Lucene search
K
AttackerkbMost viewed

74766 matches found

ATTACKERKB
ATTACKERKB
added 2023/08/15 12:0 a.m.43 views

CVE-2023-35082

An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier. Recent assessments: sfewer-r7 at...

10CVSS9.8AI score0.99999EPSS
Exploits14References3
ATTACKERKB
ATTACKERKB
added 2023/05/24 12:0 a.m.43 views

CVE-2023-33246

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...

9.8CVSS9.9AI score0.96604EPSS
Exploits11References7
ATTACKERKB
ATTACKERKB
added 2023/05/09 12:0 a.m.43 views

CVE-2023-29336

Win32k Elevation of Privilege Vulnerability Recent assessments: gwillcox-r7 at May 31, 2023 9:15pm UTC reported: Doing a patch diff between a Windows 10 1607 x86 version of win32kfull.sys prior to the patch and after the patch shows that only one function changed: xxxEnableMenuItem. Looking at th...

7.8CVSS8.6AI score0.40919EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2023/04/10 12:0 a.m.43 views

CVE-2023-28206

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1, iOS 15.7.5 and iPadOS 15.7.5, macOS Big Sur 11.7.6. An app may be able to execute arbitrary code with kernel privileges. App...

8.6CVSS8.1AI score0.24513EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2023/03/06 12:0 a.m.43 views

CVE-2019-8720

A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

8.8CVSS3.1AI score0.01543EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/01/11 12:0 a.m.43 views

CVE-2022-4873

On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location. Recent assessments: Assessed...

9.8CVSS4.5AI score0.0717EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/12/02 12:0 a.m.43 views

CVE-2022-4262

Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS2.6AI score0.16109EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2022/04/01 12:0 a.m.43 views

CVE-2022-22963

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. Recent assessments:...

9.8CVSS9.5AI score0.99939EPSS
Exploits36References7
ATTACKERKB
ATTACKERKB
added 2021/09/15 12:0 a.m.43 views

CVE-2021-33044

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. Recent assessments: cbeek-r7 at September 06, 2024 6:03pm UTC reported: On September 5th 2024, CISA...

10CVSS9.6AI score0.99871EPSS
Exploits13References4
ATTACKERKB
ATTACKERKB
added 2021/09/08 12:0 a.m.43 views

CVE-2021-30661

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report...

8.8CVSS3AI score0.04528EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2021/09/08 12:0 a.m.43 views

CVE-2021-30663

An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Recent assessments: Assessed Attacker...

8.8CVSS3.8AI score0.0369EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2021/05/10 12:0 a.m.43 views

CVE-2021-28664

The Arm Mali GPU kernel driver allows privilege escalation or a denial of service memory corruption because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r8p0 throu...

9CVSS5.6AI score0.05464EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2021/02/09 12:0 a.m.43 views

CVE-2020-14343

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...

10CVSS1.2AI score0.05984EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2020/11/11 12:0 a.m.43 views

CVE-2020-17091

Microsoft Teams Remote Code Execution Vulnerability Recent assessments: jheysel-r7 at December 22, 2020 8:33pm UTC reported: Reasoning for low attacker value: The web app is always up to date. The desktop client updates itself automatically. Teams checks for updates every few hours behind the...

7.8CVSS2AI score0.01831EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/10/09 12:0 a.m.43 views

CVE-2020-26919

NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS9AI score0.57195EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/09/04 12:0 a.m.43 views

CVE-2020-3495

Cisco Jabber is vulnerable to Cross Site Scripting XSS through XHTML-IM messages. The application does not properly sanitize incoming HTML messages and instead passes them through a flawed XSS filter. Recent assessments: wvu-r7 at September 03, 2020 7:38pm UTC reported: This XSS combined with...

9.9CVSS2.1AI score0.62119EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/06/09 12:0 a.m.43 views

CVE-2020-1247

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1207, CVE-2020-1251, CVE-2020-1253, CVE-2020-1310. Recent assessments:...

7.8CVSS1.5AI score0.01155EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2020/06/09 12:0 a.m.43 views

CVE-2020-1295 Microsoft SharePoint Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft SharePoint. An attacker who successfully exploited this vulnerability could attempt to impersonate another user of the SharePoint server. To exploit this vulnerability, an authenticated attacker would send a specially crafted request to ...

8.8CVSS7.7AI score0.02957EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/05/08 12:0 a.m.43 views

CVE-2020-5741

Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. Recent assessments: zeroSteiner at November 11, 2020 6:24pm UTC reported: A vulnerability exists within Plex that allows an authenticated attacker to submit...

7.2CVSS3.9AI score0.7275EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2020/04/08 12:0 a.m.43 views

CVE-2020-5735

Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value:...

8.8CVSS9AI score0.35643EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2020/02/20 12:0 a.m.43 views

CVE-2020-3153

A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths...

7.8CVSS7.4AI score0.28307EPSS
Exploits16References6
ATTACKERKB
ATTACKERKB
added 2020/02/11 12:0 a.m.43 views

CVE-2020-0686

An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka ‘Windows Installer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0683. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assess...

7.8CVSS8.1AI score0.07667EPSS
Exploits5References2
ATTACKERKB
ATTACKERKB
added 2019/12/17 12:0 a.m.43 views

CVE-2019-7481

Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100 version 9.0.0.3 and earlier. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.5CVSS5.3AI score0.99906EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2019/10/10 12:0 a.m.43 views

CVE-2019-1322

An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka ‘Microsoft Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340. Recent assessments: goodlandsecurity at March 25, 2020 3:59pm UTC reported...

7.8CVSS7.8AI score0.19205EPSS
Exploits25References3
ATTACKERKB
ATTACKERKB
added 2019/09/23 12:0 a.m.43 views

CVE-2019-1367

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1221. Recent assessments: gwillcox-r7 at November 22, 2020 2:47am UTC...

7.6CVSS8.3AI score0.52729EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2019/09/11 12:0 a.m.43 views

CVE-2019-1215

An elevation of privilege vulnerability exists in the way that ws2ifsl.sys Winsock handles objects in memory, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303. Recent assessments: Assessed Attacker Value: 0 Assessed Attacke...

7.8CVSS8.3AI score0.19254EPSS
Exploits7References2
ATTACKERKB
ATTACKERKB
added 2019/07/03 12:0 a.m.43 views

CVE-2018-18325

DNN aka DotNetNuke 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.5CVSS7.5AI score0.74048EPSS
Exploits5References4
ATTACKERKB
ATTACKERKB
added 2019/06/12 12:0 a.m.43 views

CVE-2019-1069

An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would require unprivileged...

7.8CVSS7.9AI score0.06117EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2019/04/01 12:0 a.m.43 views

kubectl cp path traversal

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could r...

8.1CVSS0.2AI score0.13164EPSS
Exploits2References11
ATTACKERKB
ATTACKERKB
added 2019/02/06 12:0 a.m.43 views

CVE-2019-7548

SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled. Recent assessments: kevthehermit at April 23, 2020 8:30pm UTC reported: SQLAlchemy is one of the most popular ORMs for Python / SQL Database interaction. It is heavily used in python web applications with frameworks...

7.8CVSS1.3AI score0.01777EPSS
Exploits1References10
ATTACKERKB
ATTACKERKB
added 2017/08/23 12:0 a.m.43 views

CVE-2017-11357

Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...

9.8CVSS6.5AI score0.75709EPSS
Exploits5References4
ATTACKERKB
ATTACKERKB
added 2016/11/10 12:0 a.m.43 views

CVE-2016-7200

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-7201, CVE-2016-7202,...

8.8CVSS8AI score0.8249EPSS
Exploits13References10
ATTACKERKB
ATTACKERKB
added 2016/08/25 12:0 a.m.43 views

CVE-2016-4657

WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site. Recent assessments: gwillcox-r7 at November 22, 2020 3:19am UTC reported: Reported as exploited in the wild as part of Google’s 2020 0day...

8.8CVSS8.3AI score0.66788EPSS
Exploits9References8
ATTACKERKB
ATTACKERKB
added 2015/07/14 12:0 a.m.43 views

CVE-2015-2387

ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted...

7.8CVSS6.1AI score0.3512EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2013/06/18 12:0 a.m.43 views

CVE-2013-2465

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...

10CVSS7AI score0.98704EPSS
Exploits10References34
ATTACKERKB
ATTACKERKB
added 2012/01/08 12:0 a.m.43 views

CVE-2012-0391

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter. Recent assessments:...

9.8CVSS5.4AI score0.75071EPSS
Exploits11References9
ATTACKERKB
ATTACKERKB
added 2010/08/05 12:0 a.m.43 views

CVE-2010-1871

JBoss Seam 2 jboss-seam2, as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language EL expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when th...

8.8CVSS8.9AI score0.83397EPSS
Exploits8References10
ATTACKERKB
ATTACKERKB
added 2009/12/15 12:0 a.m.43 views

CVE-2009-4324

Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild...

9.3CVSS7.3AI score0.81933EPSS
Exploits21References23
ATTACKERKB
ATTACKERKB
added 2024/04/24 12:0 a.m.42 views

CVE-2024-20359

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code...

6CVSS7.2AI score0.19434EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2024/02/13 12:0 a.m.42 views

CVE-2024-21351

Windows SmartScreen Security Feature Bypass Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.6CVSS6.9AI score0.30344EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/01/23 12:0 a.m.42 views

CVE-2024-23222

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited. Recent...

8.8CVSS8.7AI score0.10593EPSS
Exploits6References28
ATTACKERKB
ATTACKERKB
added 2024/01/12 12:0 a.m.42 views

CVE-2023-46805

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. Recent assessments: cbeek-r7 at January 11, 2024 10:43am UTC reported: CVE-2023-46805 is an...

9.1CVSS9.6AI score0.99999EPSS
Exploits23References6
ATTACKERKB
ATTACKERKB
added 2023/12/05 12:0 a.m.42 views

CVE-2023-33063

Memory corruption in DSP Services during a remote call from HLOS to DSP. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS7.5AI score0.007EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/10/18 12:0 a.m.42 views

CVE-2023-45727

Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity XXE attacks. By processing a specially crafted request containing...

7.5CVSS7.2AI score0.03542EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/09/27 12:0 a.m.42 views

CVE-2023-20109

A vulnerability in the Cisco Group Encrypted Transport VPN GET VPN feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause...

6.6CVSS7.2AI score0.02344EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/08/17 12:0 a.m.42 views

CVE-2023-36845

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution...

9.8CVSS8.5AI score0.93546EPSS
Exploits27References5
ATTACKERKB
ATTACKERKB
added 2023/08/03 12:0 a.m.42 views

CVE-2023-35081

A path traversal vulnerability in Ivanti EPMM versions 11.10.x 11.10.0.3, 11.9.x 11.9.1.2 and 11.8.x 11.8.1.2 allows an authenticated administrator to write arbitrary files onto the appliance. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.2CVSS8.2AI score0.63316EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/07/20 12:0 a.m.42 views

CVE-2023-38203

Adobe ColdFusion versions 2018u17 and earlier, 2021u7 and earlier and 2023u1 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. Recent assessments: Assessed...

9.8CVSS7.4AI score0.97003EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/04/14 12:0 a.m.42 views

CVE-2023-2033

Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS8.4AI score0.40798EPSS
Exploits1References12
ATTACKERKB
ATTACKERKB
added 2023/01/05 12:0 a.m.42 views

CVE-2022-44877

login/index.php in CWP aka Control Web Panel or CentOS Web Panel 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. Recent assessments: h00die-gr3y at January 14, 2023 6:25pm UTC reported: This vulnerability is all about...

9.8CVSS9.8AI score0.99995EPSS
Exploits12References7
Total number of security vulnerabilities5000