Lucene search
K
AttackerkbMost viewed

74584 matches found

ATTACKERKB
ATTACKERKB
added 2023/11/14 12:0 a.m.53 views

CVE-2023-36036

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS6.9AI score0.1667EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/10/26 12:0 a.m.53 views

CVE-2023-46747

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support EoTS a...

9.8CVSS9.8AI score0.96515EPSS
Exploits17References5
ATTACKERKB
ATTACKERKB
added 2022/04/21 5:19 p.m.53 views

CVE-2022-24272

An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. This issue affects: MongoDB Inc. MongoDB Server v5.0 versions, prior to and including v5.0.6...

6.5CVSS6.6AI score0.00889EPSS
Exploits2References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/12/08 12:0 a.m.53 views

CVE-2021-44529

A code injection vulnerability in the Ivanti EPM Cloud Services Appliance CSA allows an unauthenticated user to execute arbitrary code with limited permissions nobody. Recent assessments: h00die-gr3y at January 08, 2023 9:32am UTC reported: During the boring Christmas Days, — those days where you...

9.8CVSS8.3AI score0.99105EPSS
Exploits161References4
ATTACKERKB
ATTACKERKB
added 2021/08/15 6:15 p.m.53 views

CVE-2021-38699

TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/systemlogs...

5.4CVSS6.1AI score0.07977EPSS
Exploits5References7
ATTACKERKB
ATTACKERKB
added 2021/05/17 5:15 p.m.53 views

CVE-2021-33041

vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstrated by Electron remote code execution via require'childprocess'.execSync'calc.exe' on Windows and a similar attack on macOS...

6.1CVSS6.8AI score0.01173EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2020/08/20 12:0 a.m.53 views

CVE-2020-17456

SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the systemlog.cgi page. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS5.6AI score0.71691EPSS
Exploits8References7
ATTACKERKB
ATTACKERKB
added 2020/07/30 12:0 a.m.53 views

CVE-2020-10713 - BootHole

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access...

9CVSS1.4AI score0.76769EPSS
Exploits3References17
ATTACKERKB
ATTACKERKB
added 2020/07/10 12:0 a.m.53 views

CVE-2020-8193

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints. Recent assessments: mekhalleh at July...

6.5CVSS5.3AI score0.88411EPSS
Exploits6References3
ATTACKERKB
ATTACKERKB
added 2018/07/20 7:29 p.m.53 views

CVE-2018-12797

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user...

9.3CVSS9.1AI score0.08391EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2018/05/19 12:0 a.m.53 views

CVE-2018-4939

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution. Recent assessments: gwillcox-r7 at October 20, 2020 6:50pm UTC reported...

10CVSS9.5AI score0.63304EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2017/09/19 12:0 a.m.53 views

CVE-2017-12615

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it containe...

8.1CVSS2.6AI score0.99607EPSS
Exploits18References28
ATTACKERKB
ATTACKERKB
added 2016/08/31 12:0 a.m.53 views

CVE-2016-5674

debuggingcenterutils .php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...

10CVSS8.4AI score0.9461EPSS
Exploits11References4
ATTACKERKB
ATTACKERKB
added 2012/08/28 12:0 a.m.53 views

Java 7 Applet Remote Code Execution

Multiple vulnerabilities in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by 1 using com.sun.beans.finder.ClassFinder.findClass and leveraging an...

10CVSS9.7AI score0.98536EPSS
Exploits10References1
ATTACKERKB
ATTACKERKB
added 2010/06/08 12:0 a.m.53 views

CVE-2010-1297

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted SW...

9.3CVSS9.4AI score0.82365EPSS
Exploits22References47
ATTACKERKB
ATTACKERKB
added 2025/03/26 2:15 p.m.52 views

CVE-2025-23203

Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.4 and 1.11.4 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the Director is required...

5.5CVSS5.3AI score0.0037EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/05/28 12:0 a.m.52 views

CVE-2024-5274

Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.6CVSS8.7AI score0.1002EPSS
Exploits3References5
ATTACKERKB
ATTACKERKB
added 2023/12/05 12:0 a.m.52 views

CVE-2023-44221

Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a ‘nobody’ user, potentially leading to OS Command Injection Vulnerability. Recent assessments: Assessed...

7.2CVSS7.4AI score0.74933EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/09/28 12:0 a.m.52 views

CVE-2023-5217

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...

8.8CVSS9.1AI score0.49013EPSS
Exploits3References53
ATTACKERKB
ATTACKERKB
added 2022/09/20 12:0 a.m.52 views

CVE-2022-32917

The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively...

7.8CVSS3.2AI score0.05557EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2022/07/19 12:0 a.m.52 views

CVE-2022-35405

Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. This also affects ManageEngine Access Manager Plus before 4303 with authentication. Recent assessments: gwillcox-r7 at October 25, 2022 5:15pm UTC reported: This was...

9.8CVSS9.8AI score0.9994EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2022/03/17 12:0 a.m.52 views

CVE-2022-26501

Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control issue 1 of 2. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

10CVSS9.5AI score0.04279EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/10/08 12:0 a.m.52 views

CVE-2021-30633

Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...

9.6CVSS2.9AI score0.32657EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2021/09/15 12:0 a.m.52 views

CVE-2021-38648

Open Management Infrastructure Elevation of Privilege Vulnerability Recent assessments: zeroSteiner at October 27, 2021 5:59pm UTC reported: A locally exploitable vulnerability exists within Microsoft’s OMI management server in versions prior to 1.6.8-1 that can allow a local attacker to execute...

7.8CVSS8.3AI score0.11424EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2021/08/24 12:0 a.m.52 views

CVE-2021-30858

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited...

8.8CVSS3.3AI score0.13486EPSS
Exploits0References21
ATTACKERKB
ATTACKERKB
added 2021/07/30 2:15 p.m.52 views

CVE-2021-35479

Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page...

5.4CVSS6.1AI score0.76624EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2021/05/25 12:0 a.m.52 views

CVE-2021-27562

In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Valu...

5.5CVSS6.5AI score0.03093EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/03/11 12:0 a.m.52 views

CVE-2021-27085

Internet Explorer Remote Code Execution Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS8.4AI score0.03708EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/07/10 12:0 a.m.52 views

CVE-2020-8196

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users. Recent assessments:...

6.5CVSS5.2AI score0.88411EPSS
Exploits6References4
ATTACKERKB
ATTACKERKB
added 2020/04/30 12:0 a.m.52 views

CVE-2020-11652

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users. Recent assessments: Assessed Attacker...

9.8CVSS8AI score0.96405EPSS
Exploits25References14
ATTACKERKB
ATTACKERKB
added 2020/04/21 12:0 a.m.52 views

CVE-2020-11963

IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configurati...

9.8CVSS10AI score0.03146EPSS
Exploits3References6
ATTACKERKB
ATTACKERKB
added 2020/02/13 12:0 a.m.52 views

TCP SACK PANIC

A Linux kernel vulnerability in TCP networking could allow DoS CVE-2019-11477 is considered an Important severity, whereas CVE-2019-11478 and CVE-2019-11479 are considered a Moderate severity. The first two are related to the Selective Acknowledgement SACK packets combined with Maximum Segment Si...

7.8CVSS7AI score0.98745EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2019/09/06 12:0 a.m.52 views

Exim Unauthenticated Remote Code Execution via SNI Trailing Backslash

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. If the Exim server accepts TLS connections, the vulnerability is exploitable by sending a SNI ending in a backslash-null sequence during the initial TLS handshake. Recent assessments: mkienow-r7...

10CVSS4.6AI score0.35736EPSS
Exploits3References4
ATTACKERKB
ATTACKERKB
added 2019/08/14 12:0 a.m.52 views

CVE-2019-1169

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. Recent assessments: tekwizz123 at March 20, 2020 4:16pm UTC reported: Wrote up a full analysis of this bug i...

7.8CVSS7.8AI score0.01045EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2019/04/09 12:0 a.m.52 views

CVE-2019-0841

An elevation of privilege vulnerability exists when Windows AppX Deployment Service AppXSVC improperly handles hard links, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836. Recent assessments:...

7.8CVSS7AI score0.414EPSS
Exploits29References11
ATTACKERKB
ATTACKERKB
added 2018/01/03 12:0 a.m.52 views

CVE-2017-1000486

Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS9.1AI score0.94104EPSS
Exploits6References7
ATTACKERKB
ATTACKERKB
added 2016/05/11 12:0 a.m.52 views

CVE-2016-0187

The Microsoft 1 JScript 5.8 and 2 VBScript 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a...

7.6CVSS7.9AI score0.93165EPSS
Exploits10References5
ATTACKERKB
ATTACKERKB
added 2016/05/05 12:0 a.m.52 views

CVE-2016-3718

The 1 HTTP and 2 FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery SSRF attacks via a crafted image. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

10CVSS4.9AI score0.97485EPSS
Exploits11References24
ATTACKERKB
ATTACKERKB
added 2015/02/17 12:0 a.m.52 views

CVE-2015-1427

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...

9.8CVSS9AI score0.99906EPSS
Exploits19References12
ATTACKERKB
ATTACKERKB
added 2012/05/11 12:0 a.m.52 views

CVE-2012-2329 PHP Apache Request Headers

Buffer overflow in the apacherequestheaders function in sapi/cgi/cgimain.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service application crash via a long string in the header of an HTTP request. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC reported: —...

5CVSS3.9AI score0.62649EPSS
Exploits6References1
ATTACKERKB
ATTACKERKB
added 2011/05/13 12:0 a.m.52 views

HP iMC 5.0 TFTP WRQ "Remote Code Execution" Vulnerability

HP Intelligent Management Center contains a flaw related to thetftpserver.exe component allowing the creation or upload of arbitrary files when handling Write Request packets. This may allow a remote attacker to upload arbitrary files which will allow for the execution of arbitrary code as the...

10CVSS0.10567EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2010/04/01 12:0 a.m.52 views

CVE-2010-0840

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from...

9.8CVSS9.7AI score0.96319EPSS
Exploits5References43
ATTACKERKB
ATTACKERKB
added 2026/03/26 12:8 p.m.51 views

CVE-2026-4887

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible...

7.1CVSS6AI score0.00634EPSS
Exploits1References11
ATTACKERKB
ATTACKERKB
added 2024/06/25 12:0 a.m.51 views

CVE-2024-37085

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory AD permissions can gain full access to an ESXi host that was previously configured to use AD for user management...

7.2CVSS7.3AI score0.2677EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/05/15 12:0 a.m.51 views

CVE-2024-4947

Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.6CVSS7.7AI score0.15111EPSS
Exploits2References6
ATTACKERKB
ATTACKERKB
added 2024/05/14 12:0 a.m.51 views

CVE-2024-30040

Windows MSHTML Platform Security Feature Bypass Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS7.3AI score0.03939EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/02/13 12:0 a.m.51 views

CVE-2023-50358

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later...

5.8CVSS8.1AI score0.12769EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/04/19 12:0 a.m.51 views

CVE-2023-2136

Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...

9.6CVSS8AI score0.05786EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2023/03/26 12:0 a.m.51 views

CVE-2023-26801

LB-LINK BL-AC19002.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/setLimitClientcfg. Recent assessments: Assessed Attacker Value: 0 Assessed...

9.8CVSS9.9AI score0.69663EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/11/01 12:0 a.m.51 views

CVE-2022-3723

Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS2.6AI score0.0675EPSS
Exploits1References4
Total number of security vulnerabilities5000