Lucene search
K
AttackerkbMost viewed

74766 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/02 12:37 p.m.39 views

CVE-2026-3872

A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers URIs that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information...

7.3CVSS5.8AI score0.0044EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2024/10/08 12:0 a.m.39 views

CVE-2024-43572

Microsoft Management Console Remote Code Execution Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS7.5AI score0.60954EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/04/04 12:0 a.m.39 views

CVE-2024-3273

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument...

9.8CVSS7.7AI score0.99997EPSS
Exploits8References7
ATTACKERKB
ATTACKERKB
added 2023/04/04 12:0 a.m.39 views

CVE-2023-1671

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS7.8AI score0.99999EPSS
Exploits10References4
ATTACKERKB
ATTACKERKB
added 2022/08/24 12:0 a.m.39 views

CVE-2022-32893

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have...

8.8CVSS3.1AI score0.09785EPSS
Exploits0References20
ATTACKERKB
ATTACKERKB
added 2022/08/10 12:0 a.m.39 views

CVE-2022-0028

A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service RDoS attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series hardware, VM-Series virtual and CN-Series container firewall...

8.6CVSS0.9AI score0.02041EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/04/26 12:0 a.m.39 views

CVE-2022-24706

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front o...

10CVSS3.9AI score0.9251EPSS
Exploits9References12
ATTACKERKB
ATTACKERKB
added 2022/02/16 12:0 a.m.39 views

CVE-2022-24664

PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.9CVSS7.1AI score0.0165EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/02/14 10:15 p.m.39 views

CVE-2021-45005

Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow which is caused by conflicting JumpList of nested try/finally statements...

9.8CVSS7.6AI score0.01456EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/09/15 12:15 p.m.39 views

CVE-2021-38633

Windows Common Log File System Driver Elevation of Privilege Vulnerability...

7.8CVSS7AI score0.00887EPSS
Exploits0References2Affected Software26
ATTACKERKB
ATTACKERKB
added 2021/03/31 12:0 a.m.39 views

CVE-2021-22991

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel TMM URI normalization, which may trigger a buffer...

9.8CVSS4.2AI score0.61064EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2020/12/10 12:0 a.m.39 views

CVE-2020-17136

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17103, CVE-2020-17134. Recent assessments: gwillcox-r7 at December 15, 2020 7:34pm UTC reported: A nice little LPE technique which takes advantage of several issues as originally noted ...

7.8CVSS7.3AI score0.27224EPSS
Exploits4References2
ATTACKERKB
ATTACKERKB
added 2020/09/17 12:0 a.m.39 views

CVE-2020-13668

Drupal 8 and 9 have a reflected cross-site scripting XSS vulnerability under certain circumstances. An attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. Recent assessments: wvu-r7 at September 17, 2020 4:03pm UTC reported: This is...

0.4AI score0.00681EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/09/04 12:0 a.m.39 views

CVE-2020-3430

Upon installation, Cisco Jabber registers protocol handlers for a number of different protocols. These are used to tell the operating system that whenever a user clicks on a URL containing one of the custom protocols e.g. ciscoim:[email protected] the URL should be passed to Cisco Jabber. In this...

9.9CVSS2.7AI score0.62119EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2020/09/03 12:0 a.m.39 views

CVE-2020-16152

The Aerohive/Extreme Networks HiveOS administrative webinterface NetConfig is vulnerable to LFI because it uses an old version of PHP vulnerable to string truncation attacks. An attacker is able to use this in conjunction with log poisoning to gain root rights on a vulnerable access point. Recent...

0.8AI score0.35047EPSS
Exploits5References2
ATTACKERKB
ATTACKERKB
added 2020/06/05 12:0 a.m.39 views

CVE-2020-9859

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges. Recent assessments:...

7.8CVSS3.3AI score0.00829EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/04/15 12:0 a.m.39 views

CVE-2020-3161

A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service DoS condition. The vulnerability is due to a lack of proper input validation of HT...

10CVSS2.7AI score0.83734EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2020/03/10 12:0 a.m.39 views

CVE-2020-0069

In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

7.8CVSS5.7AI score0.01299EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2020/03/07 12:0 a.m.39 views

CVE-2020-10220

An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter. Recent assessments: theguly at March 12, 2020 3:39pm UTC reported: i love these type of vulnerabilities because they chain three findings normally...

9.8CVSS0.1AI score0.99683EPSS
Exploits25References6
ATTACKERKB
ATTACKERKB
added 2020/03/02 12:0 a.m.39 views

CVE-2019-17026

Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 68.4.1, Thunderbird 68.4.1, and Firefox 72.0.1. Recent assessments: gwillcox-r7 a...

8.8CVSS8.2AI score0.46589EPSS
Exploits7References11
ATTACKERKB
ATTACKERKB
added 2020/02/21 12:0 a.m.39 views

CVE-2020-6842

D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. Recent assessments: kevthehermit at February 22, 2020 11:00pm UTC reported: This analysis is a transcript of a public gist – Original...

9CVSS2.5AI score0.0229EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2019/12/30 12:0 a.m.39 views

CVE-2019-20085

TVT NVMS-1000 devices allow GET /.. Directory Traversal Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.5CVSS7.4AI score0.96071EPSS
Exploits6References3
ATTACKERKB
ATTACKERKB
added 2019/07/23 12:0 a.m.39 views

CVE-2019-11707

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...

8.8CVSS9.4AI score0.37951EPSS
Exploits7References5
ATTACKERKB
ATTACKERKB
added 2018/11/09 12:0 a.m.39 views

CVE-2018-19131

Squid before 4.4 has XSS via a crafted X.509 certificate during HTTPS error page generation for certificate errors. Recent assessments: travisbgreen at April 21, 2020 10:49pm UTC reported: Bottom line: The commonName property of the certificate that signs the “failed to connect securely” error pa...

6.1CVSS0.5AI score0.03333EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2018/08/15 12:0 a.m.39 views

CVE-2018-8406

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel DXGKRNL driver improperly handles objects in memory, aka “DirectX Graphics Kernel Elevation of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from...

7.8CVSS6.5AI score0.03444EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2017/07/17 12:0 a.m.39 views

CVE-2017-6738

The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these...

9CVSS9.1AI score0.1055EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2017/02/26 12:0 a.m.39 views

CVE-2017-0037

Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheet...

8.1CVSS4.4AI score0.80386EPSS
Exploits9References13
ATTACKERKB
ATTACKERKB
added 2016/11/01 12:0 a.m.39 views

CVE-2016-7855

Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016. Recent assessments: Assessed Attacker Value: 0 Assessed...

9.3CVSS9AI score0.25198EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2014/07/03 12:0 a.m.39 views

The LZO/LZ4 Integer Overflow Summary

Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4uncompress function in lib/lz4/lz4decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service memory corruption o...

5CVSS0.8AI score0.08103EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2014/05/07 12:0 a.m.39 views

CVE-2014-0130

Directory traversal vulnerability in actionpack/lib/abstractcontroller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files...

7.5CVSS6.3AI score0.53703EPSS
Exploits2References10
ATTACKERKB
ATTACKERKB
added 2010/02/15 12:0 a.m.39 views

CVE-2009-3960

Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are...

6.5CVSS4.2AI score0.90012EPSS
Exploits12References9
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:13 p.m.38 views

CVE-2026-53622

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake...

7.8CVSS5.9AI score0.0024EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/11/18 12:0 a.m.38 views

CVE-2024-9474

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability. Recent assessments:...

9.8CVSS9.1AI score0.99698EPSS
Exploits18References2
ATTACKERKB
ATTACKERKB
added 2024/01/09 12:0 a.m.38 views

CVE-2022-48618

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been...

7CVSS5.9AI score0.00487EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2023/12/21 12:0 a.m.38 views

CVE-2023-7024

Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS7.2AI score0.07356EPSS
Exploits2References7
ATTACKERKB
ATTACKERKB
added 2023/09/07 12:0 a.m.38 views

CVE-2023-41064

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution...

7.8CVSS7.9AI score0.15263EPSS
Exploits2References17
ATTACKERKB
ATTACKERKB
added 2023/09/05 12:0 a.m.38 views

CVE-2023-4762

Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS7.3AI score0.37987EPSS
Exploits2References11
ATTACKERKB
ATTACKERKB
added 2023/06/19 12:0 a.m.38 views

CVE-2023-27992

The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21AAZF.14C0, NAS540 firmware versions prior to V5.21AATB.11C0, and NAS542 firmware versions prior to V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS...

9.8CVSS9.8AI score0.84195EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/05/09 12:0 a.m.38 views

CVE-2023-24955

Microsoft SharePoint Server Remote Code Execution Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.2CVSS7.9AI score0.85395EPSS
Exploits7References2
ATTACKERKB
ATTACKERKB
added 2022/11/22 12:0 a.m.38 views

CVE-2022-41223

The Director database component of MiVoice Connect through 19.3 22.22.6100.0 could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value...

6.8CVSS4.1AI score0.10571EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/09/26 12:0 a.m.38 views

CVE-2022-3075

Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

9.6CVSS2.9AI score0.0568EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/05/18 11:15 a.m.38 views

CVE-2022-30974

compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413...

7.5CVSS6.7AI score0.02323EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/02/09 12:0 a.m.38 views

CVE-2022-21971

Windows Runtime Remote Code Execution Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.3CVSS7.9AI score0.53655EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/10/05 12:0 a.m.38 views

CVE-2021-39226

Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot “publicmode” configurati...

9.8CVSS8.3AI score0.99888EPSS
Exploits1References11
ATTACKERKB
ATTACKERKB
added 2021/06/25 4:15 p.m.38 views

CVE-2021-35501

PandoraFMS =7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed...

5.4CVSS6.1AI score0.01001EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2021/04/15 12:0 a.m.38 views

CVE-2021-3493

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow...

8.8CVSS8.1AI score0.43988EPSS
Exploits27References10
ATTACKERKB
ATTACKERKB
added 2021/03/01 12:0 a.m.38 views

CVE-2021-27876

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to ga...

8.1CVSS9.3AI score0.13411EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2021/01/18 12:0 a.m.38 views

CVE-2020-36193

Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS4.4AI score0.70595EPSS
Exploits2References15
ATTACKERKB
ATTACKERKB
added 2020/12/23 12:0 a.m.38 views

CVE-2020-35665

An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation. Recent assessments: h00die-gr3y at June 05, 2023 9:49am UTC reported: Last two weeks, I spent some time on a...

10CVSS9.1AI score0.96598EPSS
Exploits17References4
ATTACKERKB
ATTACKERKB
added 2020/12/08 12:0 a.m.38 views

CVE-2020-27930

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7...

7.8CVSS7.6AI score0.22178EPSS
Exploits0References11
Total number of security vulnerabilities5000