Lucene search
K
AttackerkbMost viewed

74760 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/02 5:8 p.m.48 views

CVE-2026-35414

OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters...

4.2CVSS5.8AI score0.00176EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/24 2:13 p.m.48 views

CVE-2026-27654

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names...

8.8CVSS6.1AI score0.21621EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/10/04 2:15 p.m.48 views

CVE-2023-22515

Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access...

10CVSS7.3AI score0.99999EPSS
Exploits48References10Affected Software2
ATTACKERKB
ATTACKERKB
added 2023/09/12 12:0 a.m.48 views

CVE-2023-36802

Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS6.9AI score0.261EPSS
Exploits4References2
ATTACKERKB
ATTACKERKB
added 2023/07/27 12:0 a.m.48 views

CVE-2023-38606

This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to modify sensitive kernel state. Apple is aware of a...

5.5CVSS6.5AI score0.01002EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2023/07/12 12:0 a.m.48 views

CVE-2023-29298

Adobe ColdFusion versions 2018u16 and earlier, 2021u6 and earlier and 2023.0.0.330468 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC...

9.8CVSS8.3AI score0.99761EPSS
Exploits13References3
ATTACKERKB
ATTACKERKB
added 2022/12/05 12:0 a.m.48 views

CVE-2022-46169

Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data...

9.8CVSS10AI score0.99826EPSS
Exploits48References6
ATTACKERKB
ATTACKERKB
added 2022/10/27 12:0 a.m.48 views

CVE-2022-0073

Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS7AI score0.08663EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/09/19 12:0 a.m.48 views

CVE-2022-40139

Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code executio...

7.2CVSS3.9AI score0.03054EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/04/13 12:0 a.m.48 views

CVE-2021-28482

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28481, CVE-2021-28483. Recent assessments: zeroSteiner at June 03, 2021 1:07pm UTC reported: This vulnerability is a deserialization flaw in Exchange’s...

10CVSS1.2AI score0.83337EPSS
Exploits4References2
ATTACKERKB
ATTACKERKB
added 2020/11/24 12:0 a.m.48 views

CVE-2015-9550

An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. By sending a specific hel,xasf packet to the WAN interface, it is possible to open the web management interface on the WAN interface. Recent assessments: Assessed Attacker Value...

7.5CVSS7.3AI score0.01536EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2020/11/24 12:0 a.m.48 views

CVE-2015-9551

An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

10CVSS9.3AI score0.04218EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2020/11/13 12:0 a.m.48 views

CVE-2020-25538

An authenticated attacker can inject malicious code into “lang” parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server. Recent assessments: noraj at May 08, 2021 7:39pm UTC reported: Be careful it...

8.8CVSS3AI score0.09852EPSS
Exploits3References4
ATTACKERKB
ATTACKERKB
added 2020/10/07 12:0 a.m.48 views

CVE-2020-2507

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3. Recent assessments: Assessed Attacker Value: 0...

9.8CVSS4.9AI score0.03042EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/06/15 12:0 a.m.48 views

CVE-2020-0543 CROSSTALK

Incomplete cleanup from specific special register read operations in some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. Recent assessments: busterb at June 15, 2020 8:18pm UTC reported: This continues to bury SGX as an actual...

5.5CVSS0.7AI score0.0054EPSS
Exploits0References31
ATTACKERKB
ATTACKERKB
added 2019/01/08 12:0 a.m.48 views

CVE-2019-0541

A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka “MSHTML Engine Remote Code Execution Vulnerability.” This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer,...

9.3CVSS8AI score0.53202EPSS
Exploits4References5
ATTACKERKB
ATTACKERKB
added 2018/04/11 12:0 a.m.48 views

CVE-2018-1273

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

9.8CVSS9.7AI score0.95649EPSS
Exploits9References4
ATTACKERKB
ATTACKERKB
added 2017/08/11 12:0 a.m.48 views

CVE-2017-6327

The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to t...

8.8CVSS8.9AI score0.35341EPSS
Exploits7References6
ATTACKERKB
ATTACKERKB
added 2017/05/12 12:0 a.m.48 views

CVE-2017-0262

Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka “Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-0261 and CVE-2017-0281. Recent assessments:...

9.3CVSS8.2AI score0.80734EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2017/03/27 12:0 a.m.48 views

CVE-2017-7269

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services IIS 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with “If: http://” in a PROPFIND request, as exploited in the wild ...

10CVSS9.6AI score0.99823EPSS
Exploits39References14
ATTACKERKB
ATTACKERKB
added 2015/12/28 12:0 a.m.48 views

CVE-2015-8651

Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary cod...

9.3CVSS9.3AI score0.67922EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 2015/09/09 12:0 a.m.48 views

CVE-2015-2546

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka “Win32k Memory Corruption...

8.2CVSS8.8AI score0.10929EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2015/08/15 12:0 a.m.48 views

CVE-2015-1642

Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka “Microsoft Office Memory Corruption Vulnerability.” Recent assessments: gwillcox-r7 at November 23, 2020 6:13pm UTC reported: Reported as exploited in the wild as part o...

9.3CVSS1.4AI score0.53213EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2015/04/14 12:0 a.m.48 views

DosDevices Impersonation Process Creation Elevation of Privilege

The fix for CVE-2015-1644 doesn’t take into account process creation scenarios. If a process is created by a system service while impersonating another user their per-user drive mappings will still be used which could lead to EoP. Recent assessments: busterb at May 09, 2019 5:57pm UTC reported: N...

7.2CVSS4.2AI score0.01755EPSS
Exploits4References5
ATTACKERKB
ATTACKERKB
added 2014/10/15 12:0 a.m.48 views

CVE-2014-4123

Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka “Internet Explorer Elevation of Privilege Vulnerability,” as exploited in the wild in October 2014, a different vulnerability than CVE-2014-4124. Recent assessments: gwillcox-r7 at...

8.8CVSS6.4AI score0.40289EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2014/09/25 12:0 a.m.48 views

CVE-2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...

10CVSS9.6AI score0.99999EPSS
Exploits141References199
ATTACKERKB
ATTACKERKB
added 2009/07/23 12:0 a.m.48 views

CVE-2009-1862

Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via 1 a crafted Flash application in a .pdf file or 2...

9.3CVSS5.6AI score0.25006EPSS
Exploits5References21
ATTACKERKB
ATTACKERKB
added 2024/12/12 12:0 a.m.47 views

CVE-2024-49138

Windows Common Log File System Driver Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS6.8AI score0.25414EPSS
Exploits4References2
ATTACKERKB
ATTACKERKB
added 2024/05/14 12:0 a.m.47 views

CVE-2024-3808

The Porto Theme – Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the ‘portoportfolios’ shortcode ‘portfoliolayout’ attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions,...

8.8CVSS7.6AI score0.01002EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/10/10 12:0 a.m.47 views

CVE-2023-36584

Windows Mark of the Web Security Feature Bypass Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

5.4CVSS6.9AI score0.03055EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/09/11 12:0 a.m.47 views

CVE-2023-39780

On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /startapply.htm qosbwrulelist parameter. NOTE: for the similar “token-generated module” issue, see CVE-2023-41345; for the similar “token-refresh module” issue, see CVE-2023-41346; for the...

8.8CVSS7.8AI score0.33641EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2022/11/25 12:0 a.m.47 views

CVE-2022-4135

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High Recent assessments: Assessed Attacker Value: 0 Assessed Attacke...

9.6CVSS2.6AI score0.31864EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/03/14 12:0 a.m.47 views

CVE-2021-25003

The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE Recent assessments: piotrosip at November 18, 2022 10:22am UTC reported: Assessed Attacker Value: 3 Assessed Attacker...

9.8CVSS9.6AI score0.56148EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2021/12/22 12:0 a.m.47 views

CVE-2021-21881

An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Recent...

9.9CVSS1.7AI score0.37064EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2021/11/29 12:0 a.m.48 views

CVE-2021-44077

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration. Recent assessments:...

9.8CVSS9.8AI score0.93514EPSS
Exploits6References6
ATTACKERKB
ATTACKERKB
added 2021/09/08 12:0 a.m.47 views

CVE-2021-30665

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that...

8.8CVSS2.9AI score0.03692EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2021/08/24 12:0 a.m.47 views

CVE-2021-30900

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1. A malicious application may be able to execute arbitrary code with kernel privileges. Recent assessments: Assessed Attacker Value: 0 Assessed...

9.3CVSS7.2AI score0.05204EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2021/07/29 12:0 a.m.47 views

CVE-2021-36742

A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute...

7.8CVSS8.1AI score0.01482EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2021/04/02 12:0 a.m.47 views

CVE-2021-1870

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this...

9.8CVSS3.2AI score0.07921EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2021/03/11 12:0 a.m.47 views

CVE-2021-26899

Windows UPnP Device Host Elevation of Privilege Vulnerability Recent assessments: Toffee2apple at December 11, 2023 5:36am UTC reported: Assessed Attacker Value: 4 Assessed Attacker Value: 4Assessed Attacker Value: 0...

7.8CVSS6.9AI score0.0086EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/05/04 12:0 a.m.47 views

CVE-2020-12641

rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS7.9AI score0.84456EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2020/02/13 12:0 a.m.47 views

CVE-2020-7209

LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS3.7AI score0.98846EPSS
Exploits10References4
ATTACKERKB
ATTACKERKB
added 2020/02/05 12:0 a.m.47 views

CVE-2020-3111 (AKA: CDPwn)

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discove...

8.8CVSS1.9AI score0.03095EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2019/08/08 12:0 a.m.47 views

CVE-2019-19585

An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an “rConfig specific Apache configuration” update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions...

7.8CVSS1.6AI score0.05668EPSS
Exploits9References4
ATTACKERKB
ATTACKERKB
added 2018/10/30 12:0 a.m.47 views

CVE-2018-14558

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44CNAC7, AC9 devices with firmware through V15.03.05.196318CNAC9, and AC10 devices with firmware through V15.03.06.23CNAC10. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a craft...

10CVSS9.8AI score0.08672EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2018/03/28 12:0 a.m.47 views

CVE-2018-0173

A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 DHCPv4 packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a Relay Reply denial of service DoS...

8.6CVSS2.9AI score0.07758EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2016/05/11 12:0 a.m.47 views

CVE-2016-4117

Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

10CVSS9.2AI score0.94354EPSS
Exploits6References13
ATTACKERKB
ATTACKERKB
added 2013/09/18 12:0 a.m.47 views

Microsoft Internet Explorer SetMouseCapture Use-After-Free

Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help. URL that triggers loading of hxds.dll. Recent...

9.3CVSS1.2AI score0.8593EPSS
Exploits18References16
ATTACKERKB
ATTACKERKB
added 2011/10/19 12:0 a.m.47 views

CVE-2011-3544

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to...

10CVSS4.4AI score0.96714EPSS
Exploits13References20
ATTACKERKB
ATTACKERKB
added 2010/12/14 12:0 a.m.47 views

CVE-2010-4344

Heap-based buffer overflow in the stringvformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging...

9.8CVSS6.8AI score0.71901EPSS
Exploits6References38
Total number of security vulnerabilities5000