#ExploitObserverAlert
CVE-2022-29599
DESCRIPTION: Exploit Observer has 16 entries in 3 file formats related to CVE-2022-29599. In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
FIRST-EPSS: 0.023170000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.701915
CVE-2022-29599
DESCRIPTION: Exploit Observer has 16 entries in 3 file formats related to CVE-2022-29599. In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
FIRST-EPSS: 0.023170000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.701915
#ExploitObserverAlert
CVE-2022-47412
DESCRIPTION: Exploit Observer has 14 entries in 3 file formats related to CVE-2022-47412. Given a malicious document provided by an attacker, the ONLYOFFICE Workspace DMS is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition.
FIRST-EPSS: 0.000560000
NVD-IS: 2.7
NVD-ES: 2.3
ARPS-EXPLOITABILITY: 0.6859383
CVE-2022-47412
DESCRIPTION: Exploit Observer has 14 entries in 3 file formats related to CVE-2022-47412. Given a malicious document provided by an attacker, the ONLYOFFICE Workspace DMS is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition.
FIRST-EPSS: 0.000560000
NVD-IS: 2.7
NVD-ES: 2.3
ARPS-EXPLOITABILITY: 0.6859383
#ExploitObserverAlert
CVE-2023-29483
DESCRIPTION: Exploit Observer has 10 entries in 4 file formats related to CVE-2023-29483. eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
FIRST-EPSS: 0.000440000
ARPS-EXPLOITABILITY: 0.7538375
CVE-2023-29483
DESCRIPTION: Exploit Observer has 10 entries in 4 file formats related to CVE-2023-29483. eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
FIRST-EPSS: 0.000440000
ARPS-EXPLOITABILITY: 0.7538375
#ExploitObserverAlert
CVE-2023-51515
DESCRIPTION: Exploit Observer has 5 entries in 1 file formats related to CVE-2023-51515. Missing Authorization vulnerability in Undsgn Uncode Core allows Privilege Escalation.This issue affects Uncode Core: from n/a through 2.8.8.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.6828571
CVE-2023-51515
DESCRIPTION: Exploit Observer has 5 entries in 1 file formats related to CVE-2023-51515. Missing Authorization vulnerability in Undsgn Uncode Core allows Privilege Escalation.This issue affects Uncode Core: from n/a through 2.8.8.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.6828571
#ExploitObserverAlert
CVE-2023-43177
DESCRIPTION: Exploit Observer has 14 entries in 8 file formats related to CVE-2023-43177. CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.
FIRST-EPSS: 0.960880000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.9115715
CVE-2023-43177
DESCRIPTION: Exploit Observer has 14 entries in 8 file formats related to CVE-2023-43177. CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.
FIRST-EPSS: 0.960880000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.9115715
#ExploitObserverAlert
CVE-2023-51409
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2023-51409. Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.6966939
CVE-2023-51409
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2023-51409. Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.6966939
#ExploitObserverAlert
CVE-2023-51499
DESCRIPTION: Exploit Observer has 5 entries in 1 file formats related to CVE-2023-51499. Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.6828571
CVE-2023-51499
DESCRIPTION: Exploit Observer has 5 entries in 1 file formats related to CVE-2023-51499. Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.6828571
#ExploitObserverAlert
CVE-2023-52211
DESCRIPTION: Exploit Observer has 5 entries in 1 file formats related to CVE-2023-52211. Missing Authorization vulnerability in Automattic WP Job Manager.This issue affects WP Job Manager: from n/a through 2.0.0.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.6828571
CVE-2023-52211
DESCRIPTION: Exploit Observer has 5 entries in 1 file formats related to CVE-2023-52211. Missing Authorization vulnerability in Automattic WP Job Manager.This issue affects WP Job Manager: from n/a through 2.0.0.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.6828571
#ExploitObserverAlert
CVE-2024-30850
DESCRIPTION: Exploit Observer has 14 entries in 4 file formats related to CVE-2024-30850. An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within client_service.go
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.6810119
CVE-2024-30850
DESCRIPTION: Exploit Observer has 14 entries in 4 file formats related to CVE-2024-30850. An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within client_service.go
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.6810119
#ExploitObserverAlert
CVE-2022-40211
DESCRIPTION: Exploit Observer has 5 entries in 1 file formats related to CVE-2022-40211. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a through 2.25.1.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.6828571
CVE-2022-40211
DESCRIPTION: Exploit Observer has 5 entries in 1 file formats related to CVE-2022-40211. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a through 2.25.1.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.6828571
#ExploitObserverAlert
CVE-2024-2583
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2583. The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.6809091
CVE-2024-2583
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2583. The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.6809091
#ExploitObserverAlert
CVE-2023-43177
DESCRIPTION: Exploit Observer has 15 entries in 9 file formats related to CVE-2023-43177. CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.
FIRST-EPSS: 0.960880000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.930722
CVE-2023-43177
DESCRIPTION: Exploit Observer has 15 entries in 9 file formats related to CVE-2023-43177. CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.
FIRST-EPSS: 0.960880000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.930722
#ExploitObserverAlert
CVE-2024-22262
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2024-22262. Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.701451
CVE-2024-22262
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2024-22262. Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.701451
#ExploitObserverAlert
CVE-2024-1560
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1560. A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the `_delete_artifact_mlflow_artifacts` handler and `local_file_uri_to_path` function, allowing for the deletion of arbitrary directories on the server's filesystem. This vulnerability is due to an extra unquote operation in the `delete_artifacts` function of `local_artifact_repo.py`, which fails to properly sanitize user-supplied paths. The issue is present up to version 2.9.2, despite attempts to fix a similar issue in CVE-2023-6831.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.9019774
CVE-2024-1560
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1560. A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the `_delete_artifact_mlflow_artifacts` handler and `local_file_uri_to_path` function, allowing for the deletion of arbitrary directories on the server's filesystem. This vulnerability is due to an extra unquote operation in the `delete_artifacts` function of `local_artifact_repo.py`, which fails to properly sanitize user-supplied paths. The issue is present up to version 2.9.2, despite attempts to fix a similar issue in CVE-2023-6831.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.9019774
#ExploitObserverAlert
CVE-2024-3400
DESCRIPTION: Exploit Observer has 121 entries in 11 file formats related to CVE-2024-3400. A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
FIRST-EPSS: 0.139670000
NVD-IS: 6.0
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.9034926
CVE-2024-3400
DESCRIPTION: Exploit Observer has 121 entries in 11 file formats related to CVE-2024-3400. A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
FIRST-EPSS: 0.139670000
NVD-IS: 6.0
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.9034926
#ExploitObserverAlert
CVE-2024-1594
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1594. A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the `artifact_location` parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component `#` in the artifact location URI to read arbitrary files on the server in the context of the server's process. This issue is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.9019774
CVE-2024-1594
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1594. A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the `artifact_location` parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component `#` in the artifact location URI to read arbitrary files on the server in the context of the server's process. This issue is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.9019774
#ExploitObserverAlert
CVE-2023-40000
DESCRIPTION: Exploit Observer has 16 entries in 4 file formats related to CVE-2023-40000. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 5.7.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.9040389
CVE-2023-40000
DESCRIPTION: Exploit Observer has 16 entries in 4 file formats related to CVE-2023-40000. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 5.7.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.9040389
#ExploitObserverAlert
CVE-2024-24806
DESCRIPTION: Exploit Observer has 18 entries in 4 file formats related to CVE-2024-24806. libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.001110000
NVD-IS: 3.4
NVD-ES: 3.9
ARPS-PRIORITY: 0.7291118
CVE-2024-24806
DESCRIPTION: Exploit Observer has 18 entries in 4 file formats related to CVE-2024-24806. libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.001110000
NVD-IS: 3.4
NVD-ES: 3.9
ARPS-PRIORITY: 0.7291118
#ExploitObserverAlert
CVE-2024-23342
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to CVE-2024-23342. The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and prior are vulnerable to the Minerva attack. As of time of publication, no known patched version exists.
FIRST-EPSS: 0.000760000
NVD-IS: 5.2
NVD-ES: 2.2
ARPS-PRIORITY: 0.7087238
CVE-2024-23342
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to CVE-2024-23342. The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and prior are vulnerable to the Minerva attack. As of time of publication, no known patched version exists.
FIRST-EPSS: 0.000760000
NVD-IS: 5.2
NVD-ES: 2.2
ARPS-PRIORITY: 0.7087238
#ExploitObserverAlert
CVE-2023-38709
DESCRIPTION: Exploit Observer has 13 entries in 4 file formats related to CVE-2023-38709. Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.7270125
CVE-2023-38709
DESCRIPTION: Exploit Observer has 13 entries in 4 file formats related to CVE-2023-38709. Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.7270125
#ExploitObserverAlert
CVE-2023-46944
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2023-46944. An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component.
FIRST-EPSS: 0.002660000
NVD-IS: 5.9
NVD-ES: 1.8
ARPS-PRIORITY: 0.925636
CVE-2023-46944
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2023-46944. An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component.
FIRST-EPSS: 0.002660000
NVD-IS: 5.9
NVD-ES: 1.8
ARPS-PRIORITY: 0.925636