#ExploitObserverAlert
CVE-2019-9553
DESCRIPTION: Exploit Observer has 28 entries in 5 file formats related to CVE-2019-9553. Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933.
FIRST-EPSS: 0.002070000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.8516465
CVE-2019-9553
DESCRIPTION: Exploit Observer has 28 entries in 5 file formats related to CVE-2019-9553. Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933.
FIRST-EPSS: 0.002070000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.8516465
#ExploitObserverAlert
CVE-2024-28253
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2024-28253. OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. `CompiledRule::validateExpression` is also called from `PolicyRepository.prepare`. `prepare()` is called from `EntityRepository.prepareInternal()` which, in turn, gets called from `EntityResource.createOrUpdate()`. Note that even though there is an authorization check (`authorizer.authorize()`), it gets called after `prepareInternal()` gets called and therefore after the SpEL expression has been evaluated. In order to reach this method, an attacker can send a PUT request to `/api/v1/policies` which gets handled by `PolicyResource.createOrUpdate()`. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as `GHSL-2023-252`. This issue may lead to Remote Code Execution and has been addressed in version 1.3.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000440000
ARPS-PRIORITY: 0.7718071
CVE-2024-28253
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2024-28253. OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. `CompiledRule::validateExpression` is also called from `PolicyRepository.prepare`. `prepare()` is called from `EntityRepository.prepareInternal()` which, in turn, gets called from `EntityResource.createOrUpdate()`. Note that even though there is an authorization check (`authorizer.authorize()`), it gets called after `prepareInternal()` gets called and therefore after the SpEL expression has been evaluated. In order to reach this method, an attacker can send a PUT request to `/api/v1/policies` which gets handled by `PolicyResource.createOrUpdate()`. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as `GHSL-2023-252`. This issue may lead to Remote Code Execution and has been addressed in version 1.3.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000440000
ARPS-PRIORITY: 0.7718071
#ExploitObserverAlert
CVE-2020-29471
DESCRIPTION: Exploit Observer has 8 entries in 4 file formats related to CVE-2020-29471. OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger.
FIRST-EPSS: 0.000910000
NVD-IS: 2.7
NVD-ES: 1.7
ARPS-PRIORITY: 0.8643997
CVE-2020-29471
DESCRIPTION: Exploit Observer has 8 entries in 4 file formats related to CVE-2020-29471. OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger.
FIRST-EPSS: 0.000910000
NVD-IS: 2.7
NVD-ES: 1.7
ARPS-PRIORITY: 0.8643997
#ExploitObserverAlert
CVE-2016-10034
DESCRIPTION: Exploit Observer has 294 entries in 19 file formats related to CVE-2016-10034. The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.
FIRST-EPSS: 0.964080000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.9680715
CVE-2016-10034
DESCRIPTION: Exploit Observer has 294 entries in 19 file formats related to CVE-2016-10034. The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.
FIRST-EPSS: 0.964080000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.9680715
#ExploitObserverAlert
CVE-2017-11128
DESCRIPTION: Exploit Observer has 28 entries in 5 file formats related to CVE-2017-11128. Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry.
FIRST-EPSS: 0.000570000
NVD-IS: 2.7
NVD-ES: 2.3
ARPS-PRIORITY: 0.8516465
CVE-2017-11128
DESCRIPTION: Exploit Observer has 28 entries in 5 file formats related to CVE-2017-11128. Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry.
FIRST-EPSS: 0.000570000
NVD-IS: 2.7
NVD-ES: 2.3
ARPS-PRIORITY: 0.8516465
#ExploitObserverAlert
CVE-2017-15806
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to CVE-2017-15806. The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php."
FIRST-EPSS: 0.145860000
NVD-IS: 5.9
NVD-ES: 2.2
ARPS-PRIORITY: 0.8695922
CVE-2017-15806
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to CVE-2017-15806. The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php."
FIRST-EPSS: 0.145860000
NVD-IS: 5.9
NVD-ES: 2.2
ARPS-PRIORITY: 0.8695922
#ExploitObserverAlert
CVE-2023-5824
DESCRIPTION: Exploit Observer has 92 entries in 5 file formats related to CVE-2023-5824. Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.
FIRST-EPSS: 0.009670000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.7689626
CVE-2023-5824
DESCRIPTION: Exploit Observer has 92 entries in 5 file formats related to CVE-2023-5824. Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.
FIRST-EPSS: 0.009670000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.7689626
#ExploitObserverAlert
CVE-2023-4622
DESCRIPTION: Exploit Observer has 186 entries in 6 file formats related to CVE-2023-4622. A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.0
ARPS-PRIORITY: 0.9517538
CVE-2023-4622
DESCRIPTION: Exploit Observer has 186 entries in 6 file formats related to CVE-2023-4622. A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.0
ARPS-PRIORITY: 0.9517538
#ExploitObserverAlert
CVE-2024-3515
DESCRIPTION: Exploit Observer has 18 entries in 5 file formats related to CVE-2024-3515. Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7748272
CVE-2024-3515
DESCRIPTION: Exploit Observer has 18 entries in 5 file formats related to CVE-2024-3515. Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7748272
#ExploitObserverAlert
CVE-2024-28929
DESCRIPTION: Exploit Observer has 28 entries in 6 file formats related to CVE-2024-28929. Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
FIRST-EPSS: 0.000910000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.7683082
CVE-2024-28929
DESCRIPTION: Exploit Observer has 28 entries in 6 file formats related to CVE-2024-28929. Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
FIRST-EPSS: 0.000910000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.7683082
#ExploitObserverAlert
CVE-2024-23594
DESCRIPTION: Exploit Observer has 53 entries in 10 file formats related to CVE-2024-23594. A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to execute arbitrary code.
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 0.5
ARPS-PRIORITY: 0.7143348
CVE-2024-23594
DESCRIPTION: Exploit Observer has 53 entries in 10 file formats related to CVE-2024-23594. A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to execute arbitrary code.
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 0.5
ARPS-PRIORITY: 0.7143348
#ExploitObserverAlert
CVE-2024-3516
DESCRIPTION: Exploit Observer has 19 entries in 5 file formats related to CVE-2024-3516. Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7748272
CVE-2024-3516
DESCRIPTION: Exploit Observer has 19 entries in 5 file formats related to CVE-2024-3516. Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7748272
#ExploitObserverAlert
CVE-2024-23593
DESCRIPTION: Exploit Observer has 53 entries in 10 file formats related to CVE-2024-23593. A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate privileges.
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 0.8
ARPS-PRIORITY: 0.7143348
CVE-2024-23593
DESCRIPTION: Exploit Observer has 53 entries in 10 file formats related to CVE-2024-23593. A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate privileges.
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 0.8
ARPS-PRIORITY: 0.7143348
#ExploitObserverAlert
CVE-2024-3516
DESCRIPTION: Exploit Observer has 24 entries in 6 file formats related to CVE-2024-3516. Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7857915
CVE-2024-3516
DESCRIPTION: Exploit Observer has 24 entries in 6 file formats related to CVE-2024-3516. Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7857915
#ExploitObserverAlert
CVE-2024-28929
DESCRIPTION: Exploit Observer has 10 entries in 5 file formats related to CVE-2024-28929. Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
FIRST-EPSS: 0.000910000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.7598615
CVE-2024-28929
DESCRIPTION: Exploit Observer has 10 entries in 5 file formats related to CVE-2024-28929. Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
FIRST-EPSS: 0.000910000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.7598615
#ExploitObserverAlert
CVE-2024-3515
DESCRIPTION: Exploit Observer has 23 entries in 6 file formats related to CVE-2024-3515. Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7857915
CVE-2024-3515
DESCRIPTION: Exploit Observer has 23 entries in 6 file formats related to CVE-2024-3515. Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7857915
#ExploitObserverAlert
CVE-2024-3157
DESCRIPTION: Exploit Observer has 22 entries in 6 file formats related to CVE-2024-3157. Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High)
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7468936
CVE-2024-3157
DESCRIPTION: Exploit Observer has 22 entries in 6 file formats related to CVE-2024-3157. Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High)
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7468936
#ExploitObserverAlert
CVE-2020-14209
DESCRIPTION: Exploit Observer has 10 entries in 4 file formats related to CVE-2020-14209. Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism).
FIRST-EPSS: 0.010500000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.8573414
CVE-2020-14209
DESCRIPTION: Exploit Observer has 10 entries in 4 file formats related to CVE-2020-14209. Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism).
FIRST-EPSS: 0.010500000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.8573414
#ExploitObserverAlert
CVE-2019-9826
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to CVE-2019-9826. The fulltext search component in phpBB before 3.2.6 allows Denial of Service.
FIRST-EPSS: 0.003060000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.8542337
CVE-2019-9826
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to CVE-2019-9826. The fulltext search component in phpBB before 3.2.6 allows Denial of Service.
FIRST-EPSS: 0.003060000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.8542337
#ExploitObserverAlert
CVE-2018-10095
DESCRIPTION: Exploit Observer has 14 entries in 7 file formats related to CVE-2018-10095. Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.
FIRST-EPSS: 0.952960000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.9651561
CVE-2018-10095
DESCRIPTION: Exploit Observer has 14 entries in 7 file formats related to CVE-2018-10095. Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.
FIRST-EPSS: 0.952960000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.9651561
#ExploitObserverAlert
CVE-2024-28847
DESCRIPTION: Exploit Observer has 9 entries in 5 file formats related to CVE-2024-28847. OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, `AlertUtil::validateExpression` is also called from `EventSubscriptionRepository.prepare()`, which can lead to Remote Code Execution. `prepare()` is called from `EntityRepository.prepareInternal()` which, in turn, gets called from `EntityResource.createOrUpdate()`. Note that, even though there is an authorization check (`authorizer.authorize()`), it gets called after `prepareInternal()` gets called and, therefore, after the SpEL expression has been evaluated. In order to reach this method, an attacker can send a PUT request to `/api/v1/events/subscriptions` which gets handled by `EventSubscriptionResource.createOrUpdateEventSubscription()`. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query. This issue may lead to Remote Code Execution and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-251`.
FIRST-EPSS: 0.000440000
ARPS-PRIORITY: 0.7553561
CVE-2024-28847
DESCRIPTION: Exploit Observer has 9 entries in 5 file formats related to CVE-2024-28847. OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, `AlertUtil::validateExpression` is also called from `EventSubscriptionRepository.prepare()`, which can lead to Remote Code Execution. `prepare()` is called from `EntityRepository.prepareInternal()` which, in turn, gets called from `EntityResource.createOrUpdate()`. Note that, even though there is an authorization check (`authorizer.authorize()`), it gets called after `prepareInternal()` gets called and, therefore, after the SpEL expression has been evaluated. In order to reach this method, an attacker can send a PUT request to `/api/v1/events/subscriptions` which gets handled by `EventSubscriptionResource.createOrUpdateEventSubscription()`. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query. This issue may lead to Remote Code Execution and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-251`.
FIRST-EPSS: 0.000440000
ARPS-PRIORITY: 0.7553561