#ExploitObserverAlert
CVE-2023-36560
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-36560. ASP.NET Security Feature Bypass Vulnerability
FIRST-EPSS: 0.000720000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-36560
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-36560. ASP.NET Security Feature Bypass Vulnerability
FIRST-EPSS: 0.000720000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-22958
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22958. The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-22958
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22958. The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-1948
DESCRIPTION: Exploit Observer has 29 entries related to CVE-2020-1948. This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. An attacker can send RPC requests with unrecognized service name or method name along with some malicious parameter payloads. When the malicious parameter is deserialized, it will execute some malicious code. More details can be found below.
FIRST-EPSS: 0.004080000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-1948
DESCRIPTION: Exploit Observer has 29 entries related to CVE-2020-1948. This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. An attacker can send RPC requests with unrecognized service name or method name along with some malicious parameter payloads. When the malicious parameter is deserialized, it will execute some malicious code. More details can be found below.
FIRST-EPSS: 0.004080000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-11358
DESCRIPTION: Exploit Observer has 3662 entries related to CVE-2019-11358. jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
FIRST-EPSS: 0.029520000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2019-11358
DESCRIPTION: Exploit Observer has 3662 entries related to CVE-2019-11358. jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
FIRST-EPSS: 0.029520000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2018-8120
DESCRIPTION: Exploit Observer has 106 entries related to CVE-2018-8120. An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.
FIRST-EPSS: 0.974300000
NVD-IS: 5.9
NVD-ES: 1.0
CVE-2018-8120
DESCRIPTION: Exploit Observer has 106 entries related to CVE-2018-8120. An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.
FIRST-EPSS: 0.974300000
NVD-IS: 5.9
NVD-ES: 1.0
#ExploitObserverAlert
CVE-2022-48363
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2022-48363. In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer.
FIRST-EPSS: 0.000520000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-48363
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2022-48363. In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer.
FIRST-EPSS: 0.000520000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-17141
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2020-17141. Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17142, CVE-2020-17144.
FIRST-EPSS: 0.027320000
NVD-IS: 6.0
NVD-ES: 1.7
CVE-2020-17141
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2020-17141. Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17142, CVE-2020-17144.
FIRST-EPSS: 0.027320000
NVD-IS: 6.0
NVD-ES: 1.7
#ExploitObserverAlert
CVE-2020-28115
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2020-28115. SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2020-28115
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2020-28115. SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
PD/http/misconfiguration/request-baskets-exposure
DESCRIPTION: Exploit Observer has 30 entries related to PD/http/misconfiguration/request-baskets-exposure.
PD/http/misconfiguration/request-baskets-exposure
DESCRIPTION: Exploit Observer has 30 entries related to PD/http/misconfiguration/request-baskets-exposure.
#ExploitObserverAlert
CVE-2023-2100
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-2100. A vulnerability classified as problematic was found in SourceCodester Vehicle Service Management System 1.0. This vulnerability affects unknown code of the file /admin/report/index.php. The manipulation of the argument date_end leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226108.
FIRST-EPSS: 0.000520000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-2100
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-2100. A vulnerability classified as problematic was found in SourceCodester Vehicle Service Management System 1.0. This vulnerability affects unknown code of the file /admin/report/index.php. The manipulation of the argument date_end leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226108.
FIRST-EPSS: 0.000520000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
GHSA-q95j-488q-5q3p
DESCRIPTION: Exploit Observer has 42 entries related to GHSA-Q95J-488Q-5Q3P.
GHSS: 6.5
GHSA-q95j-488q-5q3p
DESCRIPTION: Exploit Observer has 42 entries related to GHSA-Q95J-488Q-5Q3P.
GHSS: 6.5
#ExploitObserverAlert
CVE-2023-26244
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-26244. An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-26244
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-26244. An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-26246
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-26246. An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check. This indirectly allows an attacker to install custom firmware in the IVI system.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-26246
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-26246. An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check. This indirectly allows an attacker to install custom firmware in the IVI system.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-47668
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-47668.
FIRST-EPSS: 0.000430000
CVE-2023-47668
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-47668.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2021-4046
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-4046. The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data.
FIRST-EPSS: 0.000540000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2021-4046
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-4046. The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data.
FIRST-EPSS: 0.000540000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-2094
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-2094. A vulnerability has been found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/mechanics/manage_mechanic.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226102 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-2094
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-2094. A vulnerability has been found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/mechanics/manage_mechanic.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226102 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-36439
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-36439. Microsoft Exchange Server Remote Code Execution Vulnerability
FIRST-EPSS: 0.000610000
NVD-IS: 5.9
NVD-ES: 2.1
CVE-2023-36439
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-36439. Microsoft Exchange Server Remote Code Execution Vulnerability
FIRST-EPSS: 0.000610000
NVD-IS: 5.9
NVD-ES: 2.1
#ExploitObserverAlert
CVE-2023-36427
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-36427. Windows Hyper-V Elevation of Privilege Vulnerability
FIRST-EPSS: 0.001460000
NVD-IS: 5.9
NVD-ES: 1.0
CVE-2023-36427
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-36427. Windows Hyper-V Elevation of Privilege Vulnerability
FIRST-EPSS: 0.001460000
NVD-IS: 5.9
NVD-ES: 1.0
#ExploitObserverAlert
PD/http/cves/2023/CVE-2023-34020
DESCRIPTION: Exploit Observer has 2 entries related to PD/http/cves/2023/CVE-2023-34020.
PD/http/cves/2023/CVE-2023-34020
DESCRIPTION: Exploit Observer has 2 entries related to PD/http/cves/2023/CVE-2023-34020.
#ExploitObserverAlert
CVE-2017-1743
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2017-1743. IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933.
FIRST-EPSS: 0.001590000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2017-1743
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2017-1743. IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933.
FIRST-EPSS: 0.001590000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-28885
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-28885. The MyLink infotainment system (build 2021.3.26) in General Motors Chevrolet Equinox 2021 vehicles allows attackers to cause a denial of service (temporary failure of Media Player functionality) via a crafted MP3 file.
FIRST-EPSS: 0.000530000
NVD-IS: 5.9
NVD-ES: 0.9
CVE-2023-28885
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-28885. The MyLink infotainment system (build 2021.3.26) in General Motors Chevrolet Equinox 2021 vehicles allows attackers to cause a denial of service (temporary failure of Media Player functionality) via a crafted MP3 file.
FIRST-EPSS: 0.000530000
NVD-IS: 5.9
NVD-ES: 0.9