Lucene search
K
AttackerkbMost viewed

74584 matches found

ATTACKERKB
ATTACKERKB
added 2021/03/31 12:0 a.m.66 views

CVE-2021-21983

Arbitrary file write vulnerability in vRealize Operations Manager API CVE-2021-21983 prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system. Recent...

8.5CVSS6.9AI score0.7829EPSS
Exploits12References3
ATTACKERKB
ATTACKERKB
added 2021/02/16 12:0 a.m.66 views

CVE-2021-21315

The System Information Library for Node.JS npm package “systeminformation” is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. ...

7.8CVSS7.5AI score0.9024EPSS
Exploits4References7
ATTACKERKB
ATTACKERKB
added 2020/02/11 12:0 a.m.66 views

CVE-2020-0674

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713,...

7.6CVSS8.2AI score0.86863EPSS
Exploits20References8
ATTACKERKB
ATTACKERKB
added 2019/12/06 12:0 a.m.66 views

CVE-2019-5544 — ESXi OpenSLP remote code execution vulnerability

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

9.8CVSS9.4AI score0.96823EPSS
Exploits1References11
ATTACKERKB
ATTACKERKB
added 2018/12/20 12:0 a.m.66 views

CVE-2018-8653

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from...

7.6CVSS7.8AI score0.29822EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2018/12/10 12:0 a.m.66 views

CVE-2018-1000861

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not...

10CVSS5.5AI score0.98481EPSS
Exploits5References6
ATTACKERKB
ATTACKERKB
added 2018/06/26 12:0 a.m.66 views

CVE-2018-10662

An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

10CVSS7AI score0.79752EPSS
Exploits4References5
ATTACKERKB
ATTACKERKB
added 2015/04/14 12:0 a.m.66 views

CVE-2015-1641

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute...

9.3CVSS7.9AI score0.9679EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2014/09/27 12:0 a.m.66 views

CVE-2014-6277

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access, and untrusted-pointer read and write operations via a crafted...

10CVSS8.6AI score0.99999EPSS
Exploits146References112
ATTACKERKB
ATTACKERKB
added 2023/11/14 12:0 a.m.65 views

CVE-2023-36033

Windows DWM Core Library Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS6.9AI score0.11977EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/02/09 12:0 a.m.65 views

CVE-2022-22718

Windows Print Spooler Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS7.2AI score0.18464EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2021/12/15 12:0 a.m.65 views

CVE-2021-43226

Windows Common Log File System Driver Elevation of Privilege Vulnerability Recent assessments: ccondon-r7 at August 07, 2024 1:06pm UTC reported: A July 2024 bulletin from multiple U.S. government agencies indicates that North Korean state-sponsored attackers have demonstrated interest in this...

7.8CVSS8.6AI score0.03072EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2021/05/11 12:0 a.m.65 views

CVE-2021-28550

Acrobat Reader DC versions versions 2021.001.20150 and earlier, 2020.001.30020 and earlier and 2017.011.30194 and earlier are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current...

9.6CVSS8.7AI score0.52005EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/04/09 12:0 a.m.65 views

CVE-2021-20021

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. Recent assessments: wvu-r7 at April 28, 2021 11:04pm UTC reported: CVE-2021-20021 is being exploited in the wild to gain...

9.8CVSS9.4AI score0.83425EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2020/11/23 12:0 a.m.65 views

CVE-2020-4006

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. Recent assessments: ccondon-r7 at December 10, 2020 7:54pm UTC reported: I’ve seen some news headlines with very scary-sounding words “ransacking...

9.1CVSS9.6AI score0.23771EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2019/12/18 12:0 a.m.65 views

CVE-2019-8526

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS3.6AI score0.00701EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2018/03/01 12:0 a.m.65 views

CVE-2018-2380

SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing “traverse to parent directory” are passed through to the file APIs. Recent assessments: Assessed Attacker Value: 0 Assessed Attacke...

6.6CVSS6.5AI score0.28892EPSS
Exploits5References8
ATTACKERKB
ATTACKERKB
added 2025/05/14 12:0 a.m.64 views

CVE-2025-4664

Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

4.3CVSS6.3AI score0.05329EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2024/10/28 12:0 a.m.64 views

CVE-2024-50623

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution. Recent assessments: sfewer-r7 at July 11, 2025 9:37am UTC reported: CVE-2024-50623 allows a remote unauthenticated...

9.8CVSS9.8AI score0.98529EPSS
Exploits8References2
ATTACKERKB
ATTACKERKB
added 2023/11/28 10:15 p.m.64 views

CVE-2023-46944

An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component...

7.8CVSS6.2AI score0.01322EPSS
Exploits4References4
ATTACKERKB
ATTACKERKB
added 2023/06/23 12:0 a.m.64 views

CVE-2023-32409

The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issu...

8.6CVSS7.4AI score0.1653EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2023/04/18 12:0 a.m.64 views

CVE-2023-21932

Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications component: OXI. The supported version that is affected is 5.6. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle...

7.2CVSS8.6AI score0.44684EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/10/08 12:0 a.m.64 views

CVE-2021-37975

Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: gwillcox-r7 at October 02, 2021 7:38pm UTC reported: Exploitation in the wild of this bug has been noted as reported by Google ...

8.8CVSS8.9AI score0.34887EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2021/02/08 12:0 a.m.64 views

CVE-2021-22502

Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter OBR product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Valu...

10CVSS9.2AI score0.9674EPSS
Exploits4References5
ATTACKERKB
ATTACKERKB
added 2020/04/21 12:0 a.m.64 views

CVE-2020-11964

In IQrouter through 3.3.1, the Lua function diagsetpassword in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...

7.5CVSS7.6AI score0.02247EPSS
Exploits3References6
ATTACKERKB
ATTACKERKB
added 2020/04/14 12:0 a.m.64 views

CVE-2020-5260

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external “credential helper” programs to store and retrieve passwords or other credentials from secure storage provided by the operating system...

9.3CVSS0.3AI score0.10047EPSS
Exploits2References20
ATTACKERKB
ATTACKERKB
added 2019/09/05 12:0 a.m.64 views

CVE-2019-15949

Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile profile.php?cmd=download, is executed as root via a...

9CVSS8.8AI score0.77741EPSS
Exploits13References4
ATTACKERKB
ATTACKERKB
added 2018/09/09 12:0 a.m.64 views

CVE-2018-16763

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution. Recent assessments: noraj at May 08, 2021 7:33pm UTC reported: Unauthenticated RCE with default config, this is critical. Assessed...

9.8CVSS4.7AI score0.82937EPSS
Exploits17References9
ATTACKERKB
ATTACKERKB
added 2024/02/13 12:0 a.m.63 views

CVE-2024-21410

Microsoft Exchange Server Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS7.3AI score0.12661EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/04/06 12:0 a.m.63 views

CVE-2023-26083

Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 – r32p0, Bifrost GPU Kernel Driver all versions from r0p0 – r42p0, Valhall GPU Kernel Driver all versions from r19p0 – r42p0, and Avalon GPU Kernel Driver all versions from r41p0 – r42p0 allows...

3.3CVSS5.9AI score0.01429EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/02/14 12:0 a.m.63 views

CVE-2023-23376

Windows Common Log File System Driver Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS8.5AI score0.10853EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/12/22 12:0 a.m.63 views

CVE-2022-26485

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, Thunderbird 91.6.2, and Focus 97.3.0. Recent...

8.8CVSS8.1AI score0.14261EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/09/08 12:0 a.m.63 views

CVE-2022-27593

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later...

10CVSS9.8AI score0.87908EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/24 12:0 a.m.63 views

CVE-2022-36804

Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before...

8.8CVSS2.7AI score0.99077EPSS
Exploits50References4
ATTACKERKB
ATTACKERKB
added 2022/05/10 12:0 a.m.63 views

CVE-2022-26923

Active Directory Domain Services Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9CVSS8.6AI score0.83277EPSS
Exploits8References3
ATTACKERKB
ATTACKERKB
added 2022/02/17 12:0 a.m.63 views

CVE-2021-45382

A Remote Command Execution RCE vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions, have reached their End ...

10CVSS9.7AI score0.97836EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/02/11 12:0 a.m.63 views

CVE-2021-4102

Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS2.5AI score0.07836EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/09/13 12:0 a.m.63 views

CVE-2021-40870

An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal. Recent assessments: JoyGhoshs at October 09, 2021 6:33am UTC reported:...

9.8CVSS9.9AI score0.93019EPSS
Exploits5References4
ATTACKERKB
ATTACKERKB
added 2021/08/16 12:0 a.m.63 views

CVE-2021-35395

Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both of them are affect...

10CVSS9.6AI score0.981EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2021/05/14 12:0 a.m.63 views

CVE-2021-24284

The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the ‘uploadFontIcon’ AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fontsicon directory with no checks for malicious files such as PHP. Recent...

9.8CVSS9.6AI score0.4214EPSS
Exploits3References4
ATTACKERKB
ATTACKERKB
added 2021/04/26 12:0 a.m.63 views

CVE-2021-21206

Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS2.5AI score0.09401EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2021/01/04 3:15 a.m.63 views

CVE-2021-3007

Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer...

9.8CVSS8.1AI score0.75313EPSS
Exploits3References7
ATTACKERKB
ATTACKERKB
added 2020/01/14 12:0 a.m.63 views

CVE-2020-0601, aka NSACrypt

A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...

8.1CVSS8.4AI score0.89436EPSS
Exploits14References5
ATTACKERKB
ATTACKERKB
added 2020/01/14 12:0 a.m.63 views

CVE-2020-0646

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ‘.NET Framework Remote Code Execution Injection Vulnerability’. Recent assessments: zeroSteiner at March 20, 2020 1:31pm UTC reported: The SharePoint WorkFlow component is affected...

10CVSS9.8AI score0.99222EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2019/09/06 12:0 a.m.63 views

CVE-2019-10891

An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnapmain, which calls system without checking the parameter that can be controlled by user, and finally allows remote attackers to execute arbitrary shell commands with a special HTTP header. Recent...

10CVSS8.4AI score0.19442EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2019/05/17 12:0 a.m.63 views

CVE-2019-4279 - IBM WebSphere Application Server

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445. – nvd.nist.gov description Recent assessments: jrobles-r7 at May 29, 2019 4:00...

10CVSS3.6AI score0.79926EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2017/10/17 12:0 a.m.63 views

CVE-2014-8357

backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf. Recent assessments: Assessed...

8.8CVSS8.3AI score0.05441EPSS
Exploits4References5
ATTACKERKB
ATTACKERKB
added 2026/04/02 12:44 p.m.62 views

CVE-2026-4282

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to forge authorization codes. Successful exploitation can lead to the creation of admin-capable access tokens,...

7.4CVSS5.8AI score0.00424EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2024/07/09 12:0 a.m.62 views

CVE-2024-38080

Windows Hyper-V Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS6.9AI score0.07058EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/01/16 12:0 a.m.62 views

CVE-2023-22527

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server...

10CVSS10AI score0.99984EPSS
Exploits32References4
Total number of security vulnerabilities5000