Lucene search
K
AttackerkbMost viewed

74386 matches found

ATTACKERKB
ATTACKERKB
added 2021/01/08 12:0 a.m.79 views

CVE-2020-16027

Insufficient policy enforcement in developer tools in Google Chrome prior to 87.0.4280.66 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from the user’s disk via a crafted Chrome Extension. Recent assessments: Assessed Attacke...

6.5CVSS6.7AI score0.00802EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2019/02/26 12:0 a.m.79 views

CVE-2019-9169

In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. Recent assessments: busterb at June 15, 2020 6:59pm UTC reported: A buffer overread in a very specific part of the...

9.8CVSS0.9AI score0.04731EPSS
Exploits1References11
ATTACKERKB
ATTACKERKB
added 2019/02/24 12:0 a.m.79 views

CVE-2019-9081

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

6.4AI score
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2018/12/12 12:0 a.m.79 views

CVE-2018-8639

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Serv...

8.4CVSS8.6AI score0.22349EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2017/09/23 12:0 a.m.79 views

CVE-2017-14723

Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb-prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

9.8CVSS9.8AI score0.10357EPSS
Exploits1References11
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:34 a.m.78 views

CVE-2026-3176

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with limited permissions to access project information due to insufficient authorization...

3.1CVSS5.9AI score0.00182EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:34 a.m.78 views

CVE-2026-5309

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to read or modify another group's virtual registry cleanup policy settings without...

5.4CVSS5.9AI score0.00171EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/07/11 12:0 a.m.78 views

CVE-2023-32049

Windows SmartScreen Security Feature Bypass Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS6.9AI score0.04401EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/02/24 3:15 p.m.78 views

CVE-2022-25079

TOTOLink A810R V4.1.2cu.5182B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS7.6AI score0.0322EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/02/24 3:15 p.m.78 views

CVE-2022-25076

TOTOLink A800R V4.1.2cu.5137B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS7.6AI score0.0322EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2021/12/20 12:0 a.m.78 views

CVE-2022-23134

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. Recent assessments: Assessed Attacker Value: 0...

5.3CVSS3.8AI score0.84657EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2021/12/15 3:15 p.m.78 views

CVE-2021-43890

We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader. An attacker...

7.1CVSS7.5AI score0.10295EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/07/14 12:0 a.m.78 views

CVE-2021-22779

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, SCADAPack...

9.1CVSS1.3AI score0.01023EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/04/22 12:0 a.m.78 views

CVE-2021-28799

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 Hybrid Backup Sync. If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to...

10CVSS9.3AI score0.78395EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2019/03/01 12:0 a.m.78 views

CVE-2019-9546

SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS3.7AI score0.02776EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2017/08/23 12:0 a.m.78 views

CVE-2017-11610

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. Recent assessments: Assessed Attacker Value...

9CVSS8.4AI score0.87544EPSS
Exploits10References13
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:34 a.m.77 views

CVE-2026-8330

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed sensitive information to be written to application logs due to insufficient filtering in a CI/CD API endpoint...

4.4CVSS5.8AI score0.0013EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:33 a.m.77 views

CVE-2026-11379

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1 in which incorrect authorization in DAST site profile management could allow a user with Developer role to exfiltrate DAST site profile secrets under...

5.3CVSS5.8AI score0.00188EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/01/23 12:0 a.m.77 views

CVE-2025-23006

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console AMC and Central Management Console CMC, which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands. Rece...

9.8CVSS7.8AI score0.23432EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2024/02/13 12:0 a.m.77 views

CVE-2024-21338

Windows Kernel Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS7AI score0.51865EPSS
Exploits13References3
ATTACKERKB
ATTACKERKB
added 2023/07/25 12:0 a.m.77 views

CVE-2023-35078

An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. Recent assessments: cbeek-r7 at July 26, 2024 7:47pm UTC reported: A July 2024 bulletin from multiple U.S. government...

10CVSS9.7AI score0.99999EPSS
Exploits14References6
ATTACKERKB
ATTACKERKB
added 2021/11/16 12:0 a.m.77 views

CVE-2021-27860

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006...

9.8CVSS5AI score0.39824EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2021/08/24 12:0 a.m.77 views

CVE-2021-30860

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this...

7.8CVSS3.4AI score0.75994EPSS
Exploits2References16
ATTACKERKB
ATTACKERKB
added 2021/07/07 12:0 a.m.77 views

CVE-2020-7388

Sage X3 Unauthenticated Remote Command Execution RCE as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can be learned by...

7.5CVSS2.7AI score0.70268EPSS
Exploits7References3
ATTACKERKB
ATTACKERKB
added 2020/10/30 12:0 a.m.77 views

CVE-2020-7373

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is...

9.8CVSS3.7AI score0.99728EPSS
Exploits29References5
ATTACKERKB
ATTACKERKB
added 2020/10/16 12:0 a.m.77 views

CVE-2020-15867

The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privilege escalation if access to this hook feature is granted to a user who does not have administrative privileges. NOTE: because this is mentioned in the documentation but not in th...

7.2CVSS1.8AI score0.95432EPSS
Exploits13References3
ATTACKERKB
ATTACKERKB
added 2020/05/28 12:0 a.m.77 views

CVE-2019-10149

Exim unauthenticated RCE with reports that it’s been used by Sandworm since August 2019 Recent assessments: ericalexanderorg at May 28, 2020 4:49pm UTC reported: Untested POC exists https://github.com/MNEMO-CERT/PoC—CVE-2019-10149Exim/blob/master/PoCCVE-2019-10149.py gwillcox-r7 at November 04,...

10CVSS0.5AI score0.99961EPSS
Exploits27References3
ATTACKERKB
ATTACKERKB
added 2020/04/21 12:0 a.m.77 views

CVE-2020-11967

In IQrouter through 3.3.1, remote attackers can control the device restart network, reboot, upgrade, reset because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...

9.8CVSS9.5AI score0.03189EPSS
Exploits3References6
ATTACKERKB
ATTACKERKB
added 2019/12/20 12:0 a.m.77 views

CVE-2019-17571

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1...

9.8CVSS1AI score0.8904EPSS
Exploits5References101
ATTACKERKB
ATTACKERKB
added 2017/03/17 12:0 a.m.77 views

CVE-2017-0059

Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka “Internet Explorer Information Disclosure Vulnerability.” This vulnerability is different from those described in CVE-2017-0008 and CVE-2017-0009. Recent...

4.3CVSS4.3AI score0.61968EPSS
Exploits6References10
ATTACKERKB
ATTACKERKB
added 2013/01/17 12:0 a.m.77 views

CVE-2013-0632

administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as...

10CVSS6AI score0.93691EPSS
Exploits11References4
ATTACKERKB
ATTACKERKB
added 2023/03/10 12:0 a.m.76 views

CVE-2023-27532

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. Recent assessments: sfewer-r7 at March 14, 2023 2:49pm UTC reported: On March 7, 2023, Veeam...

7.5CVSS8AI score0.7761EPSS
Exploits4References8
ATTACKERKB
ATTACKERKB
added 2020/12/17 12:0 a.m.76 views

CVE-2021-20257

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Recent assessments: NinjaOperator at June 25, 2021 6:16pm UTC reported:...

1.1AI score0.00358EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/04/21 12:0 a.m.76 views

CVE-2020-11968

In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a required step for settin...

7.5CVSS7.5AI score0.02593EPSS
Exploits3References6
ATTACKERKB
ATTACKERKB
added 2020/02/11 12:0 a.m.76 views

CVE-2020-0618

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka ‘Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability’. Recent assessments: wvu-r7 at February 18, 2020 6:51pm UTC reported: Although the...

9.8CVSS8.7AI score0.99022EPSS
Exploits14References4
ATTACKERKB
ATTACKERKB
added 2019/04/09 12:0 a.m.76 views

CVE-2019-0803

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859. Recent assessments: gwillcox-r7 at October 20, 2020 7:06pm UT...

7.8CVSS8.4AI score0.4523EPSS
Exploits28References4
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:34 a.m.75 views

CVE-2026-1606

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.8 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to conceal content within a Snippet due to improper input validation...

4.3CVSS5.9AI score0.00223EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/03/24 12:0 a.m.75 views

CVE-2023-20963

In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519 Recent...

7.8CVSS7.2AI score0.01445EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/04/15 7:15 p.m.75 views

CVE-2022-24481

Windows Common Log File System Driver Elevation of Privilege Vulnerability...

7.8CVSS7.1AI score0.17108EPSS
Exploits2References3Affected Software26
ATTACKERKB
ATTACKERKB
added 2022/04/13 12:0 a.m.75 views

CVE-2022-22960

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to ‘root’. Recent assessments: zeroSteiner at May 23, 2022 1:41pm UTC...

10CVSS9AI score0.99997EPSS
Exploits32References5
ATTACKERKB
ATTACKERKB
added 2021/05/11 7:15 p.m.75 views

CVE-2021-31167

Windows Container Manager Service Elevation of Privilege Vulnerability...

7.8CVSS7AI score0.01013EPSS
Exploits0References3Affected Software9
ATTACKERKB
ATTACKERKB
added 2021/04/16 12:0 a.m.75 views

CVE-2020-36195

An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedi...

9.8CVSS5.3AI score0.01765EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/03/30 12:0 a.m.75 views

CVE-2021-26919

Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker...

8.8CVSS4.4AI score0.22588EPSS
Exploits1References10
ATTACKERKB
ATTACKERKB
added 2020/07/10 12:0 a.m.75 views

CVE-2020-8195

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users. Recent assessments:...

6.5CVSS5.2AI score0.88411EPSS
Exploits6References4
ATTACKERKB
ATTACKERKB
added 2020/05/07 12:0 a.m.75 views

CVE-2020-12116

Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request. Recent assessments: Mad-robot at July 05, 2020 1:47pm UTC reported: Unauthenticated arbitrary file read on...

7.5CVSS0.4AI score0.97418EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2019/04/09 12:0 a.m.75 views

CVE-2019-0859

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803. Recent assessments: gwillcox-r7 at November 22, 2020 2:43am U...

7.8CVSS8.4AI score0.4523EPSS
Exploits28References2
ATTACKERKB
ATTACKERKB
added 2012/08/15 12:0 a.m.75 views

CVE-2012-1535 Adobe Flash Player 11.3 Kern Table Parsing Integer Overflow

Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service application crash via crafted SWF content, as exploited in the wild in August 2012 with SWF...

9.3CVSS8.1AI score0.70384EPSS
Exploits11References7
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:35 a.m.74 views

CVE-2026-0934

GitLab has remediated an issue in GitLab EE affecting all versions from 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with custom role permissions to view, create, or delete protected environment configuratio...

3.8CVSS5.9AI score0.00201EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:34 a.m.74 views

CVE-2026-2238

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to view confidential issue references on public projects due to improper authorizatio...

5.3CVSS5.9AI score0.00275EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/07/11 12:0 a.m.74 views

CVE-2023-36884

Windows Search Remote Code Execution Vulnerability Recent assessments: cbeek-r7 at August 24, 2023 1:46pm UTC reported: CVE-2023-36884 is a fixed vulnerability that permitted remote code execution. Attackers could manipulate Microsoft Office files to bypass the Mark of the Web MoTW security...

7.5CVSS8.7AI score0.98998EPSS
Exploits3References3
Total number of security vulnerabilities5000