Lucene search
K
AttackerkbMost viewed

74794 matches found

ATTACKERKB
ATTACKERKB
added 2020/08/21 12:0 a.m.32 views

CVE-2020-15858

Some devices of Thales DIS formerly Gemalto, formerly Cinterion allow Directory Traversal by physically proximate attackers. The directory path access check of the internal flash file system can be circumvented. This flash file system can store application-specific data and data needed for custom...

6.4CVSS1.1AI score0.00786EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/08/21 12:0 a.m.32 views

CVE-2020-24590

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks. Recent assessments: krzysztof-przybylski at August 29, 2020 11:16pm UTC reported: Severity: Critical CVSS Score: 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H AFFECTED...

9.1CVSS1.8AI score0.0126EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/04/10 12:0 a.m.32 views

CVE-2020-3952 - VMware vCenter Server vmdir Information Disclosure

Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller PSC, does not correctly implement access controls. Recent assessments: wvu-r7 at April 16, 2020 1:25pm UTC reported: Technical details on the vuln are out:...

9.8CVSS8.9AI score0.90384EPSS
Exploits20References3
ATTACKERKB
ATTACKERKB
added 2020/03/08 12:0 a.m.32 views

CVE-2020-10221

lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9CVSS8.9AI score0.36754EPSS
Exploits5References5
ATTACKERKB
ATTACKERKB
added 2020/02/10 12:0 a.m.32 views

CVE-2019-17061

The Bluetooth Low Energy BLE stack implementation on Cypress PSoC 4 through 3.62 devices does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID LLID equal to zero. This allows attackers within radio range to cause...

6.5CVSS7.2AI score0.00881EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2020/01/29 12:0 a.m.32 views

CVE-2020-7247

smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the “uncommented” default configuration...

10CVSS9.6AI score0.98946EPSS
Exploits27References20
ATTACKERKB
ATTACKERKB
added 2019/09/11 12:0 a.m.32 views

CVE-2019-1278

An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1215, CVE-2019-1253, CVE-2019-1303. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...

7.8CVSS8.3AI score0.19254EPSS
Exploits7References2
ATTACKERKB
ATTACKERKB
added 2019/07/17 12:0 a.m.32 views

CVE-2019-9848

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrar...

9.8CVSS0.2AI score0.31215EPSS
Exploits5References11
ATTACKERKB
ATTACKERKB
added 2019/07/16 12:0 a.m.32 views

CVE-2019-12989

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS3.3AI score0.94046EPSS
Exploits5References6
ATTACKERKB
ATTACKERKB
added 2019/07/15 12:0 a.m.32 views

CVE-2019-1130

An elevation of privilege vulnerability exists when Windows AppX Deployment Service AppXSVC improperly handles hard links, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1129. Recent assessments: cbeek-r7 at February 22, 2023 10:06am UTC reported: Recent...

7.8CVSS8.1AI score0.02284EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2019/06/21 12:0 a.m.32 views

CVE-2019-10719

BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714. Recent assessments: Leafr...

9.8CVSS1.1AI score0.31725EPSS
Exploits16References4
ATTACKERKB
ATTACKERKB
added 2019/06/05 12:0 a.m.32 views

CVE-2019-18426

A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message. Recent...

8.2CVSS3.5AI score0.67859EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2019/05/22 12:0 a.m.32 views

CVE-2019-11634

Citrix Workspace App before 1904 for Windows has Incorrect Access Control. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS3.3AI score0.08091EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2019/03/05 12:0 a.m.32 views

CVE-2019-0676

An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka ‘Internet Explorer Information Disclosure Vulnerability’. Recent assessments:...

6.5CVSS5.8AI score0.07505EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2018/12/21 12:0 a.m.32 views

CVE-2018-19323

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers MSRs. Recent assessments: Assessed Attacker Value: 0 Assessed Attacke...

9.8CVSS4.2AI score0.08523EPSS
Exploits3References6
ATTACKERKB
ATTACKERKB
added 2018/10/24 12:0 a.m.32 views

Get System-level Code Execution Through Webex Vulnerability

A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this...

7.8CVSS4.5AI score0.1602EPSS
Exploits14References6
ATTACKERKB
ATTACKERKB
added 2018/06/11 12:0 a.m.32 views

CVE-2016-9079

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox 50.0.2, Firefox ESR 45.5.1, and Thunderbird 45.5.1. Recent assessments...

7.5CVSS7.3AI score0.87598EPSS
Exploits13References15
ATTACKERKB
ATTACKERKB
added 2018/04/25 12:0 a.m.32 views

Apache Tika Header Command Injection CVE-2018-1335

Before Tika 1.18, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. Recent assessments:...

9.3CVSS0.9AI score0.93972EPSS
Exploits10References3
ATTACKERKB
ATTACKERKB
added 2018/04/10 12:0 a.m.32 views

CVE-2018-9995

TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a “Cookie: uid=admin”...

9.8CVSS9.4AI score0.83151EPSS
Exploits13References5
ATTACKERKB
ATTACKERKB
added 2018/03/28 12:0 a.m.32 views

CVE-2018-0156

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service DoS condition. The vulnerability is due to improper validation of packet data. A...

7.8CVSS3.2AI score0.08302EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2017/09/29 12:0 a.m.32 views

CVE-2017-12237

A vulnerability in the Internet Key Exchange Version 2 IKEv2 module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of servi...

7.8CVSS2.4AI score0.07128EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2017/04/06 12:0 a.m.32 views

CVE-2017-6884

A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00AAQT.4b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such ...

9CVSS3.8AI score0.37634EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2017/03/17 12:0 a.m.32 views

CVE-2017-0018

Microsoft Internet Explorer 10 and 11 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” This vulnerability is different from those described in CVE-2017-0037 and...

8.8CVSS6.8AI score0.80386EPSS
Exploits9References4
ATTACKERKB
ATTACKERKB
added 2016/09/14 12:0 a.m.32 views

CVE-2016-3351

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka “Microsoft Browser Information Disclosure Vulnerability.” Recent assessments: gwillcox-r7 at November 22, 2020 3:19am UTC reported: Reported as exploited ...

6.5CVSS4.6AI score0.26286EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2016/08/09 12:0 a.m.32 views

CVE-2016-3309

The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka “Win32k Elevation of...

7.8CVSS7.6AI score0.20625EPSS
Exploits8References6
ATTACKERKB
ATTACKERKB
added 2016/02/16 12:0 a.m.32 views

CVE-2016-2388

The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

5.3CVSS5.3AI score0.51553EPSS
Exploits10References12
ATTACKERKB
ATTACKERKB
added 2015/12/09 12:0 a.m.32 views

CVE-2015-6175

The kernel in Microsoft Windows 10 Gold allows local users to gain privileges via a crafted application, aka “Windows Kernel Memory Elevation of Privilege Vulnerability.” Recent assessments: gwillcox-r7 at November 23, 2020 6:19pm UTC reported: Reported as exploited in the wild as part of Google’...

7.8CVSS2AI score0.05169EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2015/09/09 12:0 a.m.32 views

CVE-2015-2511

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka “Win32k Memory Corruption...

8.2CVSS6.1AI score0.10929EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2015/04/14 12:0 a.m.32 views

CVE-2015-3038

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2015-0347,...

10CVSS7.3AI score0.7983EPSS
Exploits7References10
ATTACKERKB
ATTACKERKB
added 2013/10/09 12:0 a.m.32 views

CVE-2013-3896

Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka “Silverlight Vulnerability.” Recent assessments: Assessed Attacker Value: ...

5.5CVSS5AI score0.6961EPSS
Exploits5References5
ATTACKERKB
ATTACKERKB
added 2013/06/12 12:0 a.m.32 views

CVE-2013-1331

Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka “Office Buffer Overflow Vulnerability.” Recent assessments: Assessed Attacker Value: 0...

9.3CVSS8AI score0.81877EPSS
Exploits4References5
ATTACKERKB
ATTACKERKB
added 2013/05/05 12:0 a.m.32 views

Microsoft Internet Explorer CGenericElement Use-After-Free

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that 1 was not properly allocated or 2 is deleted, as exploited in the wild in May 2013. Recent assessments: wchen-r7 at September 12, 2019 6:07...

9.3CVSS8.8AI score0.77889EPSS
Exploits11References6
ATTACKERKB
ATTACKERKB
added 2012/10/16 12:0 a.m.32 views

CVE-2012-5076

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

10CVSS6.5AI score0.91013EPSS
Exploits18References11
ATTACKERKB
ATTACKERKB
added 2012/09/24 12:0 a.m.32 views

CVE-2012-5054

Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.3CVSS7.6AI score0.21194EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2010/12/06 12:0 a.m.32 views

CVE-2010-3904

The rdspagecopyuser function in net/rds/page.c in the Reliable Datagram Sockets RDS protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg syste...

7.8CVSS7.3AI score0.11217EPSS
Exploits16References24
ATTACKERKB
ATTACKERKB
added 2009/06/10 12:0 a.m.32 views

CVE-2009-0557

Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibilit...

9.3CVSS7.7AI score0.58551EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2008/07/22 12:0 a.m.32 views

Oracle mod_wl HTTP POST Request Remote Buffer Overflow Vulnerability

Stack-based buffer overflow in the Apache Connector modwl in Oracle WebLogic Server formerly BEA WebLogic Server 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after “POST /.jsp” in an HTTP request. Recent assessments...

10CVSS7.4AI score0.83589EPSS
Exploits9References12
ATTACKERKB
ATTACKERKB
added 2006/10/18 12:0 a.m.32 views

NVIDIA binary graphics driver: Privilege escalation vulnerability

The accelerated rendering functionality of NVIDIA Binary Graphics Driver binary blob driver For Linux v8774 and v8762, and probably on other operating systems, allows local and remote attackers to execute arbitrary code via a large width value in a font glyph, which can be used to overwrite...

7.5CVSS7.1AI score0.26046EPSS
Exploits1References23
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:25 p.m.31 views

CVE-2026-54328

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directory. On Linux-based multi-user systems, a local attacker who can write to the shared temporary...

7.3CVSS5.9AI score0.00115EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/11 5:30 a.m.31 views

CVE-2026-1357

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when...

9.8CVSS6.2AI score0.32714EPSS
Exploits13References9
ATTACKERKB
ATTACKERKB
added 2025/07/17 6:16 p.m.31 views

CVE-2025-54068

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

9.8CVSS7.6AI score0.95376EPSS
Exploits5References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/04/25 12:0 a.m.31 views

CVE-2025-3935

ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys. It is important to note that to obtain these machine keys,...

8.1CVSS8AI score0.03292EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/03/04 12:0 a.m.31 views

CVE-2025-22224

VMware ESXi, and Workstation contain a TOCTOU Time-of-Check Time-of-Use vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host...

9.3CVSS8.9AI score0.01676EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/09/10 12:0 a.m.31 views

CVE-2024-43461

Windows MSHTML Platform Spoofing Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS6.9AI score0.51883EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/07/09 12:0 a.m.31 views

CVE-2024-38094

Microsoft SharePoint Remote Code Execution Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.2CVSS7.4AI score0.47826EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/10/26 12:0 a.m.31 views

CVE-2023-46748

An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Note: Software...

8.8CVSS9.4AI score0.04468EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/10/18 12:0 a.m.31 views

CVE-2023-5631

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code. Recent assessments: Assess...

6.1CVSS5.9AI score0.75873EPSS
Exploits2References16
ATTACKERKB
ATTACKERKB
added 2023/09/21 12:0 a.m.31 views

CVE-2023-41992

The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, macOS Ventura 13.6. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS...

7.8CVSS7.5AI score0.02918EPSS
Exploits0References15
ATTACKERKB
ATTACKERKB
added 2023/09/11 12:0 a.m.31 views

CVE-2023-35674

In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Recent assessments: Assessed...

8.8CVSS6.8AI score0.02203EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/09/07 12:0 a.m.31 views

CVE-2023-41061

A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Recent assessments:...

7.8CVSS7.2AI score0.03151EPSS
Exploits0References7
Total number of security vulnerabilities5000