Lucene search
K
AttackerkbMost viewed

74667 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/01 7:0 p.m.46 views

CVE-2026-55595

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when providing invalid arguments to the connected-components option an infinite loop will occur. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26...

4.7CVSS5.8AI score0.0009EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:21 p.m.46 views

CVE-2026-56149

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the...

4.9CVSS5.8AI score0.00324EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/06/03 12:0 a.m.46 views

CVE-2025-27038

Memory corruption while rendering graphics using Adreno GPU drivers in Chrome. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.5CVSS7.5AI score0.00831EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/02/11 12:0 a.m.46 views

CVE-2025-21418

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS8AI score0.01537EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/09/17 12:0 a.m.46 views

CVE-2024-38813

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...

9.8CVSS7.4AI score0.16676EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/07/09 12:0 a.m.46 views

CVE-2024-38112

Windows MSHTML Platform Spoofing Vulnerability Recent assessments: remmons-r7 at July 19, 2024 2:51pm UTC reported: Trend Micro reported this vulnerability to Microsoft after observing Void Banshee APT exploitation in the wild; the zero-day attack hinged on the premise that MHTML links would...

7.5CVSS8.2AI score0.84345EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/06/13 12:0 a.m.46 views

CVE-2024-32896

there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

8.1CVSS7.2AI score0.0301EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/04/05 12:0 a.m.46 views

CVE-2024-29745

there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

5.5CVSS6.5AI score0.00482EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/09/21 12:0 a.m.46 views

CVE-2023-41991

A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Recen...

5.5CVSS6.3AI score0.04547EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 2023/06/23 12:0 a.m.46 views

CVE-2023-28204

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that th...

6.5CVSS6.5AI score0.14292EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2023/06/23 12:0 a.m.46 views

CVE-2023-32434

An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with...

7.8CVSS8AI score0.51517EPSS
Exploits3References17
ATTACKERKB
ATTACKERKB
added 2023/06/05 12:0 a.m.46 views

CVE-2023-3079

Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High Recent assessments: cbeek-r7 at July 26, 2024 7:43pm UTC reported: A July 2024 bulletin from multiple U.S...

8.8CVSS8.8AI score0.32724EPSS
Exploits2References11
ATTACKERKB
ATTACKERKB
added 2023/02/17 12:0 a.m.46 views

CVE-2022-47986

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. T...

9.8CVSS8.4AI score0.99968EPSS
Exploits5References6
ATTACKERKB
ATTACKERKB
added 2023/01/11 12:0 a.m.46 views

CVE-2022-4874

Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL .css, .png etc. If it exists, it performs a “fake logi...

7.5CVSS7.8AI score0.11009EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/12/13 12:0 a.m.46 views

CVE-2022-44698

Windows SmartScreen Security Feature Bypass Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

5.4CVSS2.8AI score0.76106EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/04/18 12:0 a.m.46 views

CVE-2022-28810

Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with...

7.1CVSS3.7AI score0.70501EPSS
Exploits4References6
ATTACKERKB
ATTACKERKB
added 2021/09/08 12:0 a.m.46 views

CVE-2021-30666

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. Recent assessments: Assessed...

8.8CVSS3.4AI score0.03031EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/03/09 12:0 a.m.46 views

CVE-2021-21300

Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive...

8CVSS7.4AI score0.88644EPSS
Exploits5References14
ATTACKERKB
ATTACKERKB
added 2021/03/01 12:0 a.m.46 views

CVE-2021-27878

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to ga...

9CVSS9.7AI score0.23952EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2020/12/24 12:0 a.m.46 views

CVE-2020-28188

Remote Command Execution RCE vulnerability in TerraMaster TOS = 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter. Recent assessments: gwillcox-r7 at January 21, 2021 3:28am UTC reported: Noted as exploited in the wild by CheckPoint...

10CVSS10AI score0.96598EPSS
Exploits3References5
ATTACKERKB
ATTACKERKB
added 2020/10/07 12:0 a.m.46 views

CVE-2020-2506

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk...

9.8CVSS3.8AI score0.01982EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/06/17 12:0 a.m.46 views

CVE-2020-11899

The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

5.4CVSS2AI score0.18564EPSS
Exploits1References15
ATTACKERKB
ATTACKERKB
added 2020/06/09 12:0 a.m.46 views

CVE-2020-13160

AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution. Recent assessments: zeroSteiner at June 17, 2020 7:54pm UTC reported: The AnyDesk GUI is vulnerable to a remotely exploitable format string vulnerability. By sending a...

9.8CVSS1.3AI score0.80551EPSS
Exploits8References6
ATTACKERKB
ATTACKERKB
added 2020/06/04 12:0 a.m.46 views

CVE-2020-10548

rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes’ passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. Recent assessments: theguly at June 04, 202...

9.8CVSS4.1AI score0.99683EPSS
Exploits15References3
ATTACKERKB
ATTACKERKB
added 2020/02/10 12:0 a.m.46 views

CVE-2019-17060

The Bluetooth Low Energy BLE stack implementation on the NXP KW41Z based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID LLID equal to...

6.5CVSS7AI score0.00881EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2019/11/12 12:0 a.m.46 views

CVE-2019-1388

An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka ‘Windows Certificate Dialog Elevation of Privilege Vulnerability’. Recent assessments: dabdine-r7 at November 20, 2019 6:03pm UTC reported: Given the video showi...

7.8CVSS8.6AI score0.08589EPSS
Exploits7References4
ATTACKERKB
ATTACKERKB
added 2019/07/09 12:0 a.m.46 views

Zoom Client Information Disclosure (Webcam) CVE-2019-13450

In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active. This occurs because any web site can interact with the Zoom web server on localhost port 19421 or 19424. NOTE: a machine remains vulnerab...

6.5CVSS7.2AI score0.03523EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2019/06/03 12:0 a.m.46 views

CVE-2019-11580

Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits...

9.8CVSS9.7AI score0.95355EPSS
Exploits6References4
ATTACKERKB
ATTACKERKB
added 2019/04/09 12:0 a.m.46 views

CVE-2019-0841: AppXSvc Hard Link Privilege Escalation

An elevation of privilege vulnerability exists when Windows AppX Deployment Service AppXSVC improperly handles hard links, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836. Recent assessments:...

7.8CVSS7.3AI score0.414EPSS
Exploits31References10
ATTACKERKB
ATTACKERKB
added 2019/03/27 12:0 a.m.46 views

Ruby on Rails 5.2 "DoubleTap" Directory Traversal

Ruby on Rails 5.2.2 and prior are vulnerable to a directory traversal attack due to the way the HTTP ACCEPT header is parsed, which ends up being a template for Rails to render. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC reported: Background Ruby on Rails is a server-side web...

7.5CVSS0.3AI score0.98507EPSS
Exploits18References6
ATTACKERKB
ATTACKERKB
added 2019/03/05 12:0 a.m.46 views

CVE-2019-0594

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0604. Recent assessments: Assessed Attacker Value:...

9.8CVSS9.6AI score0.99913EPSS
Exploits29References3
ATTACKERKB
ATTACKERKB
added 2019/01/24 12:0 a.m.46 views

CVE-2019-1653

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit th...

7.5CVSS7AI score0.99876EPSS
Exploits19References22
ATTACKERKB
ATTACKERKB
added 2018/12/21 12:0 a.m.46 views

CVE-2018-19320

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system. Recent...

7.8CVSS2.9AI score0.03597EPSS
Exploits4References6
ATTACKERKB
ATTACKERKB
added 2017/07/17 12:0 a.m.46 views

CVE-2017-6744

The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these...

9CVSS9.1AI score0.07158EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2017/04/27 12:0 a.m.46 views

CVE-2017-3066

Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. Successful exploitation could lead to arbitrary code execution. Recent assessments: Assessed Attacker Value...

10CVSS9.1AI score0.90597EPSS
Exploits6References6
ATTACKERKB
ATTACKERKB
added 2017/03/17 12:0 a.m.46 views

CVE-2017-3881

A vulnerability in the Cisco Cluster Management Protocol CMP processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes...

10CVSS3.4AI score0.98975EPSS
Exploits12References9
ATTACKERKB
ATTACKERKB
added 2017/03/17 12:0 a.m.46 views

CVE-2017-0149

Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” This vulnerability is different from those described in CVE-2017-0018 and...

8.8CVSS6.7AI score0.80386EPSS
Exploits9References4
ATTACKERKB
ATTACKERKB
added 2016/10/14 12:0 a.m.46 views

CVE-2016-3393

Graphics Device Interface aka GDI or GDI+ in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web site,...

9.3CVSS7.9AI score0.68684EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2016/08/25 12:0 a.m.46 views

CVE-2016-4656

The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.3CVSS8.3AI score0.23626EPSS
Exploits6References9
ATTACKERKB
ATTACKERKB
added 2016/06/01 12:0 a.m.46 views

CVE-2016-3088

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS6.6AI score0.98518EPSS
Exploits19References15
ATTACKERKB
ATTACKERKB
added 2015/09/09 12:0 a.m.46 views

CVE-2015-2545

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka “Microsoft Office Malformed EPS File Vulnerability.” Recent assessments: gwillcox-r7 at November 23, 2020 6:16pm UTC reported: Reported as exploited in the...

9.3CVSS7.1AI score0.86053EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2015/07/20 12:0 a.m.46 views

CVE-2015-2426

Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a...

9.3CVSS1.6AI score0.8669EPSS
Exploits6References7
ATTACKERKB
ATTACKERKB
added 2015/02/02 12:0 a.m.46 views

CVE-2015-0313

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different...

10CVSS9.1AI score0.95683EPSS
Exploits9References17
ATTACKERKB
ATTACKERKB
added 2014/10/15 12:0 a.m.46 views

CVE-2014-4148

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted...

9.3CVSS7.5AI score0.50703EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2013/01/09 12:0 a.m.46 views

CVE-2013-0631

Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.5CVSS4.8AI score0.65867EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2012/10/16 12:0 a.m.46 views

CVE-2012-3152

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous information is from the Octob...

9.1CVSS9.1AI score0.98695EPSS
Exploits11References14
ATTACKERKB
ATTACKERKB
added 2010/04/28 12:0 a.m.46 views

CVE-2010-1428

The Web Console aka web-console in JBossAs in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an...

7.5CVSS2.9AI score0.62308EPSS
Exploits4References13
ATTACKERKB
ATTACKERKB
added 2003/12/15 5:0 a.m.46 views

CVE-2003-0090

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2000-0844. Reason: This candidate is a duplicate of CVE-2000-0844. Notes: All CVE users should reference CVE-2000-0844 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

10CVSS5.3AI score0.15349EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2024/08/13 12:0 a.m.45 views

CVE-2024-38193

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS7AI score0.27561EPSS
Exploits4References2
ATTACKERKB
ATTACKERKB
added 2024/02/15 12:0 a.m.45 views

CVE-2024-23113

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3,...

9.8CVSS7.4AI score0.61725EPSS
Exploits8References3
Total number of security vulnerabilities5000