Lucene search
K
AttackerkbMost viewed

74584 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/20 10:37 p.m.59 views

CVE-2026-32733

Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6, the DCC receive flow did not sanitize filenames from incoming DCC SEND requests. A remote IRC user could send a filename with path traversal sequences like ../../.ssh/authorizedkeys and the fil...

8.7CVSS5.9AI score0.00399EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/10/25 12:0 a.m.59 views

CVE-2023-34056

vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

4.3CVSS4.5AI score0.00667EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/09/13 12:0 a.m.59 views

CVE-2022-37969

Windows Common Log File System Driver Elevation of Privilege Vulnerability Recent assessments: cbeek-r7 at November 22, 2024 9:17am UTC reported: The vulnerability arises due to insufficient input validation in the CLFS driver. Specifically, CLFS mishandles certain crafted input, allowing an...

7.8CVSS9.3AI score0.28483EPSS
Exploits5References4
ATTACKERKB
ATTACKERKB
added 2022/03/16 12:0 a.m.59 views

CVE-2021-39793

In kbasejduserbufpinpages of malikbasemem.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

7.8CVSS6AI score0.00732EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/07/21 12:0 a.m.59 views

CVE-2020-36239

Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17....

7.5CVSS3.2AI score0.48883EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2021/05/27 12:0 a.m.59 views

CVE-2021-22900

A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. Recent assessments: Assessed Attacker Value: 0...

7.2CVSS8.1AI score0.14146EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/02/02 12:0 a.m.59 views

CVE-2020-25506

D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the systemmgr.cgi component, which can lead to remote arbitrary code execution. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS9.6AI score0.99968EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2020/08/17 12:0 a.m.59 views

CVE-2020-1472

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NRPC. An attacker who successfully exploited the vulnerability could run a specially crafted application on a...

10CVSS8.1AI score0.99512EPSS
Exploits75References18
ATTACKERKB
ATTACKERKB
added 2020/06/20 12:0 a.m.59 views

CVE-2020-14932

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php. Recent assessments: kevthehermit at June 20, 2020 5:17pm UTC reported: tldr The use of unserialize in PHP that accepts user data. There is no...

9.8CVSS9.6AI score0.1669EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2020/05/20 12:0 a.m.59 views

CVE-2020-3956: VMware Cloud Director Code Injection Vulnerability

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to...

8.8CVSS9.1AI score0.211EPSS
Exploits11References4
ATTACKERKB
ATTACKERKB
added 2019/08/28 12:0 a.m.59 views

Authentication bypass vulnerability in Cisco’s IOS XE REST API

This is an authentication bypass vulnerability in Cisco’s IOS XE series OS. While it can target a large swath of Cisco’s switches and routers, it requires the Cisco REST API Container for IOS to be turned on, as it is not on by default. Recent assessments: bwatters-r7 at September 12, 2019 6:06pm...

10CVSS1.9AI score0.05324EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2019/07/03 12:0 a.m.59 views

CVE-2018-15812

DNN aka DotNetNuke 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.5CVSS3.3AI score0.46547EPSS
Exploits4References4
ATTACKERKB
ATTACKERKB
added 2019/06/05 12:0 a.m.59 views

CVE-2019-10149

Exim unauthenticated RCE with reports that it’s been used by Sandworm since August 2019 Recent assessments: gwillcox-r7 at November 04, 2020 4:03pm UTC reported: Reported as exploited in the wild at https://us-cert.cisa.gov/ncas/alerts/aa20-296a ericalexanderorg at May 28, 2020 4:49pm UTC reporte...

10CVSS9.6AI score0.99961EPSS
Exploits27References23
ATTACKERKB
ATTACKERKB
added 2018/01/29 12:0 a.m.59 views

CVE-2017-1000353

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java SignedObject object to the Jenkins CLI, that would be deserialized...

9.8CVSS0.8AI score0.99679EPSS
Exploits36References5
ATTACKERKB
ATTACKERKB
added 2017/10/04 12:0 a.m.59 views

CVE-2017-12617

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default servlet to false it was possible to upload a JSP file to the server via a specially crafted...

8.1CVSS2.5AI score0.99988EPSS
Exploits23References67
ATTACKERKB
ATTACKERKB
added 2025/05/07 12:0 a.m.58 views

CVE-2025-35939

Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...

6.9CVSS7.7AI score0.01174EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2023/10/27 12:0 a.m.58 views

CVE-2023-46604

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to caus...

10CVSS9.9AI score0.99654EPSS
Exploits31References13
ATTACKERKB
ATTACKERKB
added 2023/03/15 12:0 a.m.58 views

CVE-2023-1389

TP-Link Archer AX21 AX1800 firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before...

8.8CVSS8.9AI score0.99999EPSS
Exploits7References3
ATTACKERKB
ATTACKERKB
added 2023/03/07 12:0 a.m.58 views

CVE-2022-41328

A improper limitation of a pathname to a restricted directory vulnerability ‘path traversal’ CWE-22 in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands...

7.1CVSS6.6AI score0.12316EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/12/15 12:0 a.m.58 views

CVE-2021-1048

In eploopcheckproc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID...

7.8CVSS7.4AI score0.01047EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/10/22 12:0 a.m.58 views

CVE-2021-42258

BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID aka username parameter. Successful exploitation can include...

9.8CVSS9.9AI score0.73269EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2021/06/09 12:0 a.m.58 views

CVE-2020-11261

Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

7.8CVSS8.2AI score0.01772EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/02/16 12:0 a.m.58 views

CVE-2021-27104

Accellion FTA 912370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA912380 and later. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

10CVSS6.6AI score0.56411EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/01/20 3:15 p.m.58 views

CVE-2021-2108

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core Components. The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server...

9.8CVSS7AI score0.03728EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2020/12/30 12:0 a.m.58 views

CVE-2020-35846

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. Recent assessments: h00die at May 31, 2021 12:07pm UTC reported: noSQL injection within the /auth/requestreset API. By sending JSON.generate 'user' = '$func' = 'vardump' it causes the vardump functio...

9.8CVSS3.5AI score0.98294EPSS
Exploits12References6
ATTACKERKB
ATTACKERKB
added 2020/07/28 12:0 a.m.58 views

CVE-2020-10923

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A...

8.8CVSS2.4AI score0.87343EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2020/01/21 12:0 a.m.58 views

CVE-2020-7246

A remote code execution RCE vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users‘photoppreview’ delete photo feature, allowing bypass of .htaccess protection...

8.8CVSS2.6AI score0.83235EPSS
Exploits18References4
ATTACKERKB
ATTACKERKB
added 2019/01/08 12:0 a.m.58 views

CVE-2018-1932

IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access control in the management server that could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 153175. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...

4.9CVSS2.9AI score0.0323EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2018/06/26 12:0 a.m.58 views

CVE-2018-10661

An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

10CVSS7AI score0.86682EPSS
Exploits4References5
ATTACKERKB
ATTACKERKB
added 2017/05/02 12:0 a.m.58 views

CVE-2017-5689

An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology AMT and Intel Standard Manageability ISM. An unprivileged local attacker could provision manageability features gaining unprivileged network or local system...

10CVSS7.3AI score0.92189EPSS
Exploits7References13
ATTACKERKB
ATTACKERKB
added 2016/05/05 12:0 a.m.58 views

CVE-2016-3715

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

10CVSS5.7AI score0.97485EPSS
Exploits12References25
ATTACKERKB
ATTACKERKB
added 2016/04/09 12:0 a.m.58 views

CVE-2016-1015

Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code by overriding NetConnection object properties to leverage an unspecified “type confusion,” a different vulnerability than...

10CVSS9.7AI score0.22487EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2016/04/07 12:0 a.m.58 views

CVE-2016-3976

Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ dot dot backslash in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971. Recent assessments: Assessed Attacker Value: 0 Assessed...

7.5CVSS7.5AI score0.46605EPSS
Exploits5References10
ATTACKERKB
ATTACKERKB
added 2026/06/18 6:37 p.m.57 views

CVE-2026-47847

Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication health-check user. The MARIADBREPLICATIONUSER and MARIADBREPLICATIONPASSWORD environment variables defaulted to monitor and monitor respectively. This user...

5.3CVSS5.3AI score0.00187EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/03/12 12:0 a.m.57 views

CVE-2023-48788

A improper neutralization of special elements used in an sql command ‘sql injection’ in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets. Recent assessments: jheysel-r7 a...

9.8CVSS10AI score0.97591EPSS
Exploits4References4
ATTACKERKB
ATTACKERKB
added 2024/01/17 8:15 p.m.57 views

CVE-2023-6548

Improper Control of Generation of Code 'Code Injection' in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated low privileged remote code execution on Management Interface...

8.8CVSS8AI score0.03191EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2024/01/12 12:0 a.m.57 views

CVE-2024-21887

A command injection vulnerability in web components of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. Recent assessments: cbeek-r7 at January 11, 2024...

9.1CVSS9.7AI score0.99999EPSS
Exploits23References5
ATTACKERKB
ATTACKERKB
added 2023/12/05 12:0 a.m.57 views

CVE-2023-33106

Memory corruption while submitting a large list of sync points in an AUX command to the IOCTLKGSLGPUAUXCOMMAND. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.4CVSS7.5AI score0.00854EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/05/24 7:15 p.m.57 views

CVE-2023-2868

A remote command injection vulnerability exists in the Barracuda Email Security Gateway appliance form factor only product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file tape archives. The vulnerability ste...

9.8CVSS7.5AI score0.98975EPSS
Exploits22References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/11/09 12:0 a.m.57 views

CVE-2022-41080

Microsoft Exchange Server Elevation of Privilege Vulnerability Recent assessments: zeroSteiner at January 10, 2023 3:53pm UTC reported: This is an alternative method for bypassing Exchange Emergency Mitigation Service EEMS protections for the ProxyNotShell exploit chain. When this CVE is combined...

9.8CVSS8.6AI score0.9997EPSS
Exploits11References3
ATTACKERKB
ATTACKERKB
added 2021/09/08 2:15 p.m.57 views

CVE-2021-28701

Another race in XENMAPSPACEgranttable handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches back from v2...

7.8CVSS5.4AI score0.00266EPSS
Exploits0References12Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/08/24 12:0 a.m.57 views

CVE-2021-31010

A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report tha...

7.5CVSS2.4AI score0.03673EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2021/07/02 12:0 a.m.57 views

CVE-2021-30554

Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: gwillcox-r7 at June 21, 2021 7:19pm UTC reported: Apparently this is a UAF vulnerability in the WebGL component of Chrome...

8.8CVSS9.2AI score0.07367EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2020/12/08 12:0 a.m.57 views

Amnesia:33

Amnesia:33 is a group of 33 vulnerabilities in open-source TCP/IP stack libraries. The vulnerabilities may be present in a wide range of operational technology, IoT, and connected device implementations. Recent assessments: ccondon-r7 at December 08, 2020 9:05pm UTC reported: Sorta relying here o...

9.8CVSS1.9AI score0.58695EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2019/05/29 12:0 a.m.57 views

CVE-2019-9670

mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection XXE vulnerability, as demonstrated by Autodiscover/Autodiscover.xml. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS2.9AI score0.99986EPSS
Exploits4References8
ATTACKERKB
ATTACKERKB
added 2018/01/10 12:0 a.m.57 views

CVE-2018-0798

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka “Microsoft Office Memory Corruption Vulnerability”. Recent assessments: Assessed Attacke...

9.3CVSS8AI score0.95121EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2015/04/14 12:0 a.m.57 views

CVE-2015-1635

HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka “HTTP.sys Remote Code Execution Vulnerability.” Recent assessments: meikster at March 04,...

10CVSS9.7AI score0.99999EPSS
Exploits16References10
ATTACKERKB
ATTACKERKB
added 2012/10/16 12:0 a.m.57 views

CVE-2012-3153

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU...

9.1CVSS6.6AI score0.98695EPSS
Exploits11References9
ATTACKERKB
ATTACKERKB
added 2010/08/11 12:0 a.m.57 views

CVE-2010-2861

Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to 1 CFIDE/administrator/settings/mappings.cfm, 2 logging/settings.cfm, 3 datasources/index.cfm, 4...

9.8CVSS5.6AI score0.99721EPSS
Exploits13References8
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:50 p.m.56 views

CVE-2026-33742

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...

5.4CVSS5.8AI score0.00202EPSS
Exploits1References3Affected Software1
Total number of security vulnerabilities5000