#ExploitObserverAlert
CVE-2023-46944
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2023-46944. An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component.
FIRST-EPSS: 0.002660000
NVD-IS: 5.9
NVD-ES: 1.8
ARPS-PRIORITY: 0.925636
CVE-2023-46944
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2023-46944. An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component.
FIRST-EPSS: 0.002660000
NVD-IS: 5.9
NVD-ES: 1.8
ARPS-PRIORITY: 0.925636
#ExploitObserverAlert
CVE-2024-30920
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2024-30920. Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component.
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.8065359
CVE-2024-30920
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2024-30920. Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component.
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.8065359
#ExploitObserverAlert
CVE-2024-30260
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2024-30260. Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
FIRST-EPSS: 0.000440000
ARPS-PRIORITY: 0.7286899
CVE-2024-30260
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2024-30260. Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
FIRST-EPSS: 0.000440000
ARPS-PRIORITY: 0.7286899
#ExploitObserverAlert
CVE-2024-28255
DESCRIPTION: Exploit Observer has 13 entries in 7 file formats related to CVE-2024-28255. OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request's path is checked against this list. When the request's path contains any of the excluded endpoints the filter returns without validating the JWT. Unfortunately, an attacker may use Path Parameters to make any path contain any arbitrary strings. For example, a request to `GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/111` will match the excluded endpoint condition and therefore will be processed with no JWT validation allowing an attacker to bypass the authentication mechanism and reach any arbitrary endpoint, including the ones listed above that lead to arbitrary SpEL expression injection. This bypass will not work when the endpoint uses the `SecurityContext.getUserPrincipal()` since it will return `null` and will throw an NPE. This issue may lead to authentication bypass and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-237`.
FIRST-EPSS: 0.000870000
ARPS-PRIORITY: 0.9269076
CVE-2024-28255
DESCRIPTION: Exploit Observer has 13 entries in 7 file formats related to CVE-2024-28255. OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request's path is checked against this list. When the request's path contains any of the excluded endpoints the filter returns without validating the JWT. Unfortunately, an attacker may use Path Parameters to make any path contain any arbitrary strings. For example, a request to `GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/111` will match the excluded endpoint condition and therefore will be processed with no JWT validation allowing an attacker to bypass the authentication mechanism and reach any arbitrary endpoint, including the ones listed above that lead to arbitrary SpEL expression injection. This bypass will not work when the endpoint uses the `SecurityContext.getUserPrincipal()` since it will return `null` and will throw an NPE. This issue may lead to authentication bypass and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-237`.
FIRST-EPSS: 0.000870000
ARPS-PRIORITY: 0.9269076
#ExploitObserverAlert
CVE-2024-32462
DESCRIPTION: Exploit Observer has 9 entries in 4 file formats related to CVE-2024-32462. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It's possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7115119
CVE-2024-32462
DESCRIPTION: Exploit Observer has 9 entries in 4 file formats related to CVE-2024-32462. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It's possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7115119
#ExploitObserverAlert
CVE-2023-20862
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to CVE-2023-20862. In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.
FIRST-EPSS: 0.000860000
NVD-IS: 3.4
NVD-ES: 2.8
ARPS-PRIORITY: 0.7013831
CVE-2023-20862
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to CVE-2023-20862. In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.
FIRST-EPSS: 0.000860000
NVD-IS: 3.4
NVD-ES: 2.8
ARPS-PRIORITY: 0.7013831
#ExploitObserverAlert
CVE-2024-30261
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2024-30261. Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
FIRST-EPSS: 0.000440000
ARPS-PRIORITY: 0.7172316
CVE-2024-30261
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2024-30261. Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
FIRST-EPSS: 0.000440000
ARPS-PRIORITY: 0.7172316
#ExploitObserverAlert
CVE-2024-22262
DESCRIPTION: Exploit Observer has 26 entries in 6 file formats related to CVE-2024-22262. Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.710172
CVE-2024-22262
DESCRIPTION: Exploit Observer has 26 entries in 6 file formats related to CVE-2024-22262. Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.710172
#ExploitObserverAlert
CVE-2024-23759
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2024-23759. Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
FIRST-EPSS: 0.327070000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.9115431
CVE-2024-23759
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2024-23759. Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
FIRST-EPSS: 0.327070000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.9115431
#ExploitObserverAlert
CVE-2023-48788
DESCRIPTION: Exploit Observer has 78 entries in 9 file formats related to CVE-2023-48788. A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
FIRST-EPSS: 0.562220000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.9246164
CVE-2023-48788
DESCRIPTION: Exploit Observer has 78 entries in 9 file formats related to CVE-2023-48788. A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
FIRST-EPSS: 0.562220000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.9246164
#ExploitObserverAlert
CVE-2024-2389
DESCRIPTION: Exploit Observer has 160 entries in 23 file formats related to CVE-2024-2389. In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.
FIRST-EPSS: 0.004390000
ARPS-PRIORITY: 0.9032071
CVE-2024-2389
DESCRIPTION: Exploit Observer has 160 entries in 23 file formats related to CVE-2024-2389. In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.
FIRST-EPSS: 0.004390000
ARPS-PRIORITY: 0.9032071
#ExploitObserverAlert
EDB-51999
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51999. SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated)
ARPS-PRIORITY: 0.8025509
EDB-51999
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51999. SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated)
ARPS-PRIORITY: 0.8025509
#ExploitObserverAlert
EDB-51998
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51998. Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution
ARPS-PRIORITY: 0.801634
EDB-51998
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51998. Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution
ARPS-PRIORITY: 0.801634
#ExploitObserverAlert
EDB-52000
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-52000. Laravel Framework 11 - Credential Leakage
ARPS-PRIORITY: 0.801634
EDB-52000
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-52000. Laravel Framework 11 - Credential Leakage
ARPS-PRIORITY: 0.801634
#ExploitObserverAlert
EDB-52001
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-52001. Flowise 1.6.5 - Authentication Bypass
ARPS-PRIORITY: 0.801634
EDB-52001
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-52001. Flowise 1.6.5 - Authentication Bypass
ARPS-PRIORITY: 0.801634
#ExploitObserverAlert
EDB-51997
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51997. FlatPress v1.3 - Remote Command Execution
ARPS-PRIORITY: 0.801634
EDB-51997
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51997. FlatPress v1.3 - Remote Command Execution
ARPS-PRIORITY: 0.801634
#ExploitObserverAlert
WLB-2024040055
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040055. Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Insecure Direct Object Reference.
ARPS-PRIORITY: 0.80266
WLB-2024040055
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040055. Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Insecure Direct Object Reference.
ARPS-PRIORITY: 0.80266
#ExploitObserverAlert
WLB-2024040054
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040054. Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass.
ARPS-PRIORITY: 0.80266
WLB-2024040054
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040054. Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass.
ARPS-PRIORITY: 0.80266
#ExploitObserverAlert
WLB-2024040047
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040047. Wordpress Plugin Alemha Watermarker 1.3.1 Stored Cross-Site Scripting (XSS).
ARPS-PRIORITY: 0.80266
WLB-2024040047
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040047. Wordpress Plugin Alemha Watermarker 1.3.1 Stored Cross-Site Scripting (XSS).
ARPS-PRIORITY: 0.80266
#ExploitObserverAlert
WLB-2024040056
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040056. WBCE CMS Version 1.6.1 Remote Command Execution (Authenticated).
ARPS-PRIORITY: 0.8026653
WLB-2024040056
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040056. WBCE CMS Version 1.6.1 Remote Command Execution (Authenticated).
ARPS-PRIORITY: 0.8026653
#ExploitObserverAlert
WLB-2024040050
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040050. Solar-Log Base 2000- Broken Access Control.
ARPS-PRIORITY: 0.8026653
WLB-2024040050
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040050. Solar-Log Base 2000- Broken Access Control.
ARPS-PRIORITY: 0.8026653