Lucene search
K
AttackerkbMost viewed

74775 matches found

ATTACKERKB
ATTACKERKB
added 2024/10/09 12:0 a.m.35 views

CVE-2024-9680

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox 131.0.2, Firefox ESR 128.3.1, Firefox ESR 115.16.1, Thunderbird...

9.8CVSS6.8AI score0.32568EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2024/09/10 12:0 a.m.35 views

CVE-2024-38226

Microsoft Publisher Security Feature Bypass Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.3CVSS6.8AI score0.02667EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/07/24 12:0 a.m.35 views

CVE-2023-45249

Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure ACI before build 5.0.1-61, Acronis Cyber Infrastructure ACI before build 5.1.1-71, Acronis Cyber Infrastructure ACI before build 5.2.1-69, Acronis Cyber Infrastructure ACI...

9.8CVSS10AI score0.53255EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2024/05/14 12:0 a.m.35 views

CVE-2024-3807

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via ‘portopageheadershortcodetype’, ‘slideshowtype’ and ‘postlayout’ post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to...

8.8CVSS7.6AI score0.01538EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2024/03/05 12:0 a.m.35 views

CVE-2024-23225

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue...

7.8CVSS6.3AI score0.01481EPSS
Exploits0References17
ATTACKERKB
ATTACKERKB
added 2023/09/27 3:18 p.m.35 views

CVE-2023-36851

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication, an...

5.3CVSS6.4AI score0.01091EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/07/27 12:0 a.m.35 views

CVE-2023-37450

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Recen...

8.8CVSS8AI score0.1895EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2023/02/14 12:0 a.m.35 views

CVE-2023-21715

Microsoft Publisher Security Feature Bypass Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.3CVSS7.2AI score0.12107EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/11/22 12:0 a.m.35 views

CVE-2022-40765

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 22.22.6100.0 could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters. Recent assessments: Assessed Attacker Value...

6.8CVSS5.5AI score0.10481EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/09/26 12:0 a.m.35 views

CVE-2022-3038

Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS8.8AI score0.24738EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2022/09/22 12:0 a.m.35 views

CVE-2022-39197

An XSS Cross Site Scripting vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the...

6.1CVSS5.8AI score0.46446EPSS
Exploits6References3
ATTACKERKB
ATTACKERKB
added 2021/11/22 12:0 a.m.35 views

CVE-2022-23131

In the case of instances where the SAML SSO authentication is enabled non-default, session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to...

9.8CVSS3.1AI score0.95683EPSS
Exploits9References2
ATTACKERKB
ATTACKERKB
added 2021/04/29 12:0 a.m.35 views

CVE-2021-20090

A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 could allow unauthenticated remote attackers to bypass authentication. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

9.8CVSS8.2AI score0.99983EPSS
Exploits5References4
ATTACKERKB
ATTACKERKB
added 2020/10/28 12:0 a.m.35 views

CVE-2018-19943

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later Q...

8CVSS4.4AI score0.17705EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/06/09 12:0 a.m.35 views

CVE-2020-9850

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution. Recent...

9.8CVSS3.3AI score0.77246EPSS
Exploits3References19
ATTACKERKB
ATTACKERKB
added 2020/04/24 12:0 a.m.35 views

CVE-2020-6819

Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird 68.7.0, Firefox 74.0.1, and Firefox ESR 68.6.1. Recent assessments: gwillcox-r7 at...

8.1CVSS7.8AI score0.02978EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2020/03/17 12:0 a.m.35 views

CVE-2020-3950

VMware Fusion 11.x before 11.5.2, VMware Remote Console for Mac 11.x and prior before 11.0.1 and Horizon Client for Mac 5.x and prior before 5.4.0 contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with...

7.8CVSS8AI score0.07254EPSS
Exploits10References5
ATTACKERKB
ATTACKERKB
added 2020/03/10 12:0 a.m.35 views

CVE-2020-0041

In bindertransaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

7.8CVSS5.4AI score0.03246EPSS
Exploits6References2
ATTACKERKB
ATTACKERKB
added 2020/03/02 12:0 a.m.35 views

Liferay CE 6.0.2 Java Deserialization

Liferay CE 6.0.2 remote code execution via unsafe deserialization Recent assessments: theguly at March 02, 2020 5:11pm UTC reported: on 29th of january 2020 this github1 repo came up, with some newsfeed, speakin about a RCE via deserialization on Liferay 6.0.2 i’m aware that liferay is widely use...

9.8CVSS1.1AI score0.45653EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2019/11/12 12:0 a.m.35 views

Internet Explorer RCE through scripting engine memory corruption (IE 9, 10, 11)

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428. Recent assessments: busterb at November...

7.6CVSS2.5AI score0.72626EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2019/09/11 12:0 a.m.35 views

CVE-2019-1297

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.3CVSS8.9AI score0.21805EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2019/07/23 12:0 a.m.35 views

CVE-2019-11708

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing...

10CVSS0.4AI score0.55874EPSS
Exploits10References6
ATTACKERKB
ATTACKERKB
added 2019/05/16 12:0 a.m.35 views

CVE-2019-0863

An elevation of privilege vulnerability exists in the way Windows Error Reporting WER handles files, aka ‘Windows Error Reporting Elevation of Privilege Vulnerability’. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS7.8AI score0.05207EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2019/04/09 12:0 a.m.35 views

CVE-2019-0753

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0739, CVE-2019-0752, CVE-2019-0862. Recent assessments: Assessed Attacker...

7.6CVSS7.8AI score0.81551EPSS
Exploits6References2
ATTACKERKB
ATTACKERKB
added 2018/08/26 12:0 a.m.35 views

CVE-2018-15877

The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainviewactivitymonitor&tab=activitytools request. Recent assessments: cdelafuente-r7 at November 27, 2019 2:59pm UT...

9CVSS3.4AI score0.7699EPSS
Exploits11References6
ATTACKERKB
ATTACKERKB
added 2018/08/15 12:0 a.m.35 views

CVE-2018-8372

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka “Scripting Engine Memory Corruption Vulnerability.” This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353,...

7.6CVSS6.9AI score0.68242EPSS
Exploits10References5
ATTACKERKB
ATTACKERKB
added 2018/08/15 12:0 a.m.35 views

CVE-2018-8405

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel DXGKRNL driver improperly handles objects in memory, aka “DirectX Graphics Kernel Elevation of Privilege Vulnerability.” This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 1...

7.8CVSS6.5AI score0.03444EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2018/07/09 12:0 a.m.35 views

CVE-2018-4990

Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. Recent assessments: gwillcox-r7 at November...

8.8CVSS8AI score0.36365EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2018/03/28 12:0 a.m.35 views

CVE-2018-0172

A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability exists because the affected...

8.6CVSS3.2AI score0.07973EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2017/07/17 12:0 a.m.35 views

CVE-2017-6740

The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these...

9CVSS9.1AI score0.10788EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2017/07/11 12:0 a.m.35 views

CVE-2017-0243

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka “Microsoft Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-8570. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

9.3CVSS8.1AI score0.89889EPSS
Exploits14References4
ATTACKERKB
ATTACKERKB
added 2016/08/09 12:0 a.m.35 views

CVE-2016-3311

The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka “Win32k Elevation of...

7.8CVSS7.4AI score0.20625EPSS
Exploits8References4
ATTACKERKB
ATTACKERKB
added 2016/06/16 12:0 a.m.35 views

CVE-2016-3235

Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka “Microsoft Office OLE DLL Side Loading Vulnerability.” Recent assessments:...

9.3CVSS7.1AI score0.43431EPSS
Exploits4References7
ATTACKERKB
ATTACKERKB
added 2015/07/14 12:0 a.m.35 views

CVE-2015-2424

Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted Office document, aka “Microsoft Office...

9.3CVSS9.1AI score0.38497EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2014/01/15 4:13 p.m.35 views

CVE-2014-0496

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors...

10CVSS5.9AI score0.40243EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2013/05/14 12:0 a.m.35 views

CVE-2013-2094

The perfsweventinit function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perfeventopen system call. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacke...

8.4CVSS7.6AI score0.47709EPSS
Exploits15References39
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:49 p.m.34 views

CVE-2026-54406

A malicious actor with access to the network and high privileges could exploit a Path Traversal vulnerability found in self-hosted instances of UniFi Network Application to escalate write permission on the host device...

8.7CVSS5.8AI score0.00325EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/23 11:44 a.m.34 views

CVE-2026-46300

In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skbtrycoalesce can attach paged frags from @from to @to. If @from has SKBFLSHAREDFRAG set, the resulting @to skb can contain the same externally-owned or page-cache-backe...

6AI score0.03663EPSS
Exploits11References16Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/05/13 12:0 a.m.34 views

CVE-2025-32709

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS7.6AI score0.01658EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/08/05 12:0 a.m.34 views

CVE-2024-38856

Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met...

9.8CVSS7.3AI score0.99427EPSS
Exploits10References5
ATTACKERKB
ATTACKERKB
added 2024/06/11 12:0 a.m.34 views

CVE-2024-35250

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Recent assessments: jheysel-r7 at November 06, 2024 1:10am UTC reported: The ks.sys driver on Windows is one of the core components of Kernel Streaming and is installed by default. There exists an Access Mode Mismatch LPE in this...

7.8CVSS7AI score0.25222EPSS
Exploits7References4
ATTACKERKB
ATTACKERKB
added 2024/06/11 12:0 a.m.34 views

CVE-2024-30088

Windows Kernel Elevation of Privilege Vulnerability Recent assessments: jheysel-r7 at August 30, 2024 8:36pm UTC reported: CVE-2024-30088 is a Windows Kernel Elevation of Privilege Vulnerability which affects many recent versions of Windows 10, Windows 11 and Windows Server 2016, 2019 and 2022. T...

7CVSS6.8AI score0.68202EPSS
Exploits7References2
ATTACKERKB
ATTACKERKB
added 2024/05/03 3:16 a.m.34 views

CVE-2023-44451

Linux Mint Xreader EPUB File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must...

7.8CVSS6.2AI score0.0177EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/01/30 12:0 a.m.34 views

CVE-2023-0266

A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRVCTLIOCTL ELEMREAD|WRITE32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit...

7.9CVSS8.5AI score0.03702EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2021/06/16 3:15 p.m.34 views

CVE-2021-34803

TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certain situations...

7.8CVSS7.1AI score0.0047EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2021/05/27 12:0 a.m.34 views

CVE-2021-27852

Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. This issue affects: Checkbox Survey versions prior to 7. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

9.8CVSS7.3AI score0.31946EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/02/16 12:0 a.m.34 views

CVE-2021-27103

Accellion FTA 912411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA912416 and later. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS5.9AI score0.11315EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2021/01/14 12:0 a.m.34 views

CVE-2020-6572

Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.3CVSS4.5AI score0.10586EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/01/13 12:0 a.m.34 views

CVE-2021-1237

A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL injection attack. To exploit this vulnerability, the attacker would need to have valid credentials o...

7.8CVSS0.1AI score0.00395EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/10/28 12:0 a.m.34 views

CVE-2018-19949

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build...

9.8CVSS6AI score0.24449EPSS
Exploits0References2
Total number of security vulnerabilities5000