Lucene search
K
AttackerkbMost viewed

74584 matches found

ATTACKERKB
ATTACKERKB
added 2021/07/14 12:0 a.m.70 views

CVE-2021-31979

Windows Kernel Elevation of Privilege Vulnerability Recent assessments: gwillcox-r7 at July 14, 2021 5:35pm UTC reported: Update : Looks like this was used by the exploit brokerage company Candiru along with CVE-2021-33771 to deliver spyware to targeted users, which according to Microsoft’s blog...

7.8CVSS8.9AI score0.06255EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/05/11 12:0 a.m.70 views

CVE-2021-31195

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31198. Recent assessments: NinjaOperator at August 09, 2021 8:19pm UTC reported: PoC is publicly available Microsoft has already patched this vulnerabilities and exploitation has not been observed...

8.8CVSS2.1AI score0.73676EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2019/12/05 12:0 a.m.70 views

CVE-2019-7192

This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...

9.8CVSS6.3AI score0.88213EPSS
Exploits9References3
ATTACKERKB
ATTACKERKB
added 2019/07/15 12:0 a.m.70 views

CVE-2019-0880 Microsoft splwow64 Elevation of Privilege Vulnerability

This is a Privilege Escalation vulnerability in how all modern versions of Windows and appears to relate to a function in splwow64.exe. Very little has been released on the technical details of the vulnerability, but the affects are fairly large. All versions of Windows after Server 2008 R2 are...

7.8CVSS2.5AI score0.02404EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2019/01/18 12:0 a.m.70 views

CVE-2018-15982

Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. Recent assessments: gwillcox-r7 at November 22, 2020 3:02am UTC reported: Reported as exploited in the wild as part of...

10CVSS9.6AI score0.81971EPSS
Exploits13References6
ATTACKERKB
ATTACKERKB
added 2018/11/25 12:0 a.m.70 views

CVE-2018-19518

University of Washington IMAP Toolkit 2007f on UNIX, as used in imapopen in PHP and other products, launches an rsh command by means of the imaprimap function in c-client/imap4r1.c and the tcpaopen function in osdep/unix/tcpunix.c without preventing argument injection, which might allow remote...

8.5CVSS2.5AI score0.9523EPSS
Exploits6References20
ATTACKERKB
ATTACKERKB
added 2018/08/27 12:0 a.m.70 views

CVE-2018-15887

MainAnalysisContent.asp in ASUS DSL-N12EC1 1.1.2.3345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request. Recent assessments:...

8.8CVSS7.9AI score0.03747EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2012/06/16 9:55 p.m.70 views

CVE-2012-1723

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to...

10CVSS8.4AI score0.93688EPSS
Exploits9References13
ATTACKERKB
ATTACKERKB
added 6 days ago69 views

CVE-2026-6352

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper...

2.7CVSS6AI score0.00264EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/10/02 12:0 a.m.69 views

CVE-2023-28760

TP-Link AX1800 WiFi 6 Router Archer AX21 devices allow unauthenticated attackers on the LAN to execute arbitrary code as root via the dbdir field to minidlnad. The attacker obtains the ability to modify files.db, and that can be used to reach a stack-based buffer overflow in...

7.5CVSS7.7AI score0.03138EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2025/02/03 12:0 a.m.69 views

CVE-2024-57968

Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders e.g., ones that are accessible during web browsing by other users. upload.aspx can be used for this. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

9.9CVSS6.8AI score0.32514EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/08/09 12:0 a.m.69 views

CVE-2022-34713

Microsoft Windows Support Diagnostic Tool MSDT Remote Code Execution Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS8.8AI score0.6798EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/04/21 12:0 a.m.69 views

CVE-2022-27926

A reflected cross-site scripting XSS vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration aka ZCS 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...

6.1CVSS6.2AI score0.17634EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/03/10 12:0 a.m.69 views

CVE-2022-0847

A flaw was found in the way the “flags” member of the new pipe buffer structure was lacking proper initialization in copypagetoiterpipe and pushpipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cach...

7.8CVSS7.9AI score0.89063EPSS
Exploits100References11
ATTACKERKB
ATTACKERKB
added 2022/03/06 3:15 a.m.69 views

CVE-2022-26487

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-26143. Reason: This candidate is a reservation duplicate of CVE-2022-26143. Notes: All CVE users should reference CVE-2022-26143 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

9.8CVSS7.3AI score0.87565EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/01/26 12:0 a.m.69 views

CVE-2021-22600

A double free bug in packetsetring in net/packet/afpacket.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 Recent assessments:...

7.2CVSS3.9AI score0.05918EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2021/11/10 1:19 a.m.69 views

CVE-2021-42291

Active Directory Domain Services Elevation of Privilege Vulnerability...

8.8CVSS7.1AI score0.03293EPSS
Exploits0References2Affected Software16
ATTACKERKB
ATTACKERKB
added 2021/08/12 12:0 a.m.69 views

CVE-2021-34486

Windows Event Tracing Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS7.1AI score0.07428EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2019/08/16 12:0 a.m.69 views

Webmin password_change.cgi Command Injection

An issue was discovered in Webmin =1.920. The parameter old in passwordchange.cgi contains a command injection vulnerability. Recent assessments: wvu-r7 at August 21, 2019 3:12am UTC reported: This was a supply chain attack: http://www.webmin.com/exploit.html. The backdoor was introduced in a...

10CVSS9.6AI score0.99766EPSS
Exploits38References11
ATTACKERKB
ATTACKERKB
added 6 days ago68 views

CVE-2025-12506

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to create a repository where the content displayed in the web interface differed from t...

3.5CVSS6AI score0.00187EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/09/12 12:0 a.m.68 views

CVE-2023-36761

Microsoft Word Information Disclosure Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

6.5CVSS6.6AI score0.18959EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/06/13 12:0 a.m.68 views

CVE-2023-20867

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

3.9CVSS6.9AI score0.13638EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2023/01/02 12:0 a.m.68 views

CVE-2022-42475

A heap-based buffer overflow vulnerability CWE-122 in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute...

9.8CVSS10AI score0.99474EPSS
Exploits11References5
ATTACKERKB
ATTACKERKB
added 2022/05/26 12:0 a.m.68 views

CVE-2022-22674

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory. Recent...

5.5CVSS2.8AI score0.01132EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/02/25 8:15 p.m.68 views

CVE-2022-25064

TP-LINK TL-WR840NESV6.20180709 was discovered to contain a remote code execution RCE vulnerability via the function oalwan6setIpAddr...

9.8CVSS7.9AI score0.36224EPSS
Exploits3References4
ATTACKERKB
ATTACKERKB
added 2022/02/24 3:15 p.m.68 views

CVE-2022-25081

TOTOLink T10 V5.9c.5061B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS7.6AI score0.03158EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/01/11 9:15 p.m.68 views

CVE-2022-21887

Win32k Elevation of Privilege Vulnerability...

7.8CVSS7.1AI score0.01094EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/03/11 12:0 a.m.68 views

CVE-2021-26868

Windows Graphics Component Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS4.4AI score0.02674EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/12/21 12:0 a.m.68 views

Remote Code Execution Vulnerabilities in Secomea, Moxa, and HMS eWon VPNs

Security researchers at Claroty published details on multiple pre-auth remote code execution vulnerabilities affecting virtual private network VPN implementations primarily used to provide remote access to operational technology OT networks. The vulnerabilities could allow unauthenticated attacke...

10CVSS9.7AI score0.02905EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2020/10/16 12:0 a.m.68 views

CVE-2020-16916

An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An...

7.8CVSS7.8AI score0.00976EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/03/30 12:0 a.m.68 views

CVE-2020-8835

In the Linux kernel 5.5.0 and newer, the bpf verifier kernel/bpf/verifier.c did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the...

7.8CVSS0.7AI score0.09729EPSS
Exploits14References21
ATTACKERKB
ATTACKERKB
added 2019/03/26 12:0 a.m.68 views

CVE-2019-9053

An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1idlist parameter. Recent assessments: Leafry at January 18, 2021 11:27pm UTC reported: This exploit is ok. When running...

8.1CVSS8.7AI score0.55958EPSS
Exploits38References5
ATTACKERKB
ATTACKERKB
added 2012/05/11 10:15 a.m.68 views

CVE-2012-1823

sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...

9.8CVSS9.5AI score0.99998EPSS
Exploits42References36
ATTACKERKB
ATTACKERKB
added 2024/02/09 12:0 a.m.67 views

CVE-2024-21762

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0...

9.8CVSS10AI score0.85689EPSS
Exploits20References3
ATTACKERKB
ATTACKERKB
added 2023/09/14 12:0 a.m.67 views

CVE-2023-38205

Adobe ColdFusion versions 2018u18 and earlier, 2021u8 and earlier and 2023u2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints...

7.5CVSS7.6AI score0.99761EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/02/27 12:0 a.m.67 views

CVE-2023-23529

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this...

8.8CVSS8.4AI score0.09426EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2022/10/19 4:0 p.m.67 views

CVE-2022-20933

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation of...

8.6CVSS7.3AI score0.00992EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/07/20 12:0 a.m.67 views

CVE-2022-2488

A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlistsync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used...

9.8CVSS2.6AI score0.28724EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2021/08/12 12:0 a.m.67 views

CVE-2021-36948

Windows Update Medic Service Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS4.3AI score0.1991EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/06/28 8:15 p.m.67 views

CVE-2021-32722

GlobalNewFiles is a mediawiki extension. Versions prior to 48be7adb70568e20e961ea1cb70904454a671b1d are affected by an uncontrolled resource consumption vulnerability. A large amount of page moves within a short space of time could overwhelm Database servers due to improper handling of load...

6.5CVSS6.6AI score0.01332EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2021/05/07 12:0 a.m.67 views

CVE-2021-31755

An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

10CVSS9.2AI score0.85849EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2021/02/10 12:0 a.m.67 views

CVE-2020-28871

Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload. Recent assessments: noraj at June 22, 2021 4:56pm UTC reported: The uploaded file must have an image magic byte eg. GIF in order to match...

9.8CVSS4.9AI score0.85785EPSS
Exploits8References5
ATTACKERKB
ATTACKERKB
added 2020/02/11 12:0 a.m.67 views

CVE-2020-0683

An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka ‘Windows Installer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0686. Recent assessments: J3rryBl4nks at March 03, 2020 3:13pm UTC reported: This...

7.8CVSS8.2AI score0.07667EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2019/05/03 12:0 a.m.67 views

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Default SSH Key Vulnerability

A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of...

10CVSS9.1AI score0.0348EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2017/05/06 12:0 a.m.67 views

CVE-2017-7921

An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 ...

10CVSS10AI score0.99998EPSS
Exploits12References7
ATTACKERKB
ATTACKERKB
added 2017/04/27 12:0 a.m.67 views

CVE-2017-8291

Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a “/OutputFile %pipe%” substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. Recent assessments: gwillcox-r7 at...

7.8CVSS8AI score0.96968EPSS
Exploits7References11
ATTACKERKB
ATTACKERKB
added 2023/10/16 12:0 a.m.66 views

CVE-2023-20198

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issue...

10CVSS8.8AI score0.99571EPSS
Exploits28References7
ATTACKERKB
ATTACKERKB
added 2023/09/06 12:0 a.m.66 views

CVE-2023-20263

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could...

6.1CVSS6.9AI score0.0048EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/02/06 12:0 a.m.66 views

CVE-2022-44268

ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image e.g., for resize, the resulting image could have embedded the content of an arbitrary. file if the magick binary has permissions to read it. Recent assessments: MadDud at February 03, 2023 2:34pm UTC reported...

6.5CVSS6.4AI score0.89855EPSS
Exploits28References11
ATTACKERKB
ATTACKERKB
added 2022/08/26 12:0 a.m.66 views

CVE-2022-36537

ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader. Recent assessments: ccondon-r7 at March 01, 2023 6:39pm UTC reported: The core vuln here is an info leak in ZK Framework, which ...

7.5CVSS8AI score0.95335EPSS
Exploits5References4
Total number of security vulnerabilities5000