#ExploitObserverAlert
CVE-2023-20862
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to CVE-2023-20862. In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.
FIRST-EPSS: 0.000860000
NVD-IS: 3.4
NVD-ES: 2.8
ARPS-PRIORITY: 0.7013831
CVE-2023-20862
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to CVE-2023-20862. In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.
FIRST-EPSS: 0.000860000
NVD-IS: 3.4
NVD-ES: 2.8
ARPS-PRIORITY: 0.7013831
#ExploitObserverAlert
CVE-2024-30261
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2024-30261. Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
FIRST-EPSS: 0.000440000
ARPS-PRIORITY: 0.7172316
CVE-2024-30261
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2024-30261. Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
FIRST-EPSS: 0.000440000
ARPS-PRIORITY: 0.7172316
#ExploitObserverAlert
CVE-2024-22262
DESCRIPTION: Exploit Observer has 26 entries in 6 file formats related to CVE-2024-22262. Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.710172
CVE-2024-22262
DESCRIPTION: Exploit Observer has 26 entries in 6 file formats related to CVE-2024-22262. Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.710172
#ExploitObserverAlert
CVE-2024-23759
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2024-23759. Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
FIRST-EPSS: 0.327070000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.9115431
CVE-2024-23759
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2024-23759. Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
FIRST-EPSS: 0.327070000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.9115431
#ExploitObserverAlert
CVE-2023-48788
DESCRIPTION: Exploit Observer has 78 entries in 9 file formats related to CVE-2023-48788. A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
FIRST-EPSS: 0.562220000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.9246164
CVE-2023-48788
DESCRIPTION: Exploit Observer has 78 entries in 9 file formats related to CVE-2023-48788. A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
FIRST-EPSS: 0.562220000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.9246164
#ExploitObserverAlert
CVE-2024-2389
DESCRIPTION: Exploit Observer has 160 entries in 23 file formats related to CVE-2024-2389. In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.
FIRST-EPSS: 0.004390000
ARPS-PRIORITY: 0.9032071
CVE-2024-2389
DESCRIPTION: Exploit Observer has 160 entries in 23 file formats related to CVE-2024-2389. In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.
FIRST-EPSS: 0.004390000
ARPS-PRIORITY: 0.9032071
#ExploitObserverAlert
EDB-51999
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51999. SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated)
ARPS-PRIORITY: 0.8025509
EDB-51999
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51999. SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated)
ARPS-PRIORITY: 0.8025509
#ExploitObserverAlert
EDB-51998
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51998. Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution
ARPS-PRIORITY: 0.801634
EDB-51998
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51998. Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution
ARPS-PRIORITY: 0.801634
#ExploitObserverAlert
EDB-52000
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-52000. Laravel Framework 11 - Credential Leakage
ARPS-PRIORITY: 0.801634
EDB-52000
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-52000. Laravel Framework 11 - Credential Leakage
ARPS-PRIORITY: 0.801634
#ExploitObserverAlert
EDB-52001
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-52001. Flowise 1.6.5 - Authentication Bypass
ARPS-PRIORITY: 0.801634
EDB-52001
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-52001. Flowise 1.6.5 - Authentication Bypass
ARPS-PRIORITY: 0.801634
#ExploitObserverAlert
EDB-51997
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51997. FlatPress v1.3 - Remote Command Execution
ARPS-PRIORITY: 0.801634
EDB-51997
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51997. FlatPress v1.3 - Remote Command Execution
ARPS-PRIORITY: 0.801634
#ExploitObserverAlert
WLB-2024040055
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040055. Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Insecure Direct Object Reference.
ARPS-PRIORITY: 0.80266
WLB-2024040055
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040055. Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Insecure Direct Object Reference.
ARPS-PRIORITY: 0.80266
#ExploitObserverAlert
WLB-2024040054
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040054. Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass.
ARPS-PRIORITY: 0.80266
WLB-2024040054
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040054. Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass.
ARPS-PRIORITY: 0.80266
#ExploitObserverAlert
WLB-2024040047
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040047. Wordpress Plugin Alemha Watermarker 1.3.1 Stored Cross-Site Scripting (XSS).
ARPS-PRIORITY: 0.80266
WLB-2024040047
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040047. Wordpress Plugin Alemha Watermarker 1.3.1 Stored Cross-Site Scripting (XSS).
ARPS-PRIORITY: 0.80266
#ExploitObserverAlert
WLB-2024040056
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040056. WBCE CMS Version 1.6.1 Remote Command Execution (Authenticated).
ARPS-PRIORITY: 0.8026653
WLB-2024040056
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040056. WBCE CMS Version 1.6.1 Remote Command Execution (Authenticated).
ARPS-PRIORITY: 0.8026653
#ExploitObserverAlert
WLB-2024040050
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040050. Solar-Log Base 2000- Broken Access Control.
ARPS-PRIORITY: 0.8026653
WLB-2024040050
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040050. Solar-Log Base 2000- Broken Access Control.
ARPS-PRIORITY: 0.8026653
#ExploitObserverAlert
WLB-2024040053
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040053. Elber Wayber Analog/Digital Audio STL 4.00 Insecure Direct Object Reference.
ARPS-PRIORITY: 0.8026653
WLB-2024040053
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040053. Elber Wayber Analog/Digital Audio STL 4.00 Insecure Direct Object Reference.
ARPS-PRIORITY: 0.8026653
#ExploitObserverAlert
WLB-2024040052
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040052. North Wales - Sql Injection.
ARPS-PRIORITY: 0.8026653
WLB-2024040052
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040052. North Wales - Sql Injection.
ARPS-PRIORITY: 0.8026653
#ExploitObserverAlert
CVE-2022-37620
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2022-37620. A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js.
FIRST-EPSS: 0.000790000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.7197403
CVE-2022-37620
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2022-37620. A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js.
FIRST-EPSS: 0.000790000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.7197403
#ExploitObserverAlert
CVE-2016-3076
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to CVE-2016-3076. Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.
FIRST-EPSS: 0.005260000
NVD-IS: 3.6
NVD-ES: 1.8
ARPS-PRIORITY: 0.728256
CVE-2016-3076
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to CVE-2016-3076. Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.
FIRST-EPSS: 0.005260000
NVD-IS: 3.6
NVD-ES: 1.8
ARPS-PRIORITY: 0.728256
#ExploitObserverAlert
CVE-2021-25283
DESCRIPTION: Exploit Observer has 22 entries in 3 file formats related to CVE-2021-25283. An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.
FIRST-EPSS: 0.166800000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.9039093
CVE-2021-25283
DESCRIPTION: Exploit Observer has 22 entries in 3 file formats related to CVE-2021-25283. An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.
FIRST-EPSS: 0.166800000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.9039093