#ExploitObserverAlert
CVE-2020-13156
DESCRIPTION: Exploit Observer has 8 entries in 4 file formats related to CVE-2020-13156. modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=user_add URI.
FIRST-EPSS: 0.001070000
NVD-IS: 3.6
NVD-ES: 2.8
ARPS-PRIORITY: 0.851574
CVE-2020-13156
DESCRIPTION: Exploit Observer has 8 entries in 4 file formats related to CVE-2020-13156. modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=user_add URI.
FIRST-EPSS: 0.001070000
NVD-IS: 3.6
NVD-ES: 2.8
ARPS-PRIORITY: 0.851574
#ExploitObserverAlert
CVE-2024-24785
DESCRIPTION: Exploit Observer has 13 entries in 4 file formats related to CVE-2024-24785. If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.770344
CVE-2024-24785
DESCRIPTION: Exploit Observer has 13 entries in 4 file formats related to CVE-2024-24785. If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.770344
#ExploitObserverAlert
CVE-2024-28847
DESCRIPTION: Exploit Observer has 9 entries in 5 file formats related to CVE-2024-28847. OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, `AlertUtil::validateExpression` is also called from `EventSubscriptionRepository.prepare()`, which can lead to Remote Code Execution. `prepare()` is called from `EntityRepository.prepareInternal()` which, in turn, gets called from `EntityResource.createOrUpdate()`. Note that, even though there is an authorization check (`authorizer.authorize()`), it gets called after `prepareInternal()` gets called and, therefore, after the SpEL expression has been evaluated. In order to reach this method, an attacker can send a PUT request to `/api/v1/events/subscriptions` which gets handled by `EventSubscriptionResource.createOrUpdateEventSubscription()`. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query. This issue may lead to Remote Code Execution and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-251`.
FIRST-EPSS: 0.000440000
ARPS-PRIORITY: 0.7553561
CVE-2024-28847
DESCRIPTION: Exploit Observer has 9 entries in 5 file formats related to CVE-2024-28847. OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, `AlertUtil::validateExpression` is also called from `EventSubscriptionRepository.prepare()`, which can lead to Remote Code Execution. `prepare()` is called from `EntityRepository.prepareInternal()` which, in turn, gets called from `EntityResource.createOrUpdate()`. Note that, even though there is an authorization check (`authorizer.authorize()`), it gets called after `prepareInternal()` gets called and, therefore, after the SpEL expression has been evaluated. In order to reach this method, an attacker can send a PUT request to `/api/v1/events/subscriptions` which gets handled by `EventSubscriptionResource.createOrUpdateEventSubscription()`. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query. This issue may lead to Remote Code Execution and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-251`.
FIRST-EPSS: 0.000440000
ARPS-PRIORITY: 0.7553561
#ExploitObserverAlert
CVE-2024-25110
DESCRIPTION: Exploit Observer has 10 entries in 5 file formats related to CVE-2024-25110. The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.7568968
CVE-2024-25110
DESCRIPTION: Exploit Observer has 10 entries in 5 file formats related to CVE-2024-25110. The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.7568968
#ExploitObserverAlert
CVE-2023-41677
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to CVE-2023-41677. A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.7689723
CVE-2023-41677
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to CVE-2023-41677. A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.7689723
#ExploitObserverAlert
CVE-2024-26130
DESCRIPTION: Exploit Observer has 14 entries in 6 file formats related to CVE-2024-26130. cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7524834
CVE-2024-26130
DESCRIPTION: Exploit Observer has 14 entries in 6 file formats related to CVE-2024-26130. cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7524834
#ExploitObserverAlert
CVE-2024-1183
DESCRIPTION: Exploit Observer has 9 entries in 5 file formats related to CVE-2024-1183. An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.
FIRST-EPSS: 0.000610000
ARPS-PRIORITY: 0.7539098
CVE-2024-1183
DESCRIPTION: Exploit Observer has 9 entries in 5 file formats related to CVE-2024-1183. An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.
FIRST-EPSS: 0.000610000
ARPS-PRIORITY: 0.7539098
#ExploitObserverAlert
CVE-2024-22201
DESCRIPTION: Exploit Observer has 16 entries in 5 file formats related to CVE-2024-22201. Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7705204
CVE-2024-22201
DESCRIPTION: Exploit Observer has 16 entries in 5 file formats related to CVE-2024-22201. Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7705204
#ExploitObserverAlert
CVE-2024-23323
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2024-23323. Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 3.9
ARPS-PRIORITY: 0.7583711
CVE-2024-23323
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2024-23323. Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 3.9
ARPS-PRIORITY: 0.7583711
#ExploitObserverAlert
CVE-2023-6237
DESCRIPTION: Exploit Observer has 19 entries in 5 file formats related to CVE-2023-6237.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7750043
CVE-2023-6237
DESCRIPTION: Exploit Observer has 19 entries in 5 file formats related to CVE-2023-6237.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7750043
#ExploitObserverAlert
CVE-2024-25744
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2024-25744. In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c.
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.7612709
CVE-2024-25744
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2024-25744. In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c.
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.7612709
#ExploitObserverAlert
CVE-2024-31621
DESCRIPTION: Exploit Observer has 8 entries in 6 file formats related to CVE-2024-31621.
FIRST-EPSS: 0.003810000
ARPS-PRIORITY: 0.9574979
CVE-2024-31621
DESCRIPTION: Exploit Observer has 8 entries in 6 file formats related to CVE-2024-31621.
FIRST-EPSS: 0.003810000
ARPS-PRIORITY: 0.9574979
#ExploitObserverAlert
CVE-2016-7146
DESCRIPTION: Exploit Observer has 16 entries in 2 file formats related to CVE-2016-7146. MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via page name) component.
FIRST-EPSS: 0.002030000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.8574324
CVE-2016-7146
DESCRIPTION: Exploit Observer has 16 entries in 2 file formats related to CVE-2016-7146. MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via page name) component.
FIRST-EPSS: 0.002030000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.8574324
#ExploitObserverAlert
CVE-2024-1212
DESCRIPTION: Exploit Observer has 42 entries in 11 file formats related to CVE-2024-1212. Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
FIRST-EPSS: 0.002130000
ARPS-PRIORITY: 0.9770812
CVE-2024-1212
DESCRIPTION: Exploit Observer has 42 entries in 11 file formats related to CVE-2024-1212. Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
FIRST-EPSS: 0.002130000
ARPS-PRIORITY: 0.9770812
#ExploitObserverAlert
CVE-2024-2756
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2024-2756.
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.7634759
CVE-2024-2756
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2024-2756.
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.7634759
#ExploitObserverAlert
CVE-2024-24131
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2024-24131. SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php.
FIRST-EPSS: 0.000760000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.9767534
CVE-2024-24131
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2024-24131. SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php.
FIRST-EPSS: 0.000760000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.9767534
#ExploitObserverAlert
CVE-2023-44487
DESCRIPTION: Exploit Observer has 430 entries in 26 file formats related to CVE-2023-44487. The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
FIRST-EPSS: 0.739260000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.7642706
CVE-2023-44487
DESCRIPTION: Exploit Observer has 430 entries in 26 file formats related to CVE-2023-44487. The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
FIRST-EPSS: 0.739260000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.7642706
#ExploitObserverAlert
CVE-2024-27956
DESCRIPTION: Exploit Observer has 12 entries in 6 file formats related to CVE-2024-27956. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.
FIRST-EPSS: 0.000500000
ARPS-PRIORITY: 0.9620892
CVE-2024-27956
DESCRIPTION: Exploit Observer has 12 entries in 6 file formats related to CVE-2024-27956. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.
FIRST-EPSS: 0.000500000
ARPS-PRIORITY: 0.9620892
#ExploitObserverAlert
CVE-2021-23338
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2021-23338. This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.
FIRST-EPSS: 0.000990000
NVD-IS: 5.9
NVD-ES: 1.2
ARPS-PRIORITY: 0.7771163
CVE-2021-23338
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2021-23338. This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.
FIRST-EPSS: 0.000990000
NVD-IS: 5.9
NVD-ES: 1.2
ARPS-PRIORITY: 0.7771163
#ExploitObserverAlert
CVE-2023-38964
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2023-38964. Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability.
FIRST-EPSS: 0.000710000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.958733
CVE-2023-38964
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2023-38964. Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability.
FIRST-EPSS: 0.000710000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.958733
#ExploitObserverAlert
CVE-2016-7148
DESCRIPTION: Exploit Observer has 18 entries in 2 file formats related to CVE-2016-7148. MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component.
FIRST-EPSS: 0.002030000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.8574324
CVE-2016-7148
DESCRIPTION: Exploit Observer has 18 entries in 2 file formats related to CVE-2016-7148. MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component.
FIRST-EPSS: 0.002030000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.8574324