Lucene search
K
AttackerkbMost viewed

74584 matches found

ATTACKERKB
ATTACKERKB
added 2024/11/13 12:0 a.m.56 views

CVE-2024-43093

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User...

7.3CVSS8AI score0.00714EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2024/04/09 12:0 a.m.56 views

CVE-2024-29988

SmartScreen Prompt Security Feature Bypass Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS7.2AI score0.45151EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2024/02/13 12:0 a.m.56 views

CVE-2024-21412

Internet Shortcut Files Security Feature Bypass Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.1CVSS7.2AI score0.95443EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2023/09/12 12:0 a.m.56 views

CVE-2023-4863

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

8.8CVSS8.5AI score0.99735EPSS
Exploits9References46
ATTACKERKB
ATTACKERKB
added 2021/02/24 12:0 a.m.56 views

CVE-2021-21973

The vSphere Client HTML5 contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information...

5.3CVSS2.5AI score0.88012EPSS
Exploits8References2
ATTACKERKB
ATTACKERKB
added 2020/08/17 12:0 a.m.56 views

CVE-2020-3433

A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows...

7.8CVSS2.9AI score0.28307EPSS
Exploits16References3
ATTACKERKB
ATTACKERKB
added 2020/03/10 12:0 a.m.56 views

CVE-2020-6207

SAP Solution Manager User Experience Monitoring, version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager. Recent assessments: Assessed Attacker Value: 0 Assessed Attacke...

10CVSS3.1AI score0.98376EPSS
Exploits7References10
ATTACKERKB
ATTACKERKB
added 2019/03/25 12:0 a.m.56 views

CVE-2019-3396

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 the fixed version for 6.6.x, from version 6.7.0 before 6.12.3 the fixed version for 6.12.x, from version 6.13.0 before 6.13.3 the fixed version for 6.13.x, and from version 6.14.0 before 6.14.2 the fixed version for...

10CVSS9.8AI score0.99913EPSS
Exploits20References7
ATTACKERKB
ATTACKERKB
added 2018/08/13 12:0 a.m.56 views

CVE-2018-15139

Unrestricted file upload in interface/super/managesitefiles.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory. Recent...

8.8CVSS3.7AI score0.19274EPSS
Exploits7References7
ATTACKERKB
ATTACKERKB
added 2017/10/13 12:0 a.m.56 views

CVE-2017-11774

Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka “Microsoft Outlook Security Feature Bypass Vulnerability.” Recent assessments: Assessed Attacker Value: 0 Assessed...

7.8CVSS7.8AI score0.59893EPSS
Exploits2References6
ATTACKERKB
ATTACKERKB
added 2015/07/14 12:0 a.m.56 views

CVE-2015-5122

Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome...

10CVSS9.7AI score0.93688EPSS
Exploits5References21
ATTACKERKB
ATTACKERKB
added 2013/03/11 12:0 a.m.56 views

CVE-2013-2551

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka “Internet Explorer Use After Fr...

9.3CVSS8.2AI score0.74096EPSS
Exploits11References7
ATTACKERKB
ATTACKERKB
added 2023/11/30 10:15 p.m.55 views

CVE-2021-35975

Absolute path traversal vulnerability in the Systematica SMTP Adapter component up to v2.0.1.101 in Systematica Radius up to v.3.9.256.777 allows remote attackers to read arbitrary files via a full pathname in GET parameter "file" in URL. Also: affected components in same product - HTTP Adapter u...

5.3CVSS6.3AI score0.01069EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/09/27 12:0 a.m.55 views

CVE-2023-40044

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system. Recent assessments: sfewer-r7 at October 02, 2023 8:11am UT...

10CVSS9.4AI score0.9015EPSS
Exploits5References10
ATTACKERKB
ATTACKERKB
added 2023/01/11 12:0 a.m.55 views

CVE-2023-22952

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation. Recent assessments: h00die-gr3y at January 18, 2023 8:56am UTC reported: Last December, 28th 2022, a zero.day vulnerability in the SugarCRM applicati...

8.8CVSS9AI score0.80274EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2022/12/15 12:0 a.m.55 views

CVE-2022-42856

A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this iss...

8.8CVSS2.1AI score0.08523EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 2022/03/03 12:0 a.m.55 views

CVE-2022-22947

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the...

10CVSS9.9AI score0.98253EPSS
Exploits54References6
ATTACKERKB
ATTACKERKB
added 2021/08/24 12:0 a.m.55 views

Online-Catering-Reservation-DT Food Catering (by: oretnom23 ) v1.0 SQL injection - login

The Online-Catering-Reservation-DT Food-Cateringby: oretnom23v1.0 is vulnerable in the application /catering/classes/Login.php which is redirected from /catering/dist/js/script.js app. The SQL injection can be deployed by using the username vulnerable parameter on /catering/admin/login.php. The...

5CVSS0.3AI score0.02252EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2021/08/23 9:15 p.m.55 views

CVE-2021-39609

Cross Site Scripting XSS vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function...

5.4CVSS6.1AI score0.017EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2021/05/07 12:0 a.m.55 views

CVE-2021-1906

Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Recent...

6.2CVSS7AI score0.0052EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/04/16 12:0 a.m.55 views

CVE-2020-2509

A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and late...

9.8CVSS9.9AI score0.328EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/09/25 12:0 a.m.55 views

CVE-2020-25223

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 Recent assessments: wvu-r7 at August 26, 2021 2:01am UTC reported: Please see theAtredis writeup for root cause analysis. CVE-2020-25223 has high attacker value and...

10CVSS9.8AI score0.96693EPSS
Exploits9References6
ATTACKERKB
ATTACKERKB
added 2020/04/15 12:0 a.m.55 views

CVE-2020-1020

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could...

8.8CVSS8.4AI score0.69166EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2019/03/24 12:0 a.m.55 views

CVE-2019-9978

The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swpdebug=loadoptions swpurl parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...

6.1CVSS6.2AI score0.73543EPSS
Exploits20References15
ATTACKERKB
ATTACKERKB
added 2018/09/25 12:0 a.m.55 views

CVE-2018-15961

Adobe ColdFusion versions July 12 release 2018.0.0.310739, Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

10CVSS9.3AI score0.9995EPSS
Exploits11References6
ATTACKERKB
ATTACKERKB
added 2017/09/23 12:0 a.m.55 views

CVE-2017-14726

Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

6.1CVSS3.8AI score0.02657EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2017/07/20 12:0 a.m.55 views

CVE-2017-9822

DNN aka DotNetNuke before 9.1.1 has Remote Code Execution via a cookie, aka “2017-08 Critical Possible remote code execution on DNN sites.” Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS9AI score0.94789EPSS
Exploits6References4
ATTACKERKB
ATTACKERKB
added 2017/04/06 12:0 a.m.55 views

CVE-2016-8735

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn’t updated for consistency...

10CVSS9.8AI score0.92334EPSS
Exploits1References52
ATTACKERKB
ATTACKERKB
added 2013/04/13 12:0 a.m.55 views

CVE-2013-2596

Integer overflow in the fbmmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges,...

7.8CVSS5.7AI score0.03373EPSS
Exploits1References22
ATTACKERKB
ATTACKERKB
added 2010/02/22 12:0 a.m.55 views

CVE-2010-0188

Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service application crash or possibly execute arbitrary code via unknown vectors. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

9.3CVSS7.5AI score0.88246EPSS
Exploits12References12
ATTACKERKB
ATTACKERKB
added 2023/11/10 12:0 a.m.54 views

CVE-2023-47246

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023. Recent assessments: cbeek-r7 at November 09, 2023 2:50pm UTC reported: On November 8, 2023, SysAid, an IT...

9.8CVSS9.5AI score0.98851EPSS
Exploits3References5
ATTACKERKB
ATTACKERKB
added 2023/06/23 12:0 a.m.54 views

CVE-2023-32373

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is...

8.8CVSS8.4AI score0.12172EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2023/03/14 12:0 a.m.54 views

CVE-2023-24880

Windows SmartScreen Security Feature Bypass Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

4.4CVSS7AI score0.78152EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/02/16 12:0 a.m.54 views

CVE-2022-39952

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via...

9.8CVSS0.5AI score0.99815EPSS
Exploits7References4
ATTACKERKB
ATTACKERKB
added 2022/10/19 12:0 a.m.54 views

CVE-2016-20017

D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS5.4AI score0.6043EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/09/19 12:0 a.m.54 views

CVE-2022-35914

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS2.2AI score0.99628EPSS
Exploits13References8
ATTACKERKB
ATTACKERKB
added 2022/07/23 12:0 a.m.54 views

CVE-2022-1096

Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS2.6AI score0.24237EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2021/11/10 12:0 a.m.54 views

CVE-2021-42287

Active Directory Domain Services Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS8AI score0.74265EPSS
Exploits10References2
ATTACKERKB
ATTACKERKB
added 2021/09/15 12:0 a.m.54 views

CVE-2021-38645

Open Management Infrastructure Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS8.2AI score0.0189EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/05/05 12:0 a.m.54 views

CVE-2021-1499

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerabilit...

5.3CVSS5.4AI score0.80426EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2021/04/02 12:0 a.m.54 views

CVE-2021-1782

A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a...

7CVSS2.4AI score0.02222EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2019/04/09 12:0 a.m.54 views

CVE-2019-0703

An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka ‘Windows SMB Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821. Recent assessments: gwillcox-r7 at November 22, 2020 2:42am UTC reported...

6.5CVSS6.4AI score0.0964EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2019/01/22 12:0 a.m.54 views

CVE-2018-13374

A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the...

4.3CVSS8.7AI score0.38088EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2017/11/09 12:0 a.m.54 views

CVE-2015-7501

Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid JDG 6.x; Data Virtualization JDV 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works FSW 6.x; Operations Network JBoss ON 3.x; Portal 6.x; SOA Platform SOA-P 5.x; Web Server JWS 3.x;...

10CVSS2.5AI score0.83274EPSS
Exploits8References28
ATTACKERKB
ATTACKERKB
added 2017/05/12 12:0 a.m.54 views

CVE-2017-0281

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint...

9.3CVSS8.2AI score0.80734EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2014/10/15 12:0 a.m.54 views

CVE-2014-4113

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, a...

7.8CVSS7.7AI score0.87042EPSS
Exploits22References12
ATTACKERKB
ATTACKERKB
added 2026/03/24 12:30 p.m.53 views

CVE-2026-4691

Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

9.8CVSS5.8AI score0.00483EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/02/02 1:2 a.m.53 views

CVE-2026-1737

A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function sgwcs5chandlecreatebearerrequest of the file /src/sgwc/s5c-handler.c of the component CreateBearerRequest Handler. Performing a manipulation results in reachable assertion. Remote exploitation of the attack ...

6.9CVSS5.7AI score0.00492EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2025/06/03 12:0 a.m.53 views

CVE-2025-21479

Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.6CVSS7.6AI score0.00778EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2024/08/23 12:0 a.m.53 views

CVE-2024-40766

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7...

9.8CVSS9.6AI score0.15593EPSS
Exploits0References2
Total number of security vulnerabilities5000