Lucene search
K

73 matches found

ATTACKERKB
ATTACKERKB
added 2022/04/05 12:0 a.m.179 views

CVE-2022-0609

Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: AmirFedida at February 15, 2022 8:23am UTC reported: Google is aware of reports that an exploit for CVE-2022-0609 exist...

8.8CVSS2AI score0.23546EPSS
In wildExploits0References3
ATTACKERKB
ATTACKERKB
added 2022/03/06 3:15 a.m.69 views

CVE-2022-26487

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-26143. Reason: This candidate is a reservation duplicate of CVE-2022-26143. Notes: All CVE users should reference CVE-2022-26143 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

9.8CVSS7.3AI score0.87565EPSS
In wildExploits1References2
ATTACKERKB
ATTACKERKB
added 2022/02/09 5:15 p.m.86 views

CVE-2022-22005

Microsoft SharePoint Server Remote Code Execution Vulnerability...

8.8CVSS7.5AI score0.16825EPSS
In wildExploits0References4Affected Software4
ATTACKERKB
ATTACKERKB
added 2022/01/11 9:15 p.m.68 views

CVE-2022-21887

Win32k Elevation of Privilege Vulnerability...

7.8CVSS7.1AI score0.01094EPSS
In wildExploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/11/10 1:19 a.m.69 views

CVE-2021-42291

Active Directory Domain Services Elevation of Privilege Vulnerability...

8.8CVSS7.1AI score0.03293EPSS
In wildExploits0References2Affected Software16
ATTACKERKB
ATTACKERKB
added 2021/11/10 12:0 a.m.54 views

CVE-2021-42287

Active Directory Domain Services Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS8AI score0.74265EPSS
In wildExploits10References2
ATTACKERKB
ATTACKERKB
added 2021/08/26 12:0 a.m.156 views

CVE-2021-32648

octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5. Recent...

9.1CVSS9AI score0.90418EPSS
In wildExploits1References4
ATTACKERKB
ATTACKERKB
added 2021/08/15 6:15 p.m.53 views

CVE-2021-38699

TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/systemlogs...

5.4CVSS6.1AI score0.07977EPSS
Exploits5References7
ATTACKERKB
ATTACKERKB
added 2021/07/30 2:15 p.m.52 views

CVE-2021-35479

Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page...

5.4CVSS6.1AI score0.76624EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2021/04/12 12:0 a.m.28 views

CVE-2020-28872

An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/installation/register.php allows an unauthorized person to create valid credentials. Recent assessments: noraj at June 22, 2021 4:52pm UTC reported: This gives the ability to create an administrator account while...

9.8CVSS3AI score0.03318EPSS
Exploits3References5
ATTACKERKB
ATTACKERKB
added 2021/04/09 12:0 a.m.45 views

CVE-2021-20022

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. Recent assessments: wvu-r7 at September 07, 2021 4:22am UTC reported: Super easy to exploit. See CVE-2021-20021 for the first part of the...

9.8CVSS8.2AI score0.83425EPSS
In wildExploits0References2
ATTACKERKB
ATTACKERKB
added 2021/02/10 12:0 a.m.66 views

CVE-2020-28871

Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload. Recent assessments: noraj at June 22, 2021 4:56pm UTC reported: The uploaded file must have an image magic byte eg. GIF in order to match...

9.8CVSS4.9AI score0.85785EPSS
Exploits8References5
ATTACKERKB
ATTACKERKB
added 2021/01/08 12:0 a.m.79 views

CVE-2020-16027

Insufficient policy enforcement in developer tools in Google Chrome prior to 87.0.4280.66 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from the user’s disk via a crafted Chrome Extension. Recent assessments: Assessed Attacke...

6.5CVSS6.7AI score0.00802EPSS
In wildExploits0References3
ATTACKERKB
ATTACKERKB
added 2020/11/19 12:0 a.m.38 views

CVE-2020-28949

ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed. Recent assessments: gwillcox-r7 at January 15, 2021 8:42pm UTC reported: Original advisory and PoC can be found at...

7.8CVSS7.7AI score0.84554EPSS
In wildExploits5References19
ATTACKERKB
ATTACKERKB
added 2020/10/16 12:0 a.m.864 views

CVE-2020-16952 — Microsoft SharePoint Remote Code Execution Vulnerabilities

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16951. Recent assessments: wvu-r7 at October 13,...

9CVSS3AI score0.99965EPSS
In wildExploits48References3
ATTACKERKB
ATTACKERKB
added 2020/09/17 12:0 a.m.39 views

CVE-2020-13668

Drupal 8 and 9 have a reflected cross-site scripting XSS vulnerability under certain circumstances. An attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. Recent assessments: wvu-r7 at September 17, 2020 4:03pm UTC reported: This is...

0.4AI score0.00681EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/07/29 12:0 a.m.36 views

CVE-2020-15588

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM...

9.8CVSS3.2AI score0.278EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/06/21 12:0 a.m.36 views

CVE-2020-14942

Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py. Recent assessments: kevthehermit at June 21, 2020 7:03pm UTC reported: Outline Untrusted data from the client side is used to create a python pickled object. This can lead to full RCE and compromise of the host...

9.8CVSS1.6AI score0.01338EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/06/15 12:0 a.m.48 views

CVE-2020-0543 CROSSTALK

Incomplete cleanup from specific special register read operations in some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. Recent assessments: busterb at June 15, 2020 8:18pm UTC reported: This continues to bury SGX as an actual...

5.5CVSS0.7AI score0.0054EPSS
Exploits0References31
ATTACKERKB
ATTACKERKB
added 2020/06/05 12:0 a.m.16 views

CVE-2017-1135

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

5.6AI score
In wildExploits0References1
Rows per page
Query Builder