Lucene search
K
AttackerkbMost viewed

74584 matches found

ATTACKERKB
ATTACKERKB
added 2021/09/01 12:0 a.m.74 views

CVE-2021-37415

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS3.9AI score0.99854EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/07/27 12:0 a.m.74 views

CVE-2014-4114

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a...

9.3CVSS2.3AI score0.81628EPSS
Exploits22References11
ATTACKERKB
ATTACKERKB
added 2020/11/11 12:0 a.m.74 views

CVE-2020-1599

Windows Spoofing Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

5.5CVSS2.9AI score0.19124EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2012/08/15 12:0 a.m.74 views

Microsoft Windows TabStrip MSCOMCTL.OCX RCE Vulnerability

The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerc...

9.3CVSS7.7AI score0.99966EPSS
Exploits13References5
ATTACKERKB
ATTACKERKB
added 2024/03/04 12:0 a.m.73 views

CVE-2024-27198

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible Recent assessments: sfewer-r7 at March 04, 2024 8:24pm UTC reported: CVE-2024-27198, allows for a complete compromise of a vulnerable TeamCity server by a remote unauthenticated attacker,...

9.8CVSS7.8AI score0.99991EPSS
Exploits25References10
ATTACKERKB
ATTACKERKB
added 2022/08/16 8:15 p.m.73 views

CVE-2022-37393

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root. Rapid7...

7.8CVSS8.1AI score0.98975EPSS
Exploits30References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/03/28 12:0 a.m.73 views

CVE-2022-26258

D-Link DIR-820L 1.05B03 was discovered to contain remote command execution RCE vulnerability via HTTP POST to get set ccp. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS2.8AI score0.81099EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2021/12/15 3:15 p.m.73 views

CVE-2021-43207

Windows Common Log File System Driver Elevation of Privilege Vulnerability...

7.8CVSS7.1AI score0.00632EPSS
Exploits0References2Affected Software28
ATTACKERKB
ATTACKERKB
added 2021/07/30 2:15 p.m.73 views

CVE-2021-32610

In ArchiveTar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193...

7.1CVSS7AI score0.73377EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2021/05/13 12:0 a.m.73 views

CVE-2021-32934

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Recent assessments: NinjaOperator at June 16, 2021 10:40pm UTC reported:...

0.9AI score0.00607EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/04/26 12:0 a.m.73 views

CVE-2021-21220

Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS3AI score0.70435EPSS
Exploits6References12
ATTACKERKB
ATTACKERKB
added 2021/04/02 12:0 a.m.73 views

CVE-2021-1879

This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been...

6.1CVSS6.2AI score0.07082EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2020/09/11 12:0 a.m.73 views

CVE-2020-1210

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint...

9.9CVSS8.5AI score0.0176EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2020/03/04 12:0 a.m.73 views

CVE-2020-9757

The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller. Recent assessments: Mad-robot at July 05, 2020 1:31pm UTC reported: Description- The SEOmatic component before 3.3.0 for Craft CMS allows...

9.8CVSS4.3AI score0.73434EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2020/02/13 12:0 a.m.73 views

CVE-2020-0674: Internet Explorer Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in some versions of Internet Explorer. An attacker who is able to convince a user to visit a malicious or compromised website may be able to execute code on the affected system, with the same permissions as the user. The vulnerability affects IE 9 on...

7.6CVSS3AI score0.86863EPSS
Exploits17References2
ATTACKERKB
ATTACKERKB
added 2013/05/16 12:0 a.m.73 views

CVE-2013-2729

Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2727. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

10CVSS7.5AI score0.66555EPSS
Exploits2References6
ATTACKERKB
ATTACKERKB
added 2012/10/16 12:0 a.m.73 views

CVE-2012-0518

Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a different vulnerability than CVE-2012-3175. Recent assessments: Assessed Attacker Valu...

4.7CVSS5.2AI score0.04664EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/02/24 3:15 p.m.72 views

CVE-2022-25083

TOTOLink A860R V4.1.2cu.5182B20201027 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS7.6AI score0.03158EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/01/05 12:15 p.m.72 views

CVE-2021-31589

A cross-site scripting XSS vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitization...

6.1CVSS6.3AI score0.28207EPSS
Exploits3References5
ATTACKERKB
ATTACKERKB
added 2021/08/24 12:0 a.m.72 views

CVE-2021-30883

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privilege...

9.3CVSS8AI score0.14721EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2021/08/09 12:0 a.m.72 views

CVE-2021-24499

The Workreap WordPress theme before 2.2.2 AJAX actions workreapawardtempfileuploader and workreaptempfileuploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp...

9.8CVSS2.9AI score0.60113EPSS
Exploits9References4
ATTACKERKB
ATTACKERKB
added 2020/03/05 12:0 a.m.72 views

CVE-2020-10173

Comtrend VR-3033 DE11-416SSG-C01R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi. Recent assessments: Assessed Attacker Value: ...

9CVSS9AI score0.76769EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2019/08/09 12:0 a.m.72 views

CVE-2019-11581 — Atlassian JIRA Template injection vulnerability RCE

There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and...

9.8CVSS9.6AI score0.84621EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2019/02/05 12:0 a.m.72 views

CVE-2018-20250

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format in UNACEV2.dll. When the filename field is manipulated with specific patterns, the destination extraction folder is ignored, thus treating the filename as an...

7.8CVSS4AI score0.96274EPSS
Exploits13References12
ATTACKERKB
ATTACKERKB
added 2016/04/12 12:0 a.m.72 views

CVE-2016-0167

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege...

7.8CVSS6.2AI score0.13841EPSS
Exploits4References4
ATTACKERKB
ATTACKERKB
added 6 days ago71 views

CVE-2026-13151

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper...

2.7CVSS6AI score0.00161EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:57 p.m.71 views

CVE-2026-11800

A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens. This enables the attacker to...

8.1CVSS5.8AI score0.00181EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2024/12/10 12:0 a.m.71 views

CVE-2024-55550

Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access...

4.4CVSS6.8AI score0.38104EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/11/18 12:15 a.m.71 views

CVE-2023-43177

CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes...

9.8CVSS7.4AI score0.81801EPSS
Exploits7References5
ATTACKERKB
ATTACKERKB
added 2022/07/26 12:0 a.m.71 views

CVE-2022-1364

Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS2.5AI score0.1372EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2022/02/24 12:0 a.m.71 views

CVE-2022-23176

WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. This vulnerability impacts Fireware OS before 12.7.2U1, 12.x before 12.1.3U3, and 12.2.x through 12.5.x before...

9CVSS5.3AI score0.13318EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2021/12/30 12:0 a.m.71 views

CVE-2021-20167

Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8CVSS4.5AI score0.0853EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/12/18 12:15 p.m.71 views

CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...

5.9CVSS6.9AI score0.99999EPSS
Exploits20References14
ATTACKERKB
ATTACKERKB
added 2021/07/06 12:0 a.m.71 views

CVE-2021-26036

An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.5CVSS2.3AI score0.01439EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/06/08 12:0 a.m.71 views

CVE-2021-31201

Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability Recent assessments: architect00 at June 09, 2021 6:55am UTC reported: This vulnerability is abused in an exploitation chain. According to the Microsoft advisory it is abused with Adobe Acrobat CVE-2021-28550. gwillcox-...

9.6CVSS7.1AI score0.52005EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/02/15 12:0 a.m.71 views

CVE-2021-25296

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS...

9CVSS2.8AI score0.71536EPSS
Exploits7References7
ATTACKERKB
ATTACKERKB
added 2020/10/16 12:0 a.m.71 views

CVE-2020-9934 - macOS Transparency, Consent, and Control (TCC) Framework bypass

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information. Recent assessments: busterb at August 03, 2020 10:42p...

5.5CVSS5.6AI score0.03208EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2020/08/17 12:0 a.m.71 views

CVE-2020-1380

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully...

8.8CVSS8.4AI score0.24188EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2020/02/20 12:0 a.m.71 views

CVE-2020-9054

Multiple ZyXEL network-attached storage NAS devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using th...

10CVSS10AI score0.99988EPSS
Exploits2References8
ATTACKERKB
ATTACKERKB
added 2019/11/05 12:0 a.m.71 views

CVE-2019-19824

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI syscmd.htm is not available. This allows for full control over the device’s internals. This affects A3002RU through...

9CVSS8.9AI score0.25135EPSS
Exploits3References6
ATTACKERKB
ATTACKERKB
added 2019/06/12 12:0 a.m.71 views

PolarBear

An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would require unprivileged...

7.8CVSS8.2AI score0.06117EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2019/05/16 12:0 a.m.71 views

CVE-2019-0708

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Remote Desktop Services Remote Code Execution Vulnerability’. Recent...

10CVSS10AI score0.99999EPSS
Exploits123References15
ATTACKERKB
ATTACKERKB
added 2019/04/08 12:0 a.m.71 views

CVE-2019-0211

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually roo...

7.8CVSS1.9AI score0.65005EPSS
Exploits8References71
ATTACKERKB
ATTACKERKB
added 2018/08/15 12:0 a.m.71 views

CVE-2018-8414

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka “Windows Shell Remote Code Execution Vulnerability.” This affects Windows 10 Servers, Windows 10. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attack...

9.3CVSS7.4AI score0.73968EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 6 days ago70 views

CVE-2026-8472

GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to...

4.3CVSS6AI score0.00243EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 6 days ago70 views

CVE-2026-11827

GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to imprope...

4.9CVSS6AI score0.00255EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/05/31 12:0 a.m.70 views

CVE-2024-23692

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment...

9.8CVSS10AI score0.99485EPSS
Exploits20References4
ATTACKERKB
ATTACKERKB
added 2022/08/28 5:15 p.m.70 views

CVE-2022-37056

D-Link GO-RT-AC750 GORTAC750revAv101b03 and GO-RT-AC750revBFWv200b02 is vulnerable to Command Injection via /cgibin, hnapmain,...

9.8CVSS7.6AI score0.10327EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2021/09/01 12:15 p.m.70 views

CVE-2021-38703

Wireless devices running certain Arcadyan-derived firmware such as KPN Experia WiFi 1.00.15 do not properly sanitise user input to the syslog configuration form. An authenticated remote attacker could leverage this to alter the device configuration and achieve remote code execution. This can be...

9CVSS7.3AI score0.0432EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2021/08/12 12:0 a.m.70 views

CVE-2021-34487

Windows Event Tracing Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS7.1AI score0.0052EPSS
Exploits0References2
Total number of security vulnerabilities5000