: 0.000610000
NVD-IS: 3.6
NVD-ES: 1.8
ARPS-EXPLOITABILITY: 0.6377505
#ExploitObserverAlert
CVE-2024-2221
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-2221. qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTION}/snapshots/upload` endpoint, specifically through the `snapshot` parameter. This vulnerability allows attackers to upload and overwrite any file on the filesystem, leading to potential remote code execution. This issue affects the integrity and availability of the system, enabling unauthorized access and potentially causing the server to malfunction.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2024-2221
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-2221. qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTION}/snapshots/upload` endpoint, specifically through the `snapshot` parameter. This vulnerability allows attackers to upload and overwrite any file on the filesystem, leading to potential remote code execution. This issue affects the integrity and availability of the system, enabling unauthorized access and potentially causing the server to malfunction.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
#ExploitObserverAlert
CVE-2023-45362
DESCRIPTION: Exploit Observer has 10 entries in 2 file formats related to CVE-2023-45362. An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak.
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 2.8
ARPS-EXPLOITABILITY: 0.5829541
CVE-2023-45362
DESCRIPTION: Exploit Observer has 10 entries in 2 file formats related to CVE-2023-45362. An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak.
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 2.8
ARPS-EXPLOITABILITY: 0.5829541
#ExploitObserverAlert
CVE-2024-3516
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-3516. Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.0
CVE-2024-3516
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-3516. Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.0
#ExploitObserverAlert
CVE-2023-45288
DESCRIPTION: Exploit Observer has 45 entries in 10 file formats related to CVE-2023-45288. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
FIRST-EPSS: 0.000450000
ARPS-EXPLOITABILITY: 0.7345311
CVE-2023-45288
DESCRIPTION: Exploit Observer has 45 entries in 10 file formats related to CVE-2023-45288. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
FIRST-EPSS: 0.000450000
ARPS-EXPLOITABILITY: 0.7345311
#ExploitObserverAlert
CVE-2024-29269
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2024-29269. An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.
FIRST-EPSS: 0.000530000
ARPS-EXPLOITABILITY: 0.7514627
CVE-2024-29269
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2024-29269. An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.
FIRST-EPSS: 0.000530000
ARPS-EXPLOITABILITY: 0.7514627
#ExploitObserverAlert
CVE-2013-4477
DESCRIPTION: Exploit Observer has 9 entries in 2 file formats related to CVE-2013-4477. The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.
FIRST-EPSS: 0.000420000
NVD-IS: 4.9
NVD-ES: 3.4
ARPS-EXPLOITABILITY: 0.5829541
CVE-2013-4477
DESCRIPTION: Exploit Observer has 9 entries in 2 file formats related to CVE-2013-4477. The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.
FIRST-EPSS: 0.000420000
NVD-IS: 4.9
NVD-ES: 3.4
ARPS-EXPLOITABILITY: 0.5829541
#ExploitObserverAlert
CVE-2024-3273
DESCRIPTION: Exploit Observer has 46 entries in 8 file formats related to CVE-2024-3273. ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
FIRST-EPSS: 0.000630000
ARPS-EXPLOITABILITY: 0.7598383
CVE-2024-3273
DESCRIPTION: Exploit Observer has 46 entries in 8 file formats related to CVE-2024-3273. ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
FIRST-EPSS: 0.000630000
ARPS-EXPLOITABILITY: 0.7598383
#ExploitObserverAlert
CVE-2024-1625
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1625. An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. The vulnerability is due to insufficient authorization checks in the project deletion endpoint, where the endpoint fails to verify if the project ID provided in the request belongs to the requesting user's organization. As a result, an attacker can delete projects belonging to any organization by sending a crafted DELETE request with the target project's ID. This issue affects the project deletion functionality implemented in the projects.delete route.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2024-1625
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1625. An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. The vulnerability is due to insufficient authorization checks in the project deletion endpoint, where the endpoint fails to verify if the project ID provided in the request belongs to the requesting user's organization. As a result, an attacker can delete projects belonging to any organization by sending a crafted DELETE request with the target project's ID. This issue affects the project deletion functionality implemented in the projects.delete route.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
#ExploitObserverAlert
CVE-2023-6385
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2023-6385. The WordPress Ping Optimizer WordPress plugin through 2.35.1.3.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as clearing logs.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2023-6385
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2023-6385. The WordPress Ping Optimizer WordPress plugin through 2.35.1.3.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as clearing logs.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
#ExploitObserverAlert
CVE-2024-30261
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-30261. Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
FIRST-EPSS: 0.000450000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2024-30261
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-30261. Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
FIRST-EPSS: 0.000450000
ARPS-EXPLOITABILITY: 0.5780347
#ExploitObserverAlert
CVE-2023-45363
DESCRIPTION: Exploit Observer has 10 entries in 2 file formats related to CVE-2023-45363. An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.
FIRST-EPSS: 0.000470000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.5829541
CVE-2023-45363
DESCRIPTION: Exploit Observer has 10 entries in 2 file formats related to CVE-2023-45363. An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.
FIRST-EPSS: 0.000470000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.5829541
#ExploitObserverAlert
CVE-2023-6478
DESCRIPTION: Exploit Observer has 31 entries in 2 file formats related to CVE-2023-6478. A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.
FIRST-EPSS: 0.001760000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.2108944
CVE-2023-6478
DESCRIPTION: Exploit Observer has 31 entries in 2 file formats related to CVE-2023-6478. A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.
FIRST-EPSS: 0.001760000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.2108944
#ExploitObserverAlert
CVE-2023-27517
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2023-27517. Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an athenticated user to potentially enable escalation of privilege via local access.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5792645
CVE-2023-27517
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2023-27517. Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an athenticated user to potentially enable escalation of privilege via local access.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5792645
#ExploitObserverAlert
CVE-2024-2731
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-2731. Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users' names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users can see and edit the descriptions of tags. At the time of publication of the CVE no patch is available.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2024-2731
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-2731. Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users' names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users can see and edit the descriptions of tags. At the time of publication of the CVE no patch is available.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
#ExploitObserverAlert
CVE-2024-31309
DESCRIPTION: Exploit Observer has 21 entries in 6 file formats related to CVE-2024-31309. HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases. Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.7065795
CVE-2024-31309
DESCRIPTION: Exploit Observer has 21 entries in 6 file formats related to CVE-2024-31309. HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases. Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.7065795
#ExploitObserverAlert
CVE-2024-1599
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1599. lunary-ai/lunary version 0.3.0 is vulnerable to unauthorized project creation due to insufficient server-side validation of user account types during project creation. In the free account tier, users are limited to creating only two projects. However, this restriction is enforced only in the web UI and not on the server side, allowing users to bypass the limitation and create an unlimited number of projects without upgrading their account or incurring additional charges. This vulnerability is due to the lack of checks in the project creation endpoint.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2024-1599
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1599. lunary-ai/lunary version 0.3.0 is vulnerable to unauthorized project creation due to insufficient server-side validation of user account types during project creation. In the free account tier, users are limited to creating only two projects. However, this restriction is enforced only in the web UI and not on the server side, allowing users to bypass the limitation and create an unlimited number of projects without upgrading their account or incurring additional charges. This vulnerability is due to the lack of checks in the project creation endpoint.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
#ExploitObserverAlert
CVE-2023-6152
DESCRIPTION: Exploit Observer has 8 entries in 2 file formats related to CVE-2023-6152. A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5804944
CVE-2023-6152
DESCRIPTION: Exploit Observer has 8 entries in 2 file formats related to CVE-2023-6152. A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5804944
#ExploitObserverAlert
CVE-2023-50966
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2023-50966. erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.
FIRST-EPSS: 0.000450000
ARPS-EXPLOITABILITY: 0.6065053
CVE-2023-50966
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2023-50966. erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.
FIRST-EPSS: 0.000450000
ARPS-EXPLOITABILITY: 0.6065053
#ExploitObserverAlert
CVE-2024-3098
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-3098. A vulnerability was identified in the `exec_utils` class of the `llama_index` package, specifically within the `safe_eval` function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method restrictions and execute unauthorized code. The vulnerability is a bypass of the previously addressed CVE-2023-39662, demonstrated through a proof of concept that creates a file on the system by exploiting the flaw.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347
CVE-2024-3098
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-3098. A vulnerability was identified in the `exec_utils` class of the `llama_index` package, specifically within the `safe_eval` function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method restrictions and execute unauthorized code. The vulnerability is a bypass of the previously addressed CVE-2023-39662, demonstrated through a proof of concept that creates a file on the system by exploiting the flaw.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5780347