Lucene search
K
AttackerkbMost viewed

74766 matches found

ATTACKERKB
ATTACKERKB
added 2022/04/27 1:15 p.m.42 views

CVE-2021-46422

Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication...

10CVSS8AI score0.94629EPSS
Exploits20References5
ATTACKERKB
ATTACKERKB
added 2022/03/17 12:0 a.m.42 views

CVE-2022-26500

Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

8.8CVSS9.2AI score0.05942EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/01/01 1:15 a.m.42 views

CVE-2021-45931

HarfBuzz 2.9.0 has an out-of-bounds write in hbbitsetinvertiblet::set called from hbsparsesett::set and hbsetcopy...

6.5CVSS5.5AI score0.0178EPSS
Exploits1References11
ATTACKERKB
ATTACKERKB
added 2021/09/08 12:0 a.m.42 views

CVE-2021-30761

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. Recent assessments: gwillcox-r7...

8.8CVSS9.4AI score0.10986EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/08/05 9:15 p.m.42 views

CVE-2021-3655

A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory...

3.3CVSS6.6AI score0.00308EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2021/01/08 12:0 a.m.42 views

CVE-2020-16017

Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Recent assessments: gwillcox-r7 at November 22, 2020 2:37am UTC reported: Reported as...

9.6CVSS9.1AI score0.02747EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2020/12/11 12:0 a.m.42 views

CVE-2020-5948 — F5 TMUI XSS vulnerability

On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2. Undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the...

9.6CVSS0.3AI score0.01013EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/11/10 12:0 a.m.42 views

CVE-2020-13927

The previous default setting for Airflow’s Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at...

9.8CVSS9.3AI score0.9967EPSS
Exploits8References4
ATTACKERKB
ATTACKERKB
added 2020/08/06 12:0 a.m.42 views

CVE-2020-7460

In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace...

7CVSS2.9AI score0.00721EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2020/06/17 12:0 a.m.42 views

CVE-2020-14295

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries. Recent assessments: h00die at May 31, 2021 12:03pm UTC reported: Authenticated user is able to cause a...

7.2CVSS2.6AI score0.8633EPSS
Exploits9References11
ATTACKERKB
ATTACKERKB
added 2020/06/09 12:0 a.m.42 views

CVE-2020-1301 Windows SMB Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 SMBv1 server handles certain requests, aka ‘Windows SMB Remote Code Execution Vulnerability’. Recent assessments: gwillcox-r7 at June 10, 2020 12:14am UTC reported: To add to @busterb’s assessment,...

8.8CVSS8.7AI score0.36708EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2020/05/21 12:0 a.m.42 views

CVE-2020-1054

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1143. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...

7.8CVSS8.6AI score0.52778EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2020/03/26 12:0 a.m.42 views

CVE-2020-10827

A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS9.6AI score0.20881EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2020/02/13 12:0 a.m.42 views

Cisco Prime Infrastructure runrshell Local Privilege Escalation Vulnerability

Cisco Prime Infrastructure CPI is a wired and wireless network management software suite that consists of different networking applications from Cisco Systems. The system is used across various industries, from healthcare, manufacturing, government, IT, etc. A vulnerability was found in the...

10CVSS1AI score0.98092EPSS
Exploits17References3
ATTACKERKB
ATTACKERKB
added 2020/02/13 12:0 a.m.42 views

Atlassian Crowd: pdkinstall development plugin incorrectly enabled (CVE-2019-11580)

Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code...

9.8CVSS9.6AI score0.95355EPSS
Exploits6References2
ATTACKERKB
ATTACKERKB
added 2020/02/11 12:0 a.m.42 views

CVE-2020-0655

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an authenticated attacker abuses clipboard redirection, aka ‘Remote Desktop Services Remote Code Execution Vulnerability’. Recent assessments: zeroSteiner at May 14, 2020 3:27...

8.5CVSS8.8AI score0.70966EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2019/09/27 12:0 a.m.42 views

CVE-2019-16928

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in stringvformat in string.c involving a long EHLO command. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value:...

10CVSS5AI score0.41589EPSS
Exploits4References17
ATTACKERKB
ATTACKERKB
added 2019/09/27 12:0 a.m.42 views

CVE-2019-16920

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a “PingTest” device common gateway interface that could lead to common injection. An attacker who successfully triggers...

10CVSS9.9AI score0.99996EPSS
Exploits5References6
ATTACKERKB
ATTACKERKB
added 2019/06/27 12:0 a.m.42 views

CVE-2019-5786

Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

6.5CVSS2.9AI score0.61537EPSS
Exploits10References3
ATTACKERKB
ATTACKERKB
added 2019/05/29 12:0 a.m.42 views

CVE-2018-13383

A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle...

6.5CVSS5.8AI score0.33647EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2019/03/25 12:0 a.m.42 views

CVE-2019-7609

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands...

10CVSS9.7AI score0.95338EPSS
Exploits12References6
ATTACKERKB
ATTACKERKB
added 2018/11/14 12:0 a.m.42 views

CVE-2018-8581

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka “Microsoft Exchange Server Elevation of Privilege Vulnerability.” This affects Microsoft Exchange Server. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.4CVSS7.5AI score0.27355EPSS
Exploits7References4
ATTACKERKB
ATTACKERKB
added 2018/06/07 12:0 a.m.42 views

Cisco ASA Directory Traversal

A vulnerability in the web interface of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. It is also possible on certain software releases that the ASA will...

7.5CVSS1.1AI score0.99903EPSS
Exploits18References7
ATTACKERKB
ATTACKERKB
added 2017/09/29 12:0 a.m.42 views

CVE-2017-12240

The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload,...

10CVSS4.5AI score0.13883EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2017/09/07 12:0 a.m.42 views

CVE-2017-6627

A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, and 15.4 and IOS XE 3.14 through 3.18 could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and a denial of service DoS condition. The...

7.5CVSS2.2AI score0.06042EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2017/03/17 12:0 a.m.42 views

CVE-2017-0001

The Graphics Device Interface GDI in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka “Windows GDI...

7.8CVSS7.3AI score0.11022EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2016/11/23 12:0 a.m.42 views

CVE-2016-9563

BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity XXE attacks via the sap.comtcbpemhimuwlconnproviderweb/bpemuwlconn URI, aka SAP Security Note 2296909. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

6.5CVSS6.5AI score0.23805EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2016/04/07 12:0 a.m.42 views

CVE-2016-1019

Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

10CVSS7.6AI score0.22487EPSS
Exploits0References17
ATTACKERKB
ATTACKERKB
added 2013/01/31 12:0 a.m.42 views

UPnP unique_service_name Buffer Overflow

Stack-based buffer overflow in the uniqueservicename function in ssdp/ssdpserver.c in the SSDP parser in the portable SDK for UPnP Devices aka libupnp, formerly the Intel SDK for UPnP devices before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string th...

10CVSS0.3AI score0.82807EPSS
Exploits13References15
ATTACKERKB
ATTACKERKB
added 2012/05/03 12:0 a.m.42 views

CVE-2012-1710

Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1709. Recent...

9.8CVSS5.5AI score0.11636EPSS
Exploits4References4
ATTACKERKB
ATTACKERKB
added 2002/06/25 12:0 a.m.42 views

CVE-2002-0367

smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit. Recent assessments:...

7.8CVSS5.4AI score0.05188EPSS
Exploits1References12
ATTACKERKB
ATTACKERKB
added 2026/07/01 7:3 p.m.41 views

CVE-2026-55597

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder. This issue has been fixed in version7.1.2-26...

5.5CVSS5.9AI score0.00103EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/01 6:58 p.m.41 views

CVE-2026-55594

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the MVG decoder will result in a stack overflow when a crafted image is provided. This issue has been fixed in versions 6.9.13-51 and...

5.3CVSS5.8AI score0.00241EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/06/03 12:0 a.m.41 views

CVE-2025-5419

Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS6.6AI score0.0645EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2024/01/24 12:0 a.m.41 views

CVE-2024-23897

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an ‘@’ character followed by a file path in an argument with the file’s contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system...

9.8CVSS9.6AI score0.99999EPSS
Exploits46References9
ATTACKERKB
ATTACKERKB
added 2024/01/17 9:15 p.m.41 views

CVE-2023-6549

Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read...

8.2CVSS7.3AI score0.57633EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/01/16 12:0 a.m.41 views

CVE-2024-0519

Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS6.7AI score0.03769EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2023/12/24 10:15 p.m.41 views

CVE-2023-7101

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of...

7.8CVSS7.8AI score0.16832EPSS
Exploits1References13Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/10/27 8:15 p.m.41 views

CVE-2023-46407

FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist-alphabetsize variable in the readvlcprefix function...

5.5CVSS5.8AI score0.00302EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2023/10/10 12:0 a.m.41 views

CVE-2023-36563

Microsoft WordPad Information Disclosure Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

6.5CVSS6.6AI score0.20719EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/10/03 12:0 a.m.41 views

CVE-2023-4911

A buffer overflow was discovered in the GNU C Library’s dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...

7.8CVSS8.2AI score0.81422EPSS
Exploits28References29
ATTACKERKB
ATTACKERKB
added 2023/09/13 12:0 a.m.41 views

CVE-2023-26369

Acrobat Reader versions 23.003.20284 and earlier, 20.005.30516 and earlier and 20.005.30514 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th...

7.8CVSS7.5AI score0.07036EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/07/12 12:0 a.m.41 views

CVE-2023-29300

Adobe ColdFusion versions 2018u16 and earlier, 2021u6 and earlier and 2023.0.0.330468 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. Recent assessments:...

9.8CVSS7.4AI score0.99988EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/06/23 12:0 a.m.41 views

CVE-2023-32435

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have...

8.8CVSS8.5AI score0.22951EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2023/06/14 12:0 a.m.41 views

CVE-2023-29357

Microsoft SharePoint Server Elevation of Privilege Vulnerability Recent assessments: cbeek-r7 at January 17, 2024 10:31am UTC reported: CVE-2023-29357 is a critical vulnerability in Microsoft SharePoint Server, classified as an Elevation of Privilege EoP flaw. . This vulnerability allows attacker...

9.8CVSS9.9AI score0.99649EPSS
Exploits10References2
ATTACKERKB
ATTACKERKB
added 2022/01/04 12:0 a.m.41 views

CVE-2021-44168

A download of code without integrity check vulnerability in the “execute restore src-vis” command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages. Recent assessments: Assessed Attacker Value: 0 Assess...

7.8CVSS5.6AI score0.00873EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2021/08/09 1:17 p.m.41 views

CVE-2021-38152

CVE-mitre:index.php/appointment/insertpatientaddappointment in Chikitsa Patient Management System 2.0.0 allows XSS. nu11secur1ty: XSS-Stored - Brutal PWNED on Chikitsa 2.0.0 parameter "name" + User: Unrestricted File Upload ".php"...

5.4CVSS6.1AI score0.01008EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2021/05/27 12:0 a.m.41 views

CVE-2021-22899

A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS4.8AI score0.22343EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/05/07 12:0 a.m.41 views

CVE-2021-1905

Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Recent...

8.4CVSS8.4AI score0.0115EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/09/25 12:0 a.m.41 views

CVE-2020-5929

In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous ADH or Ephemeral DHE Diffie-Hellman key exchange and Single DH use option not enable...

5.9CVSS0.1AI score0.01206EPSS
Exploits0References2
Total number of security vulnerabilities5000