Lucene search
K
AttackerkbMost viewed

74287 matches found

ATTACKERKB
ATTACKERKB
added 2021/04/23 12:0 a.m.123 views

CVE-2021-22204

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS8.1AI score0.99981EPSS
Exploits39References18
ATTACKERKB
ATTACKERKB
added 2017/09/13 12:0 a.m.123 views

CVE-2017-8759

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka “.NET Framework Remote Code Execution Vulnerability.” Recent assessments: hrbrmstr at May 12, 2020 7:51pm UTC reported: This CVE made ...

9.3CVSS8.3AI score0.88698EPSS
Exploits14References10
ATTACKERKB
ATTACKERKB
added 2014/10/15 12:0 a.m.123 views

Microsoft Internet Explorer Use-After-Free Vulnerability

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a...

9.3CVSS0.1AI score0.81628EPSS
Exploits30References1
ATTACKERKB
ATTACKERKB
added 2014/05/16 12:0 a.m.123 views

CVE-2014-0964

IBM WebSphere Application Server WAS 6.1.0.0 through 6.1.0.47 and 6.0.2.0 through 6.0.2.43 allows remote attackers to cause a denial of service via crafted TLS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool. Recent assessments: Assessed Attacker Value: 0...

7.5CVSS7.7AI score0.99999EPSS
Exploits88References8
ATTACKERKB
ATTACKERKB
added 2023/04/10 12:0 a.m.122 views

CVE-2023-28205

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report...

8.8CVSS8.6AI score0.27076EPSS
Exploits0References17
ATTACKERKB
ATTACKERKB
added 2022/02/09 12:0 a.m.122 views

CVE-2022-21999

Windows Print Spooler Elevation of Privilege Vulnerability Recent assessments: space-r7 at March 11, 2022 9:07pm UTC reported: This is a useful vulnerability; however, an existing session on the target is required, and escalation of privileges can sometimes depend on luck. To achieve the director...

7.8CVSS8.1AI score0.41683EPSS
Exploits4References4
ATTACKERKB
ATTACKERKB
added 2021/04/15 12:0 a.m.122 views

CVE-2021-27850

A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was...

10CVSS0.8AI score0.94089EPSS
Exploits5References4
ATTACKERKB
ATTACKERKB
added 2018/03/20 12:0 a.m.122 views

CVE-2017-17215

Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code. Recent assessments: Assessed Attacker Value: 0...

8.8CVSS5.9AI score0.7861EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2022/03/22 9:15 p.m.121 views

CVE-2022-26186

TOTOLINK N600R V4.3.0cu.7570B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi...

9.8CVSS7.3AI score0.03986EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2021/08/05 12:0 a.m.121 views

CVE-2021-26605

An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF launcher received and executed crafted input values through JSON-RPC communication. Recent assessments: Assessed Attacker Value: 0 Assessed...

9.8CVSS4.9AI score0.01049EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/07/21 12:0 a.m.121 views

CVE-2021-22707

A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an attacker t...

10CVSS1.4AI score0.64612EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2021/03/03 12:0 a.m.121 views

CVE-2021-26858

Microsoft Exchange Server Remote Code Execution Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS8.6AI score0.89509EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2022/03/15 10:15 p.m.120 views

CVE-2022-26210

Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName...

9.8CVSS7.6AI score0.05748EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2021/11/23 12:0 a.m.120 views

CVE-2021-38000

Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

6.1CVSS3.7AI score0.04485EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2021/07/14 12:0 a.m.120 views

CVE-2021-34523

Microsoft Exchange Server Elevation of Privilege Vulnerability Recent assessments: cbeek-r7 at November 22, 2024 9:11am UTC reported: CVE-2021-34523 is a privilege escalation vulnerability in Microsoft Exchange Server that arises due to improper validation of PowerShell remoting requests. This...

10CVSS10AI score0.99999EPSS
Exploits17References5
ATTACKERKB
ATTACKERKB
added 2025/12/31 10:16 p.m.119 views

CVE-2025-67707

ArcGIS Server versions 11.5 and earlier on Windows and Linux do not sufficiently validate uploaded files, enabling a remote unauthenticated attacker to upload arbitrary files to the server’s designated upload directories. However, the server’s architecture enforces controls that restrict uploaded...

7.3CVSS5.7AI score0.00245EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/04/12 4:15 p.m.119 views

CVE-2021-31805

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. Using forced OGNL evaluation on untrusted user input can lead to a...

9.8CVSS7AI score0.95922EPSS
Exploits16References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/04/05 12:0 a.m.119 views

CVE-2020-19229

Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter. Recent assessments: Assessed Attacker Value: 0...

9.8CVSS6.1AI score0.92988EPSS
Exploits10References2
ATTACKERKB
ATTACKERKB
added 2021/09/08 12:0 a.m.119 views

CVE-2021-30657 — Malicious applications may bypass Gatekeeper checks

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited.. Recent assessments: space-r...

5.5CVSS5.2AI score0.68531EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2021/08/03 12:0 a.m.119 views

PEEL-CSRF

The request appears to be vulnerable to cross-site request forgery CSRF attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however, it may facilitate the exploitation of other vulnerabilities affecting application users. The...

3AI score0.05161EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2017/03/20 12:0 a.m.119 views

CVE-2017-5930

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...

3.5CVSS4.6AI score0.14953EPSS
Exploits2References8
ATTACKERKB
ATTACKERKB
added 2024/10/05 12:0 a.m.118 views

CVE-2024-47374

Improper Neutralization of Input During Web Page Generation XSS or ‘Cross-site Scripting’ vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 6.5.0.2. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

7.1CVSS6.9AI score0.0138EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/04/26 12:0 a.m.118 views

CVE-2021-21224

Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Recent assessments: gwillcox-r7 at June 17, 2021 3:06pm UTC reported: According to...

9.3CVSS8.1AI score0.81107EPSS
Exploits6References12
ATTACKERKB
ATTACKERKB
added 2019/12/10 12:0 a.m.118 views

CVE-2019-1458

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. Recent assessments: gwillcox-r7 at October 19, 2020 5:31pm UTC reported: Known as WizardOpium for its use in the...

8.8CVSS1.9AI score0.73856EPSS
Exploits14References4
ATTACKERKB
ATTACKERKB
added 2024/06/09 12:0 a.m.117 views

CVE-2024-4577

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use “Best-Fit” behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

9.8CVSS9.8AI score0.99987EPSS
Exploits64References20
ATTACKERKB
ATTACKERKB
added 2022/04/25 12:0 a.m.117 views

CVE-2021-25094

The Tatsu WordPress plugin before 3.3.12 addcustomfont action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress’s upload directory. By adding a PHP shell with a filename starting with a dot “.”, this can bypass extension control...

8.1CVSS8.2AI score0.83232EPSS
Exploits9References4
ATTACKERKB
ATTACKERKB
added 2021/11/03 7:15 p.m.117 views

CVE-2021-43141

Cross Site Scripting XSS vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in planapplication...

6.1CVSS6.4AI score0.01396EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2020/01/14 12:0 a.m.117 views

CVE-2020-0605

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka ‘.NET Framework Remote Code Execution Vulnerability’...

9.3CVSS0.7AI score0.17767EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2019/11/05 12:0 a.m.117 views

CVE-2019-19781

An issue was discovered in Citrix Application Delivery Controller ADC and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal. Recent assessments: kevthehermit at February 22, 2020 12:29am UTC reported: AWS had pre built AMIs for these appliances built and supplied to the...

9.8CVSS1.2AI score0.99999EPSS
Exploits48References13
ATTACKERKB
ATTACKERKB
added 2019/09/27 12:0 a.m.117 views

Exim EHLO crash bug

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in stringvformat in string.c involving a long EHLO command. Recent assessments: wchen-r7 at October 04, 2019 10:50pm UTC reported: CVE-2019-16928: Exim EHLO...

10CVSS9.7AI score0.82238EPSS
Exploits23References1
ATTACKERKB
ATTACKERKB
added 2019/07/19 12:0 a.m.117 views

CVE-2019-1579 RCE in PAN-OS with GlobalProtect Portal or Gateway Interface

Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code. Recent assessments: bcook-r7 at June 05, 2020...

8.1CVSS8.5AI score0.39317EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2019/07/02 12:0 a.m.117 views

CVE-2019-7256

Linear eMerge E3-Series devices allow Command Injections. Recent assessments: h00die-gr3y at December 03, 2022 12:46pm UTC reported: Building Automation and Access Control systems are at the heart of many critical infrastructures, and their security is vital. Executing attacks on these systems ma...

10CVSS10AI score0.97136EPSS
Exploits16References7
ATTACKERKB
ATTACKERKB
added 2017/07/03 12:0 a.m.117 views

CVE-2017-9248

Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leadi...

9.8CVSS8.9AI score0.75098EPSS
Exploits5References6
ATTACKERKB
ATTACKERKB
added 2017/05/12 12:0 a.m.117 views

CVE-2017-0213

Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a speciall...

7.3CVSS5.9AI score0.84138EPSS
Exploits14References6
ATTACKERKB
ATTACKERKB
added 2022/12/01 12:0 a.m.116 views

CVE-2022-45045

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated...

8.8CVSS6.4AI score0.01239EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/04/26 12:0 a.m.116 views

CVE-2022-29499

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value:...

10CVSS5.4AI score0.56556EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/08/09 1:15 p.m.116 views

CVE-2021-36798

A Denial-of-Service DoS vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communication with it...

7.5CVSS7.1AI score0.04292EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2021/07/16 12:0 a.m.116 views

CVE-2021-34448

Scripting Engine Memory Corruption Vulnerability Recent assessments: gwillcox-r7 at July 14, 2021 5:02pm UTC reported: Looking at Microsoft’s advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34448 shows very little information other than that this is a scripting engine...

9.3CVSS7.6AI score0.3067EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/04/13 12:0 a.m.116 views

CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like “//../foo”, or “\..\foo”, the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus “limited” path traversal,...

5.8CVSS6.5AI score0.10608EPSS
Exploits1References48
ATTACKERKB
ATTACKERKB
added 2020/04/15 12:0 a.m.116 views

CVE-2020-1027

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1003. Recent assessments: gwillcox-r7 at November 22, 2020 2:27...

7.8CVSS7.7AI score0.04447EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2018/10/10 12:0 a.m.116 views

CVE-2018-8453

“An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory” – MITRE description. Recent assessments: jrobles-r7 at June 17, 2019 6:51pm UTC reported: The handling of objects in memory allowed for a double-free of a memory region...

7.8CVSS0.8AI score0.69833EPSS
Exploits9References4
ATTACKERKB
ATTACKERKB
added 2021/08/16 12:0 a.m.115 views

CVE-2021-35394

Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called ‘MP Daemon’ that is usually compiled as ‘UDPServer’ binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote...

10CVSS9.4AI score0.99861EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2021/05/11 12:0 a.m.115 views

CVE-2021-31181

Microsoft SharePoint Remote Code Execution Vulnerability Recent assessments: zeroSteiner at June 09, 2021 3:31pm UTC reported: The EditingPageParser.VerifyControlOnSafeList method fails to properly validate user-supplied data. This can be leveraged by an attacker to leak sensitive information in...

8.8CVSS8.5AI score0.30045EPSS
Exploits5References4
ATTACKERKB
ATTACKERKB
added 2020/05/21 12:0 a.m.115 views

CVE-2020-6457

Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.6CVSS2.5AI score0.01236EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2019/06/17 12:0 a.m.115 views

Serv-U FTP Server prepareinstallation Privilege Escalation

A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux. Recent assessments: pbarry-r7 at November 21, 2019 6:58pm UTC reported: Sounds like this vuln appears in a LOT of versions of the software. Probably should update to v15.1.7+. Assessed Attacker Value: 5...

8.8CVSS4AI score0.65981EPSS
Exploits13References7
ATTACKERKB
ATTACKERKB
added 2016/01/10 12:0 a.m.115 views

CVE-2015-7465

Cross-site request forgery CSRF vulnerability in Lifecycle Query Engine LQE in IBM Jazz Reporting Service JRS 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Recent assessments: Assesse...

8.8CVSS8.1AI score0.0055EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2014/03/11 12:0 a.m.115 views

CVE-2014-2321

webshellcmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using “set TelnetCfg” commands to enable a TELNET service with specified credentials. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...

10CVSS7.5AI score0.58364EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/10/10 12:0 a.m.114 views

CVE-2023-36434

Windows IIS Server Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS7AI score0.02194EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/04/04 12:0 a.m.114 views

CVE-2022-24785

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This...

7.5CVSS7.6AI score0.05664EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2020/12/11 12:0 a.m.114 views

CVE-2020-29574

An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely. Recent assessments: ccondon-r7 at March 30, 2021 10:42pm UTC reported: Interesting, this slid under the radar a bit. I’m not seeing any...

9.8CVSS10AI score0.04729EPSS
Exploits0References4
Total number of security vulnerabilities5000