Lucene search
K
AttackerkbMost viewed

74584 matches found

ATTACKERKB
ATTACKERKB
added 2022/03/10 12:0 a.m.62 views

CVE-2022-26143

The TP-240 aka tp240dvr component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service performance degradation and excessive outbound traffic. This was exploited in the wild in February...

9.8CVSS5.4AI score0.87565EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2022/02/03 12:0 a.m.62 views

CVE-2022-20701

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned softwa...

10CVSS4.8AI score0.09747EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/10/08 12:0 a.m.62 views

CVE-2021-37976

Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Recent assessments: gwillcox-r7 at October 02, 2021 7:27pm UTC reported: More info will be available at...

6.5CVSS7.3AI score0.19901EPSS
Exploits1References10
ATTACKERKB
ATTACKERKB
added 2021/05/27 12:0 a.m.62 views

CVE-2021-22894

A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: ...

9CVSS5.9AI score0.41284EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/04/10 12:0 a.m.62 views

CVE-2021-20020

A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root. Recent assessments: wvu-r7 at April 29, 2021 9:39pm UTC reported: CVE-2021-20020? Seems to be Postgres running in trust mode on TCP port 5029, which essentially...

10CVSS10AI score0.0373EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/06/09 12:0 a.m.62 views

CVE-2020-1313

An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka ‘Windows Update Orchestrator Service Elevation of Privilege Vulnerability’. Recent assessments: bwatters-r7 at September 18, 2020 9:01pm UTC reported: This...

7.8CVSS1.1AI score0.39967EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2020/02/26 12:0 a.m.62 views

VU#498544 ZyXEL pre-authentication command injection in weblogin.cgi

” Multiple ZyXEL devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. Multiple ZyXEL devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to...

10CVSS10.4AI score0.99988EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2020/02/22 12:0 a.m.62 views

CVE-2020-8862

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from t...

8.8CVSS1.6AI score0.13343EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2020/01/14 12:0 a.m.62 views

CVE-2020-0610

A remote code execution vulnerability exists in Windows Remote Desktop Gateway RD Gateway when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Windows Remote Desktop Gateway RD Gateway Remote Code Execution Vulnerability’. This CVE ID...

10CVSS9.8AI score0.74897EPSS
Exploits10References2
ATTACKERKB
ATTACKERKB
added 2017/05/16 12:0 a.m.62 views

CVE-2017-6079

The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. You can use this page as a web shell essentially to execute commands, though you get no feedback client-side fro...

10CVSS2.2AI score0.46846EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/20 1:57 p.m.61 views

CVE-2026-22844

A Command Injection vulnerability in Zoom Node Multimedia Routers MMRs before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access...

9.9CVSS6.7AI score0.12965EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/08/13 12:0 a.m.61 views

CVE-2024-38107

Windows Power Dependency Coordinator Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS7AI score0.01635EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/01/31 12:0 a.m.61 views

CVE-2024-1086

A use-after-free vulnerability in the Linux kernel’s netfilter: nftables component can be exploited to achieve local privilege escalation. The nftverdictinit function allows positive values as drop error within the hook verdict, and hence the nfhookslow function can cause a double free...

7.8CVSS8AI score0.28058EPSS
Exploits16References15
ATTACKERKB
ATTACKERKB
added 2023/10/25 12:0 a.m.61 views

CVE-2023-34048

vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. Recent assessments: ccondon-r7 at January 19, 2024...

9.8CVSS9.9AI score0.99428EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/09/26 12:0 a.m.61 views

CVE-2022-2856

Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Valu...

6.5CVSS3.6AI score0.04493EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2022/02/03 12:0 a.m.61 views

CVE-2022-20703

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned softwa...

10CVSS4.8AI score0.09203EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2021/06/15 12:0 a.m.61 views

CVE-2021-30551

Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS2.6AI score0.64701EPSS
Exploits1References9
ATTACKERKB
ATTACKERKB
added 2021/05/20 2:15 p.m.61 views

CVE-2021-3438

A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege...

7.8CVSS7.6AI score0.02902EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2021/02/15 12:0 a.m.61 views

CVE-2021-25297

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command...

9CVSS2.8AI score0.71536EPSS
Exploits8References7
ATTACKERKB
ATTACKERKB
added 2020/12/08 12:0 a.m.61 views

CVE-2020-27932

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplement...

9.3CVSS7.3AI score0.10337EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2019/12/05 12:0 a.m.61 views

CVE-2019-7195

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...

9.8CVSS8.9AI score0.89681EPSS
Exploits9References3
ATTACKERKB
ATTACKERKB
added 2019/06/27 12:0 a.m.61 views

Google Chrome CVE-2019-5786 FileReader Use-After-Free Vulnerability

Google Chrome is prone to a use-after-free vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the browser. Failed attempts will likely cause a denial-of-service condition. Recent assessments: gwillcox-r7 at September 23, 2020 8:20pm UTC reported: This was...

6.5CVSS0.9AI score0.61537EPSS
Exploits10References9
ATTACKERKB
ATTACKERKB
added 2018/03/28 12:0 a.m.61 views

CVE-2018-0171

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service DoS condition, or to execute arbitrary code on an affected device. The...

10CVSS9.6AI score0.9951EPSS
Exploits2References7
ATTACKERKB
ATTACKERKB
added 2011/12/07 12:0 a.m.61 views

CVE-2011-2462

Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via unknown vectors, as exploited in...

10CVSS9.4AI score0.86238EPSS
Exploits11References9
ATTACKERKB
ATTACKERKB
added 2010/07/22 12:0 a.m.61 views

CVE-2010-2772

Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568. Recent assessments: Assessed Attacker...

9.3CVSS5.5AI score0.91324EPSS
Exploits15References15
ATTACKERKB
ATTACKERKB
added 2026/05/28 8:27 a.m.60 views

CVE-2026-6226

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthenticated privilege escalation in versions up to and including 3.29.2. This is due to insecure form submission handling that accepts arbitrary form definitions from user input instead of securely loading them from the...

8.8CVSS5.9AI score0.00433EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2024/11/18 12:0 a.m.60 views

CVE-2024-0012

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege...

9.8CVSS8.9AI score0.99698EPSS
Exploits18References2
ATTACKERKB
ATTACKERKB
added 2023/03/22 9:15 p.m.60 views

CVE-2023-28434

Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To carry out this attack, the attacker requires credentials wit...

8.8CVSS7.2AI score0.06736EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2022/12/22 12:0 a.m.60 views

CVE-2022-26486

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, Thunderbird 91.6.2, and Focus...

9.6CVSS8.9AI score0.02349EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/12/13 5:15 p.m.60 views

CVE-2022-27518

Unauthenticated remote arbitrary code execution...

9.8CVSS7.9AI score0.06931EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/08/24 12:0 a.m.60 views

CVE-2022-32894

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively...

7.8CVSS3.4AI score0.03259EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2022/02/25 8:15 p.m.60 views

CVE-2022-25060

TP-LINK TL-WR840NESV6.20180709 was discovered to contain a command injection vulnerability via the component oalstartPing...

10CVSS7.2AI score0.48182EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2021/11/10 1:19 a.m.60 views

CVE-2021-42298

Microsoft Defender Remote Code Execution Vulnerability...

9.3CVSS7.6AI score0.05293EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/08/06 12:0 a.m.60 views

CVE-2021-38138

OneNav beta 0.9.12 allows XSS via the Add Link feature. PWNED by using remote execution script, automated for this vulnerability. NOTE: the vendor’s position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account;...

3.5CVSS1.2AI score0.01503EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2021/03/26 12:0 a.m.60 views

CVE-2021-22506

Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS4.2AI score0.99983EPSS
Exploits5References2
ATTACKERKB
ATTACKERKB
added 2021/03/25 12:0 a.m.60 views

CVE-2021-3450

The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an...

7.4CVSS7AI score0.62906EPSS
Exploits4References27
ATTACKERKB
ATTACKERKB
added 2021/01/30 12:0 a.m.60 views

CVE-2020-15568

TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with for example OS commands in the opt parameter. Recen...

10CVSS9.6AI score0.28495EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2020/05/20 12:0 a.m.60 views

CVE-2020-9484 — PersistentManager Java deserialization vulnerability

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and c the...

7CVSS2.6AI score0.56636EPSS
Exploits16References41
ATTACKERKB
ATTACKERKB
added 2020/05/06 12:0 a.m.60 views

CVE-2020-3259

A vulnerability in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential...

7.5CVSS7.6AI score0.71789EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2020/03/23 12:0 a.m.60 views

CVE-2020-5722

The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions befo...

10CVSS4.6AI score0.83926EPSS
Exploits8References4
ATTACKERKB
ATTACKERKB
added 2020/03/13 12:0 a.m.60 views

CVE-2018-10933

Description libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2MSGUSERAUTHSUCCESS message in place of the SSH2MSGUSERAUTHREQUEST message which the server would expect to initiate authentication, the attacker could...

9.1CVSS0.6AI score0.91789EPSS
Exploits11References1
ATTACKERKB
ATTACKERKB
added 2019/07/15 12:0 a.m.60 views

CVE-2019-1132

Privilege Escalation on Windows 7, Server 2008, and Server 2008 R2 targeting win32k.sys Recent assessments: FULLSHADE at April 21, 2020 4:04am UTC reported: This vulnerability takes advantage of a null pointer dereference within the Windows win32k.sys driver, win32k.sys is notorious for including...

7.8CVSS7.8AI score0.09788EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2019/04/01 12:0 a.m.60 views

CVE-2019-9193

DISPUTED In PostgreSQL 9.3 through 11.2, the “COPY TO/FROM PROGRAM” function allows superusers and users in the ‘pgexecuteserverprogram’ group to execute arbitrary code in the context of the database’s operating system user. This functionality is enabled by default and can be abused to run...

9CVSS5.5AI score0.91877EPSS
Exploits17References7
ATTACKERKB
ATTACKERKB
added 2018/12/01 12:0 a.m.60 views

CVE-2018-3949

An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated...

7.5CVSS1.4AI score0.53297EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2018/11/30 12:0 a.m.60 views

CVE-2018-3948

An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticate...

7.5CVSS1.7AI score0.23061EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2018/11/14 12:0 a.m.60 views

CVE-2018-17463

Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS4.4AI score0.84564EPSS
Exploits6References8
ATTACKERKB
ATTACKERKB
added 2016/11/10 12:0 a.m.60 views

CVE-2016-5195

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write COW feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka “Dirty COW.” Recent assessments:...

7.2CVSS0.4AI score0.83524EPSS
Exploits82References51
ATTACKERKB
ATTACKERKB
added 2016/05/11 12:0 a.m.60 views

CVE-2016-0189

The Microsoft 1 JScript 5.8 and 2 VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka “Scripting Engine Memory Corruption...

7.6CVSS7.9AI score0.93165EPSS
Exploits10References9
ATTACKERKB
ATTACKERKB
added 2014/10/07 12:0 a.m.60 views

CVE-2014-6287

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server aks HFS or HttpFileServer 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

10CVSS9.2AI score0.99323EPSS
Exploits23References10
ATTACKERKB
ATTACKERKB
added 2012/08/28 12:55 a.m.60 views

CVE-2012-4681

Multiple vulnerabilities in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by 1 using com.sun.beans.finder.ClassFinder.findClass and leveraging an...

10CVSS9.5AI score0.98536EPSS
Exploits10References17
Total number of security vulnerabilities5000