Lucene search
K
AttackerkbMost viewed

74667 matches found

ATTACKERKB
ATTACKERKB
added 2023/10/26 12:0 a.m.45 views

CVE-2023-43208

NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679. Recent assessments: ccondon-r7 at January 27, 2024 7:41pm UTC reported: Knocking down attacker value a bi...

9.8CVSS9.8AI score0.96129EPSS
Exploits22References3
ATTACKERKB
ATTACKERKB
added 2023/10/09 5:15 a.m.45 views

CVE-2023-45363

An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service unbounded loop and RequestTimeoutException when querying pages redirected to other variants with redirects and...

7.5CVSS7.1AI score0.22699EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/09/19 12:0 a.m.45 views

CVE-2023-42793

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible Recent assessments: sfewer-r7 at September 27, 2023 1:47pm UTC reported: Based on the accompanying Rapid7 Analysis, the attacker value for CVE-2023-42793 is very high given the target produ...

9.8CVSS9.6AI score0.99979EPSS
Exploits17References10
ATTACKERKB
ATTACKERKB
added 2022/10/11 12:0 a.m.45 views

CVE-2022-41033

Windows COM+ Event System Service Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS7.7AI score0.01763EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/09/08 12:0 a.m.45 views

CVE-2021-30713

A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.. Recent assessments: Assessed Attacker Value: 0...

7.8CVSS2.7AI score0.0658EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2021/09/08 12:0 a.m.45 views

CVE-2021-30762

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. Recent assessments: gwillcox-r7 a...

8.8CVSS9.6AI score0.10986EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/08/26 12:0 a.m.45 views

SQL Injection - bypass login on B&E Tracker (by: oretnom23 ) v1.0

Description: The B&E Tracker by: oretnom23 v1.0 is vulnerable in the application /expensebudget/classes/Login.php which is called from /expensebudget/dist/js/script.js app. The parameter username from the login form is not protected correctly and there is no security and escaping from malicious...

0.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/08/12 11:15 p.m.45 views

CVE-2021-38603

PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field...

4.8CVSS5.9AI score0.01095EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2021/04/09 12:0 a.m.45 views

CVE-2021-20022

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. Recent assessments: wvu-r7 at September 07, 2021 4:22am UTC reported: Super easy to exploit. See CVE-2021-20021 for the first part of the...

9.8CVSS8.2AI score0.83425EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/11/03 12:0 a.m.45 views

CVE-2020-16010

Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Recent assessments: kreavis-r7 at November 03, 2020 7:10pm UTC reported: Google confirm...

9.6CVSS8.7AI score0.06414EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2020/08/17 12:0 a.m.45 views

CVE-2020-1464

A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent...

7.8CVSS6.6AI score0.41131EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2020/06/01 12:0 a.m.45 views

CVE-2020-5410

Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...

7.5CVSS7.5AI score0.95586EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2020/02/21 12:0 a.m.45 views

CVE-2020-6841

D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. Recent assessments: kevthehermit at February 22, 2020 10:59pm UTC reported: This analysis is a transcript of a public gist –...

10CVSS1.1AI score0.02811EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2019/09/24 12:0 a.m.45 views

CVE-2019-16759

vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS9.1AI score0.99728EPSS
Exploits27References13
ATTACKERKB
ATTACKERKB
added 2018/11/14 12:0 a.m.45 views

CVE-2018-8589

An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka “Windows Win32k Elevation of Privilege Vulnerability.” This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. Recent assessments: gwillcox-r7 at November 22, 2020 3:02am UTC...

7.8CVSS7.5AI score0.03023EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2018/03/27 12:0 a.m.45 views

CVE-2018-6882

Cross-site scripting XSS vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite ZCS before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment. Recent...

6.1CVSS3.7AI score0.23717EPSS
Exploits2References7
ATTACKERKB
ATTACKERKB
added 2017/03/17 12:0 a.m.45 views

CVE-2017-0005

The Graphics Device Interface GDI in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka “Windows GDI...

7.8CVSS7.2AI score0.11022EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/07/01 6:56 p.m.44 views

CVE-2026-55577

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in...

5.9CVSS6AI score0.00226EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/01 6:50 p.m.44 views

CVE-2026-53467

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, the MNG decoder contains a possible heap information disclosure vulnerability because part of the pixels are left unchanged. This issue has been fixed in versio...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.44 views

CVE-2026-28581

In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is a possible way to make an emergency call due to a logic error in the code. This could lead to local with null execution privileges needed. User interaction is null for exploitation...

4CVSS5.9AI score0.00074EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/05/14 12:0 a.m.44 views

CVE-2024-4761

Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS6.7AI score0.11007EPSS
Exploits2References6
ATTACKERKB
ATTACKERKB
added 2024/01/08 12:0 a.m.44 views

CVE-2022-2586

It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS7AI score0.12746EPSS
Exploits7References13
ATTACKERKB
ATTACKERKB
added 2023/11/29 12:0 a.m.44 views

CVE-2023-6345

Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. Chromium security severity: High Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Valu...

9.6CVSS6.9AI score0.1963EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2023/05/24 1:15 p.m.44 views

CVE-2023-33009

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50W firmware versions 4.60 through 5.36 Patch 1, USG20W-VPN firmware versions 4.60 through 5.36 Patch...

9.8CVSS8.4AI score0.28144EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/11/09 12:0 a.m.44 views

CVE-2022-41091

Windows Mark of the Web Security Feature Bypass Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

5.4CVSS2.9AI score0.01986EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2021/11/19 12:0 a.m.44 views

CVE-2021-44026

Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or searchparams. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS8.1AI score0.42751EPSS
Exploits1References10
ATTACKERKB
ATTACKERKB
added 2021/08/24 12:0 a.m.44 views

CVE-2021-30869

A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, Security Update 2021-006 Catalina. A malicious application may be able to execute...

9.3CVSS2.3AI score0.0415EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2021/04/02 12:0 a.m.44 views

CVE-2021-1789

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to...

8.8CVSS8.1AI score0.14542EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2020/11/03 12:0 a.m.44 views

CVE-2020-16009

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: kreavis-r7 at November 03, 2020 7:12pm UTC reported: Google confirmed reports that an exploit for CVE-2020-16009...

8.8CVSS9AI score0.48574EPSS
Exploits3References12
ATTACKERKB
ATTACKERKB
added 2020/07/17 12:0 a.m.44 views

CVE-2020-11978

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending o...

8.8CVSS3.6AI score0.99118EPSS
Exploits9References4
ATTACKERKB
ATTACKERKB
added 2020/05/06 12:0 a.m.44 views

CVE-2020-3187

A vulnerability in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted...

9.1CVSS0.96595EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2020/03/26 12:0 a.m.44 views

CVE-2020-10828

A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS7.3AI score0.20881EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2019/11/12 12:0 a.m.44 views

CVE-2019-1428

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge HTML-based, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1429. Recent assessments: Assessed...

7.6CVSS7.7AI score0.72626EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2019/04/09 12:0 a.m.44 views

CVE-2019-0752

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862. Recent assessments: Assessed Attacker...

7.6CVSS7.8AI score0.81551EPSS
Exploits6References5
ATTACKERKB
ATTACKERKB
added 2018/05/04 12:0 a.m.44 views

CVE-2018-10562

An issue was discovered on Dasan GPON home routers. Command Injection can occur via the desthost parameter in a diagaction=ping request to a GponForm/diagForm URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it’s quite simple to...

9.8CVSS9.9AI score0.99948EPSS
Exploits7References6
ATTACKERKB
ATTACKERKB
added 2018/01/04 12:0 a.m.44 views

CVE-2017-5715

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Recent assessments: pwsh at March 03, 2021 3:34pm UTC reported: I am submitting this...

5.6CVSS1.2AI score0.74041EPSS
Exploits9References121
ATTACKERKB
ATTACKERKB
added 2017/07/17 12:0 a.m.44 views

CVE-2017-6743

The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these...

9CVSS9.1AI score0.1055EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2014/03/25 12:0 a.m.44 views

CVE-2014-1761

Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attacker...

9.3CVSS9.3AI score0.7746EPSS
Exploits10References3
ATTACKERKB
ATTACKERKB
added 2013/07/20 12:0 a.m.44 views

CVE-2013-2251

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted 1 action:, 2 redirect:, or 3 redirectAction: prefix. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS7.5AI score0.99998EPSS
Exploits18References18
ATTACKERKB
ATTACKERKB
added 2026/07/01 6:53 p.m.43 views

CVE-2026-55510

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when identifying an image with a crafted 8BIM profile with a specific format string a use-after-free will occur. This issue has been fixed in versions 6.9.13-51...

5.5CVSS5.7AI score0.00103EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/01 6:16 p.m.43 views

CVE-2026-55628

In versions prior to 7.1.2-26he, the -concatenate operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26...

5.5CVSS5.7AI score0.00098EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/19 9:16 p.m.43 views

CVE-2026-23944

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.13.2, unauthenticated requests could be proxied to remote environment agents, allowing access to remote environment resources without authentication. The environment proxy middleware handled...

9.8CVSS5.6AI score0.00445EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/06/03 12:0 a.m.43 views

CVE-2025-21480

Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.6CVSS7.6AI score0.00435EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/04/03 12:0 a.m.43 views

CVE-2025-22457

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution. Recent assessments: sfewer-r7 at April 10, 2025...

9.8CVSS9.9AI score0.99979EPSS
Exploits8References3
ATTACKERKB
ATTACKERKB
added 2025/02/11 12:0 a.m.43 views

CVE-2025-21391

Windows Storage Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.1CVSS7.4AI score0.02258EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/12/18 12:0 a.m.43 views

CVE-2024-56145

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has registerargcargv enabled. For these users an unspecified remote code execution vector is present...

9.8CVSS8.2AI score0.97446EPSS
Exploits9References3
ATTACKERKB
ATTACKERKB
added 2023/11/21 12:0 a.m.43 views

CVE-2023-49103

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

10CVSS8.4AI score0.78428EPSS
Exploits5References6
ATTACKERKB
ATTACKERKB
added 2023/10/10 12:0 a.m.43 views

CVE-2023-4966

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA virtual server. Recent assessments: rbowes-r7 at October 24, 2023 6:01pm UTC reported: On October 10, 2023, Citrix posted an advisory about a...

9.4CVSS8.6AI score0.99999EPSS
Exploits15References4
ATTACKERKB
ATTACKERKB
added 2023/08/17 8:15 p.m.43 views

CVE-2023-36846

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication an attacker is ab...

5.3CVSS7.1AI score0.94205EPSS
Exploits4References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/08/17 8:15 p.m.43 views

CVE-2023-36847

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an...

5.3CVSS6.4AI score0.84692EPSS
Exploits2References3Affected Software1
Total number of security vulnerabilities5000