Lucene search
K
AttackerkbMost viewed

74784 matches found

ATTACKERKB
ATTACKERKB
added 2019/10/10 12:0 a.m.33 views

CVE-2019-1340

An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka ‘Microsoft Windows Elevation of Privilege Vulnerability’. This CVE ID is unique...

7.8CVSS7.7AI score0.19205EPSS
Exploits25References2
ATTACKERKB
ATTACKERKB
added 2019/07/15 12:0 a.m.33 views

CVE-2019-1132

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. Recent assessments: FULLSHADE at April 21, 2020 4:04am UTC reported: This vulnerability takes advantage of a null...

7.8CVSS8.5AI score0.09788EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2019/06/19 12:0 a.m.33 views

CVE-2018-18472

Western Digital WD My Book Live and WD My Book Live Duo all versions have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/languageconfiguration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the...

10CVSS8.7AI score0.30284EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2019/05/16 12:0 a.m.33 views

Cisco Prime Infrastructure HA HealthMonitor TarArchive Directory Traversal Remote Code Execution

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because t...

10CVSS8.9AI score0.98092EPSS
Exploits12References4
ATTACKERKB
ATTACKERKB
added 2019/04/23 12:0 a.m.33 views

CVE-2019-2616

Vulnerability in the BI Publisher formerly XML Publisher component of Oracle Fusion Middleware subcomponent: BI Publisher Security. Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access...

7.2CVSS2.2AI score0.92183EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2019/04/09 12:0 a.m.33 views

CVE-2019-0862

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0739, CVE-2019-0752, CVE-2019-0753. Recent assessments: Assessed Attacker...

7.6CVSS7.8AI score0.81551EPSS
Exploits6References3
ATTACKERKB
ATTACKERKB
added 2019/04/02 12:0 a.m.33 views

CVE-2019-10692

In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement. Recent assessments: rootOptional at March 09, 2020 9:03pm UTC reported: This CVE is fairly obscure due to it being present in the WordPre...

9.8CVSS1.3AI score0.78699EPSS
Exploits6References6
ATTACKERKB
ATTACKERKB
added 2019/03/27 12:0 a.m.33 views

Ruby on Rails DoubleTap Development Mode secret_key_base Vulnerability

Ruby on Rails versions including 5.2.2.1 and prior are vulnerable to a predicatble secretkeybase in development mode, which could be used to recreated a signed message, such as a serialized object, and gain remote code execution. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC...

9.8CVSS9.5AI score0.92144EPSS
Exploits13References5
ATTACKERKB
ATTACKERKB
added 2019/03/08 12:0 a.m.33 views

CVE-2019-1003029

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with...

9.9CVSS5.4AI score0.73854EPSS
Exploits3References7
ATTACKERKB
ATTACKERKB
added 2019/03/08 12:0 a.m.33 views

CVE-2019-1003030

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM. Recent assessments...

9.9CVSS5.4AI score0.75594EPSS
Exploits4References7
ATTACKERKB
ATTACKERKB
added 2018/08/15 12:0 a.m.33 views

CVE-2018-8401

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel DXGKRNL driver improperly handles objects in memory, aka “DirectX Graphics Kernel Elevation of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from...

7.8CVSS6.5AI score0.03444EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2018/03/28 12:0 a.m.33 views

CVE-2018-0167

Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol LLDP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition or execute arbitrary code with elevated...

8.8CVSS5.1AI score0.03421EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2018/03/28 12:0 a.m.33 views

CVE-2018-0151

A vulnerability in the quality of service QoS subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or execute arbitrary code with elevated privileges. The vulnerability is due to incorrect bounds...

10CVSS4.1AI score0.14468EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2017/10/13 12:0 a.m.33 views

CVE-2017-11826

Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly...

9.3CVSS8AI score0.81454EPSS
Exploits3References7
ATTACKERKB
ATTACKERKB
added 2017/07/17 12:0 a.m.33 views

CVE-2017-6737

A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the affected device. The vulnerability is due to a...

9CVSS8.9AI score0.42632EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2017/07/17 12:0 a.m.33 views

CVE-2017-6739

A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the affected device. The vulnerability is due to a...

9CVSS8.9AI score0.1055EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2017/05/26 12:0 a.m.33 views

CVE-2017-8538

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft...

9.3CVSS7.6AI score0.71961EPSS
Exploits4References5
ATTACKERKB
ATTACKERKB
added 2017/04/24 12:0 a.m.33 views

CVE-2017-5030

Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assess...

8.8CVSS4.6AI score0.41603EPSS
Exploits1References9
ATTACKERKB
ATTACKERKB
added 2016/05/11 12:0 a.m.33 views

CVE-2016-0185

Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted Media Center link aka .mcl file, aka “Windows Media Center Remote Code Execution Vulnerability.” Recent assessments: Assessed Attacker Value: 0 Assessed...

9.3CVSS8AI score0.6994EPSS
Exploits3References7
ATTACKERKB
ATTACKERKB
added 2015/11/25 12:0 a.m.33 views

CVE-2015-5317

The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.5CVSS8.4AI score0.22429EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2015/08/19 12:0 a.m.33 views

CVE-2015-2502

Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka “Memory Corruption Vulnerability,” as exploited in the wild in August 2015. Recent assessments: gwillcox-r7 at November 23, 2020...

9.3CVSS8.7AI score0.51127EPSS
Exploits2References7
ATTACKERKB
ATTACKERKB
added 2015/07/14 12:0 a.m.33 views

CVE-2015-2384

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-2383 and CVE-2015-2425. Recent assessments:...

9.3CVSS8.8AI score0.44851EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2014/11/11 12:0 a.m.33 views

CVE-2014-4077

Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE aka IME for Japanese is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka “Microsoft IME Japanese...

9.3CVSS8.1AI score0.47679EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2014/08/12 12:0 a.m.33 views

CVE-2014-2817

Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka “Internet Explorer Elevation of Privilege Vulnerability.” Recent assessments: gwillcox-r7 at November 22, 2020 3:25am UTC reported: Reported as exploited in the wild as part of Google’s...

8.8CVSS7.3AI score0.26349EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2013/11/28 12:0 a.m.33 views

CVE-2013-5065 Microsoft NDProxy.sys Privilege Escalation

NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC reported: Xp recently broke a local kernel...

7.8CVSS6.2AI score0.34893EPSS
Exploits16References6
ATTACKERKB
ATTACKERKB
added 2012/05/21 12:0 a.m.33 views

Symantec Web Gateway upload_file Remote Code Execution Vulnerability

The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC reported:...

10CVSS0.1AI score0.64061EPSS
Exploits5References4
ATTACKERKB
ATTACKERKB
added 2008/02/07 9:0 p.m.33 views

CVE-2008-0655

Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors...

9.3CVSS5.2AI score0.36844EPSS
Exploits2References21
ATTACKERKB
ATTACKERKB
added 2007/09/18 12:0 a.m.33 views

CVE-2007-3010

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...

10CVSS7.2AI score0.97759EPSS
Exploits8References13
ATTACKERKB
ATTACKERKB
added 2006/05/20 12:0 a.m.33 views

CVE-2006-2492

Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack. Recent...

8.8CVSS6.6AI score0.48387EPSS
Exploits2References18
ATTACKERKB
ATTACKERKB
added 2026/05/08 7:21 a.m.32 views

CVE-2026-43284

In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSGSPLICEPAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFLSHAREDFRAG after skbsplicefromiter, so later paths that may modify packet data ca...

8.8CVSS5.7AI score0.93235EPSS
Exploits31References11Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/03/11 12:0 a.m.32 views

CVE-2025-24054

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

6.5CVSS6.8AI score0.58974EPSS
Exploits20References2
ATTACKERKB
ATTACKERKB
added 2025/02/19 12:0 a.m.32 views

CVE-2025-24989

An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update...

9.8CVSS7AI score0.01659EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/10/08 12:0 a.m.32 views

CVE-2024-9380

An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.2CVSS7AI score0.62988EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/08/21 12:0 a.m.32 views

CVE-2024-7971

Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. Chromium security severity: High Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.6CVSS6.6AI score0.19272EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2024/05/14 12:0 a.m.32 views

CVE-2024-4671

Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...

9.6CVSS7.3AI score0.08348EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2023/12/24 10:15 p.m.32 views

CVE-2023-7102

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic...

9.8CVSS7.5AI score0.43596EPSS
Exploits2References8
ATTACKERKB
ATTACKERKB
added 2023/06/23 12:0 a.m.32 views

CVE-2023-32439

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this...

8.8CVSS8.4AI score0.23788EPSS
Exploits0References16
ATTACKERKB
ATTACKERKB
added 2023/06/14 12:0 a.m.32 views

CVE-2023-29360

Microsoft Streaming Service Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.4CVSS6.9AI score0.22133EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2022/11/09 12:0 a.m.32 views

CVE-2022-41049

Windows Mark of the Web Security Feature Bypass Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

5.4CVSS2.9AI score0.02482EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/11/08 12:0 a.m.32 views

CVE-2022-31199

Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. The remote code execution vulnerabilities exist within the underlying protocol used by the component, and...

9.8CVSS10AI score0.36009EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/03/03 12:0 a.m.32 views

CVE-2022-22706

Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

7.8CVSS4.2AI score0.01226EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/01/18 5:15 p.m.32 views

CVE-2022-0090

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab is configured in a way that it doesn't ignore replacement references with git sub-commands, allowing a malicious user to spoof the contents of their commits in...

6.5CVSS6.4AI score0.01306EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/01/15 3:17 p.m.32 views

CVE-2022-23178

An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname...

10CVSS7.3AI score0.75711EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2021/10/18 12:0 a.m.32 views

CVE-nu11-101821

Description: The useremail parameter appears to be vulnerable to SQL injection attacks Time-based Blind. A single quote was submitted in the useremail parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. Recent assessments:...

0.3AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2021/08/23 6:15 p.m.32 views

CVE-2021-39144

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...

8.5CVSS7.2AI score0.98124EPSS
Exploits6References18Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/04/14 12:0 a.m.32 views

CVE-2021-29449

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details. Recent assessments: h00die at May 31, 2021 11:59am UTC...

7.8CVSS3.2AI score0.01863EPSS
Exploits4References4
ATTACKERKB
ATTACKERKB
added 2021/01/26 12:0 a.m.32 views

CVE-2021-26134

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Recent assessments: femkebolle at November 22, 2023 3:56pm UTC reported: As ...

9.8CVSS9.9AI score0.99999EPSS
Exploits76References1
ATTACKERKB
ATTACKERKB
added 2020/11/20 12:0 a.m.32 views

CVE-2020-13671

Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to...

8.8CVSS3.7AI score0.04269EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2020/10/07 12:0 a.m.32 views

CVE-2020-26592

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Recent assessments: pbarry-r7 at November 19, 2020 5:47pm UTC reported:...

9.3CVSS2.2AI score0.01154EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/09/01 12:0 a.m.32 views

CVE-2020-24557

A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first...

7.8CVSS3.1AI score0.02639EPSS
Exploits0References5
Total number of security vulnerabilities5000