Lucene search
K
AttackerkbMost viewed

74584 matches found

ATTACKERKB
ATTACKERKB
added 2021/04/02 12:0 a.m.51 views

CVE-2021-1871

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this...

9.8CVSS3.2AI score0.0712EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2021/03/11 12:0 a.m.51 views

CVE-2021-26897

Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895. Recent assessments: architect00 at April 14, 2021 6:08am UTC reported: Vulnerability Overview 0patch released a blog article about their micro patch...

10CVSS1.1AI score0.19274EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/12/30 12:0 a.m.51 views

CVE-2020-35847

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function. Recent assessments: h00die at May 31, 2021 12:11pm UTC reported: Similar to CVE-2020-35846, this is a noSQL injection using the vardump function to dump all memory for the password reset...

9.8CVSS1.8AI score0.98294EPSS
Exploits12References7
ATTACKERKB
ATTACKERKB
added 2020/10/28 12:0 a.m.51 views

CVE-2020-8260

A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.2CVSS7.2AI score0.9648EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2020/10/16 12:0 a.m.51 views

CVE-2020-14144

DISPUTED The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLEGITHOO...

7.2CVSS1.7AI score0.95432EPSS
Exploits12References7
ATTACKERKB
ATTACKERKB
added 2020/02/11 12:0 a.m.51 views

CVE-2020-0767

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713. Rece...

7.6CVSS8AI score0.86863EPSS
Exploits17References2
ATTACKERKB
ATTACKERKB
added 2018/05/09 12:0 a.m.51 views

CVE-2018-8164

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1,...

7.8CVSS6.7AI score0.73721EPSS
Exploits18References3
ATTACKERKB
ATTACKERKB
added 2016/08/25 12:0 a.m.51 views

CVE-2016-4655

The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app. Recent assessments: gwillcox-r7 at November 22, 2020 3:18am UTC reported: Reported as exploited in the wild as part of Google’s 2020 0day vulnerability spreadsheet they made...

7.1CVSS5.2AI score0.33353EPSS
Exploits7References10
ATTACKERKB
ATTACKERKB
added 2014/05/14 12:0 a.m.51 views

CVE-2014-1812

The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly handle distribution of passwords, which allows remote authenticated users to obtain sensitive credential...

9CVSS8.6AI score0.65117EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 5 days ago50 views

CVE-2026-57031

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters. On MX Series devices with MPC10/11, LC4800/9600, and MX304 with subscribers...

5.3CVSS6AI score0.00238EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 1:56 p.m.50 views

CVE-2026-4480

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...

9.8CVSS6.4AI score0.12797EPSS
Exploits9References16
ATTACKERKB
ATTACKERKB
added 2023/12/05 12:0 a.m.50 views

CVE-2023-33107

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.4CVSS7.5AI score0.00892EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/11/30 12:0 a.m.50 views

CVE-2023-42916

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versio...

6.5CVSS5.7AI score0.17823EPSS
Exploits0References19
ATTACKERKB
ATTACKERKB
added 2023/10/31 12:0 a.m.50 views

CVE-2023-22518

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perfo...

10CVSS9.6AI score0.99999EPSS
Exploits14References9
ATTACKERKB
ATTACKERKB
added 2023/02/06 12:0 a.m.50 views

CVE-2023-0669

Fortra formerly, HelpSystems GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2. Recent assessments: rbowes-r7 at February 06, 2023...

7.2CVSS7.3AI score0.99999EPSS
Exploits12References11
ATTACKERKB
ATTACKERKB
added 2022/10/27 12:0 a.m.50 views

CVE-2022-0074

Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Valu...

8.8CVSS6.9AI score0.01154EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2021/07/29 12:0 a.m.50 views

CVE-2021-36741

An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the...

8.8CVSS8.6AI score0.04951EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2021/03/11 12:0 a.m.50 views

CVE-2021-27059

Microsoft Office Remote Code Execution Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.5CVSS7.7AI score0.03182EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/07/31 12:0 a.m.50 views

CVE-2020-14500

The discovered bug occurs due to improper handling of some of the HTTP request headers provided by the client. This could allow an attacker to remotely exploit GateManager to achieve remote code execution without any authentication required. If carried out successfully, such an attack could resul...

10CVSS1AI score0.01666EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/04/24 12:0 a.m.50 views

CVE-2020-6820

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird 68.7.0, Firefox 74.0.1, and Firefox ESR 68.6.1. Recent assessments: gwillcox-r7 at November...

8.1CVSS7.8AI score0.06305EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2020/04/22 12:0 a.m.50 views

CVE-2020-10915 Preauth RCE in VEEAM One Agent

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HandshakeResult method. The issue results from the lack of proper...

9.8CVSS0.3AI score0.86619EPSS
Exploits4References4
ATTACKERKB
ATTACKERKB
added 2019/04/09 12:0 a.m.50 views

CVE-2019-0685

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0803, CVE-2019-0859. Recent assessments: Assessed Attacker Value: 0 Assessed...

7.8CVSS8.4AI score0.4523EPSS
Exploits28References2
ATTACKERKB
ATTACKERKB
added 2018/03/28 12:0 a.m.50 views

CVE-2018-0174

A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability exists because the affected...

8.6CVSS3.5AI score0.07758EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2017/09/21 12:0 a.m.50 views

CVE-2015-1187

The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the pingaddr parameter to ping.ccp. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

10CVSS9.6AI score0.82863EPSS
Exploits8References7
ATTACKERKB
ATTACKERKB
added 5 days ago49 views

CVE-2026-33799

An Out-of-bounds Write vulnerability in the SNMP daemon snmpd of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated network-based attacker sending specific valid SNMPv3 queries to trigger a memory leak. Over time, continuous receipt of these queries will result in snmpd proces...

5.3CVSS6AI score0.0036EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2023/11/30 12:0 a.m.49 views

CVE-2023-42917

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against...

8.8CVSS7.4AI score0.0937EPSS
Exploits0References19
ATTACKERKB
ATTACKERKB
added 2023/10/10 12:0 a.m.49 views

CVE-2023-41763

Skype for Business Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

5.3CVSS7AI score0.90353EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/11/01 12:0 a.m.49 views

CVE-2022-42827

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively...

7.8CVSS3.1AI score0.01136EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/02/09 11:15 p.m.49 views

CVE-2022-22536

SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the...

10CVSS7.7AI score0.97945EPSS
Exploits8References4Affected Software3
ATTACKERKB
ATTACKERKB
added 2021/11/10 12:0 a.m.49 views

CVE-2021-42278

Active Directory Domain Services Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.5CVSS8AI score0.70207EPSS
Exploits9References2
ATTACKERKB
ATTACKERKB
added 2021/10/13 12:0 a.m.49 views

CVE-2021-40450

Win32k Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS7.5AI score0.01968EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/10/08 12:0 a.m.49 views

CVE-2021-37973

Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.6CVSS2.7AI score0.11735EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2021/10/08 12:0 a.m.49 views

CVE-2021-30632

Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS2.5AI score0.64546EPSS
Exploits3References8
ATTACKERKB
ATTACKERKB
added 2021/04/20 12:0 a.m.49 views

CVE-2021-20023

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

4.9CVSS5.2AI score0.51407EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/03/01 12:0 a.m.49 views

CVE-2021-27877

An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn’t yet been disabled. An attacker could remotely exploit this schem...

9.8CVSS9.2AI score0.6491EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2020/02/07 12:0 a.m.49 views

CVE-2019-19356

Netis WF2419 is vulnerable to authenticated Remote Code Execution RCE as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the...

8.5CVSS8.1AI score0.27962EPSS
Exploits6References4
ATTACKERKB
ATTACKERKB
added 2020/01/29 12:0 a.m.49 views

CVE-2019-18634

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist on...

9CVSS0.3AI score0.63917EPSS
Exploits21References27
ATTACKERKB
ATTACKERKB
added 2019/11/12 12:0 a.m.49 views

CVE-2019-1415

An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka ‘Windows Installer Elevation of Privilege...

7.8CVSS7.2AI score0.01214EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2019/06/04 12:0 a.m.49 views

CVE-2018-13382

An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via...

9.1CVSS8.2AI score0.81691EPSS
Exploits2References8
ATTACKERKB
ATTACKERKB
added 2019/05/02 12:0 a.m.49 views

CVE-2017-18368

The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40ULM.0b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited...

10CVSS9.6AI score0.94508EPSS
Exploits2References7
ATTACKERKB
ATTACKERKB
added 2019/03/26 12:0 a.m.49 views

CVE-2019-10068

An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to...

9.8CVSS4.8AI score0.96031EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2019/01/24 12:0 a.m.49 views

CVE-2019-1652

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper...

9CVSS7.8AI score0.95923EPSS
Exploits11References11
ATTACKERKB
ATTACKERKB
added 2018/07/09 12:0 a.m.49 views

GIGABYTE BRIX UEFI firmware is not cryptographically signed

GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected. Recent assessments: Assessed Attacker Valu...

10CVSS1.2AI score0.01597EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2017/12/12 12:0 a.m.49 views

CVE-2017-17562

Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc...

8.1CVSS1.4AI score0.96327EPSS
Exploits15References12
ATTACKERKB
ATTACKERKB
added 2016/08/18 12:0 a.m.49 views

CVE-2016-6367

Cisco Adaptive Security Appliance ASA Software before 8.41 on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA. Recent assessments: gwillcox-r7 at November 22, 2020 3:17am UTC reported: Reported as...

7.8CVSS7.7AI score0.22583EPSS
Exploits2References8
ATTACKERKB
ATTACKERKB
added 2015/04/14 12:0 a.m.49 views

CVE-2015-3043

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, as exploited in the wild in April 2015, a different...

10CVSS3.6AI score0.7983EPSS
Exploits7References11
ATTACKERKB
ATTACKERKB
added 2013/05/24 12:0 a.m.49 views

CVE-2013-3660

The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next...

7.8CVSS7.6AI score0.39578EPSS
Exploits6References19
ATTACKERKB
ATTACKERKB
added 2009/03/26 12:0 a.m.49 views

CVE-2009-1151

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attack...

9.8CVSS6.1AI score0.95438EPSS
Exploits16References19
ATTACKERKB
ATTACKERKB
added last week48 views

CVE-2026-28378

The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard's identifiers...

3.1CVSS5.9AI score0.00136EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/07/01 5:10 p.m.48 views

CVE-2026-5051

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17...

4.4CVSS5.8AI score0.00278EPSS
Exploits0References2Affected Software2
Total number of security vulnerabilities5000