#ExploitObserverAlert
EDB-52000
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-52000. Laravel Framework 11 - Credential Leakage
ARPS-PRIORITY: 0.801634
EDB-52000
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-52000. Laravel Framework 11 - Credential Leakage
ARPS-PRIORITY: 0.801634
#ExploitObserverAlert
EDB-52001
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-52001. Flowise 1.6.5 - Authentication Bypass
ARPS-PRIORITY: 0.801634
EDB-52001
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-52001. Flowise 1.6.5 - Authentication Bypass
ARPS-PRIORITY: 0.801634
#ExploitObserverAlert
EDB-51997
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51997. FlatPress v1.3 - Remote Command Execution
ARPS-PRIORITY: 0.801634
EDB-51997
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51997. FlatPress v1.3 - Remote Command Execution
ARPS-PRIORITY: 0.801634
#ExploitObserverAlert
WLB-2024040055
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040055. Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Insecure Direct Object Reference.
ARPS-PRIORITY: 0.80266
WLB-2024040055
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040055. Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Insecure Direct Object Reference.
ARPS-PRIORITY: 0.80266
#ExploitObserverAlert
WLB-2024040054
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040054. Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass.
ARPS-PRIORITY: 0.80266
WLB-2024040054
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040054. Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass.
ARPS-PRIORITY: 0.80266
#ExploitObserverAlert
WLB-2024040047
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040047. Wordpress Plugin Alemha Watermarker 1.3.1 Stored Cross-Site Scripting (XSS).
ARPS-PRIORITY: 0.80266
WLB-2024040047
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040047. Wordpress Plugin Alemha Watermarker 1.3.1 Stored Cross-Site Scripting (XSS).
ARPS-PRIORITY: 0.80266
#ExploitObserverAlert
WLB-2024040056
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040056. WBCE CMS Version 1.6.1 Remote Command Execution (Authenticated).
ARPS-PRIORITY: 0.8026653
WLB-2024040056
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040056. WBCE CMS Version 1.6.1 Remote Command Execution (Authenticated).
ARPS-PRIORITY: 0.8026653
#ExploitObserverAlert
WLB-2024040050
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040050. Solar-Log Base 2000- Broken Access Control.
ARPS-PRIORITY: 0.8026653
WLB-2024040050
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040050. Solar-Log Base 2000- Broken Access Control.
ARPS-PRIORITY: 0.8026653
#ExploitObserverAlert
WLB-2024040053
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040053. Elber Wayber Analog/Digital Audio STL 4.00 Insecure Direct Object Reference.
ARPS-PRIORITY: 0.8026653
WLB-2024040053
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040053. Elber Wayber Analog/Digital Audio STL 4.00 Insecure Direct Object Reference.
ARPS-PRIORITY: 0.8026653
#ExploitObserverAlert
WLB-2024040052
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040052. North Wales - Sql Injection.
ARPS-PRIORITY: 0.8026653
WLB-2024040052
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040052. North Wales - Sql Injection.
ARPS-PRIORITY: 0.8026653
#ExploitObserverAlert
CVE-2022-37620
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2022-37620. A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js.
FIRST-EPSS: 0.000790000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.7197403
CVE-2022-37620
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2022-37620. A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js.
FIRST-EPSS: 0.000790000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.7197403
#ExploitObserverAlert
CVE-2016-3076
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to CVE-2016-3076. Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.
FIRST-EPSS: 0.005260000
NVD-IS: 3.6
NVD-ES: 1.8
ARPS-PRIORITY: 0.728256
CVE-2016-3076
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to CVE-2016-3076. Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.
FIRST-EPSS: 0.005260000
NVD-IS: 3.6
NVD-ES: 1.8
ARPS-PRIORITY: 0.728256
#ExploitObserverAlert
CVE-2021-25283
DESCRIPTION: Exploit Observer has 22 entries in 3 file formats related to CVE-2021-25283. An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.
FIRST-EPSS: 0.166800000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.9039093
CVE-2021-25283
DESCRIPTION: Exploit Observer has 22 entries in 3 file formats related to CVE-2021-25283. An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.
FIRST-EPSS: 0.166800000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.9039093
#ExploitObserverAlert
CVE-2022-21165
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2022-21165. All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the child_process.exec() function.
FIRST-EPSS: 0.005790000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.7197403
CVE-2022-21165
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2022-21165. All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the child_process.exec() function.
FIRST-EPSS: 0.005790000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.7197403
#ExploitObserverAlert
CVE-2024-32407
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2024-32407. An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature.
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.8062151
CVE-2024-32407
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2024-32407. An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature.
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.8062151
#ExploitObserverAlert
CVE-2020-14144
DESCRIPTION: Exploit Observer has 27 entries in 9 file formats related to CVE-2020-14144. The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). NOTE: The vendor has indicated this is not a vulnerability and states "This is a functionality of the software that is limited to a very limited subset of accounts. If you give someone the privilege to execute arbitrary code on your server, they can execute arbitrary code on your server. We provide very clear warnings to users around this functionality and what it provides.
FIRST-EPSS: 0.972340000
NVD-IS: 5.9
NVD-ES: 1.2
ARPS-PRIORITY: 0.915973
CVE-2020-14144
DESCRIPTION: Exploit Observer has 27 entries in 9 file formats related to CVE-2020-14144. The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). NOTE: The vendor has indicated this is not a vulnerability and states "This is a functionality of the software that is limited to a very limited subset of accounts. If you give someone the privilege to execute arbitrary code on your server, they can execute arbitrary code on your server. We provide very clear warnings to users around this functionality and what it provides.
FIRST-EPSS: 0.972340000
NVD-IS: 5.9
NVD-ES: 1.2
ARPS-PRIORITY: 0.915973
#ExploitObserverAlert
CVE-2024-2660
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-2660. Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. Fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.7131285
CVE-2024-2660
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-2660. Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. Fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.7131285
#ExploitObserverAlert
CVE-2019-10791
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2019-10791. promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization.
FIRST-EPSS: 0.004810000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.7192889
CVE-2019-10791
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2019-10791. promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization.
FIRST-EPSS: 0.004810000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.7192889
#ExploitObserverAlert
CVE-2023-24534
DESCRIPTION: Exploit Observer has 21 entries in 4 file formats related to CVE-2023-24534. HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.
FIRST-EPSS: 0.001810000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.7008381
CVE-2023-24534
DESCRIPTION: Exploit Observer has 21 entries in 4 file formats related to CVE-2023-24534. HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.
FIRST-EPSS: 0.001810000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.7008381
#ExploitObserverAlert
CVE-2020-25540
DESCRIPTION: Exploit Observer has 30 entries in 8 file formats related to CVE-2020-25540. ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter.
FIRST-EPSS: 0.967110000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.9130666
CVE-2020-25540
DESCRIPTION: Exploit Observer has 30 entries in 8 file formats related to CVE-2020-25540. ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter.
FIRST-EPSS: 0.967110000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.9130666
#ExploitObserverAlert
GHSA-p72q-h37j-3hq7
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-p72q-h37j-3hq7. dbt uses a SQLparse version with a high vulnerability
ARPS-PRIORITY: 0.7270876
GHSA-p72q-h37j-3hq7
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-p72q-h37j-3hq7. dbt uses a SQLparse version with a high vulnerability
ARPS-PRIORITY: 0.7270876