Lucene search
K
AttackerkbMost viewed

74794 matches found

ATTACKERKB
ATTACKERKB
added 2023/08/29 12:0 a.m.31 views

CVE-2023-41265

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...

9.9CVSS9.3AI score0.84967EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/08/28 6:15 p.m.31 views

CVE-2023-39062

Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php...

6.1CVSS6.8AI score0.01364EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/06/02 10:15 p.m.31 views

CVE-2022-31461

Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message...

7.4CVSS7.1AI score0.00829EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2021/11/03 8:31 p.m.31 views

Pre-Auth Takeover of Build Pipelines in GoCD (CVE-2021-43287)

Please see https://blog.sonarsource.com/gocd-pre-auth-pipeline-takeover. Rapid7 Analysis Description On October 27, 2021, SonarSource published a blog post describing a pre-authenticated information disclosure vulnerability in GoCD, an open-source CI/CD server. This vulnerability is now known as...

7.5CVSS7.3AI score0.28039EPSS
Exploits2References12
ATTACKERKB
ATTACKERKB
added 2021/09/15 12:0 a.m.31 views

CVE-2021-33045

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. Recent assessments: cbeek-r7 at September 06, 2024 6:04pm UTC reported: On September 5th 2024, CISA...

10CVSS9.6AI score0.99871EPSS
Exploits13References4
ATTACKERKB
ATTACKERKB
added 2021/07/29 12:0 a.m.31 views

CVE-2021-26085

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3. Recent assessments: Assessed...

5.3CVSS5.6AI score0.99937EPSS
Exploits6References3
ATTACKERKB
ATTACKERKB
added 2020/10/21 12:0 a.m.31 views

CVE-2020-14864

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Installation. Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

7.8CVSS3.8AI score0.97233EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2020/10/06 12:0 a.m.31 views

Multiple vulnerabilities in HP Device Manager

HP published an advisory for three vulnerabilities in its Device Manager software, which lets IT admins remotely manage HP thin clients. CVEs included in the advisory are CVE-2020-6925 weak cipher, CVE-2020-6926 remote method invocation, and CVE-2020-6927 local privilege escalation. Some of these...

6.7AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2020/08/28 12:0 a.m.31 views

CVE-2020-16205

Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5. Recent assessments: gwillcox-r7 at November 25, 2020 5:11pm UTC reported: The serv...

9CVSS8AI score0.60435EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2020/08/17 12:0 a.m.31 views

CVE-2020-1571

An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka ‘Windows Setup Elevation of Privilege Vulnerability’. Recent assessments: gwillcox-r7 at September 01,...

7.8CVSS8.1AI score0.01076EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/07/29 12:0 a.m.31 views

CVE-2020-13699

TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: —play URL. An attacker could force a victim to send an NTLM authentication request and either rel...

8.8CVSS2.7AI score0.25895EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2020/07/15 12:0 a.m.31 views

CVE-2020-14511

Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers versions prior to 5.4. Recent assessments: wvu-r7 at July 31, 2020 3:51pm UTC reported: The web server is a 32-bit, big-endian MIPS...

9.8CVSS9.1AI score0.01355EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2020/05/20 12:0 a.m.31 views

CVE-2020-3280 Cisco Unified CCX Preauth RCE

A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affecte...

10CVSS4AI score0.06945EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/02/11 12:0 a.m.31 views

CVE-2020-0668

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0669, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672. Recent assessments: bwatters-r7 at April 2...

7.8CVSS0.3AI score0.2605EPSS
Exploits8References5
ATTACKERKB
ATTACKERKB
added 2020/01/14 12:0 a.m.31 views

CVE-2020-0638

An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Update Notification Manager Elevation of Privilege Vulnerability’. Recent assessments:...

7.8CVSS8.7AI score0.02928EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/01/08 12:0 a.m.31 views

CVE-2019-20361

There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter a blind SQL injection vulnerability. Recent assessments: h00die at January 20, 2021 1:48am UTC reported: A blind, time based SQL...

9.8CVSS1.5AI score0.8511EPSS
Exploits7References4
ATTACKERKB
ATTACKERKB
added 2019/06/11 12:0 a.m.31 views

CVE-2010-5330

On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi aka Show AP info because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSyn...

9.8CVSS5.2AI score0.34401EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2019/04/18 12:0 a.m.31 views

CVE-2019-3398

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has ‘Admin’ permissions for a space can exploit this pat...

9CVSS8.9AI score0.97153EPSS
Exploits10References7
ATTACKERKB
ATTACKERKB
added 2019/04/09 12:0 a.m.31 views

CVE-2019-0821

An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka ‘Windows SMB Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0703, CVE-2019-0704. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

6.5CVSS7AI score0.0964EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2018/07/11 12:0 a.m.31 views

CVE-2018-8287

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka “Scripting Engine Memory Corruption Vulnerability.” This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from...

7.6CVSS6.9AI score0.75339EPSS
Exploits9References5
ATTACKERKB
ATTACKERKB
added 2018/06/22 12:0 a.m.31 views

CVE-2018-1655

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748. Recent assessments: timb-machine at March 05, 2021 12:31am UTC reported: This bug is trivial to exploit but time consuming to gain useful advantage. Each...

5.5CVSS1.2AI score0.00425EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2017/09/05 12:0 a.m.31 views

CVE-2017-1000083

backend/comics/comics-document.c aka the comic book backend in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a “—” command-line option substring, as demonstrated by a...

7.8CVSS5AI score0.50826EPSS
Exploits9References9
ATTACKERKB
ATTACKERKB
added 2017/04/12 12:0 a.m.31 views

CVE-2017-0210

An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka “Internet Explorer Elevation of Privilege Vulnerability.” Recent...

8.8CVSS6.2AI score0.19522EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2016/11/10 12:0 a.m.31 views

CVE-2016-7202

The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” as demonstrated by the Chakra...

8.8CVSS8AI score0.8249EPSS
Exploits13References8
ATTACKERKB
ATTACKERKB
added 2016/08/18 12:0 a.m.31 views

CVE-2016-6366

Buffer overflow in Cisco Adaptive Security Appliance ASA Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka...

8.8CVSS8.9AI score0.87565EPSS
Exploits7References10
ATTACKERKB
ATTACKERKB
added 2016/02/16 12:0 a.m.31 views

CVE-2016-0752

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application’s unrestricted use of the render method and providing...

7.5CVSS6.3AI score0.95537EPSS
Exploits11References14
ATTACKERKB
ATTACKERKB
added 2015/04/22 12:0 a.m.31 views

CVE-2015-3035

Directory traversal vulnerability in TP-LINK Archer C5 1.2 with firmware before 150317, C7 2.0 with firmware before 150304, and C8 1.0 with firmware before 150316, Archer C9 1.0, TL-WDR3500 1.0, TL-WDR3600 1.0, and TL-WDR4300 1.0 with firmware before 150302, TL-WR740N 5.0 and TL-WR741ND 5.0 with...

7.8CVSS6.4AI score0.83772EPSS
Exploits5References17
ATTACKERKB
ATTACKERKB
added 2014/05/07 12:0 a.m.31 views

CVE-2014-0196

The nttywrite function in drivers/tty/ntty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the “LECHO & !OPOST” case, which allows local users to cause a denial of service memory corruption and system crash or gain privileges by triggering a race condition...

6.9CVSS7.3AI score0.22475EPSS
Exploits7References30
ATTACKERKB
ATTACKERKB
added 2013/02/14 12:0 a.m.31 views

CVE-2013-0640

Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted PDF document, as exploited in the wild in February 2013. Recent assessments: Assessed Attacker Value...

9.3CVSS7.8AI score0.86979EPSS
Exploits4References13
ATTACKERKB
ATTACKERKB
added 2012/02/16 12:0 a.m.31 views

CVE-2012-0767

Cross-site scripting XSS vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via...

6.1CVSS5AI score0.06662EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/29 7:42 p.m.30 views

CVE-2026-43724

The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination or write kernel memory...

5.7AI score0.00142EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/22 2:11 p.m.30 views

CVE-2026-9256

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

9.2CVSS6.2AI score0.04261EPSS
Exploits3References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2025/05/13 12:0 a.m.30 views

CVE-2025-4428

Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests. Recent assessments: remmons-r7 at May 22, 2025 5:27am UTC reported: On May 13, 2025, Ivanti...

8.8CVSS9.2AI score0.99899EPSS
Exploits10References2
ATTACKERKB
ATTACKERKB
added 2025/02/04 12:0 a.m.30 views

CVE-2024-40891

UNSUPPORTED WHEN ASSIGNED A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00AAFR.4C020170615 could allow an authenticated attacker to execute operating system OS commands on an affected device via Telnet...

8.8CVSS7.8AI score0.21996EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/05/14 12:0 a.m.30 views

CVE-2024-3806

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the ‘portoajaxposts’ function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in...

9.8CVSS7.9AI score0.02687EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/08/08 12:0 a.m.30 views

CVE-2023-38180

.NET and Visual Studio Denial of Service Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.5CVSS6.9AI score0.15519EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/03/24 12:0 a.m.30 views

CVE-2022-42948

Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS9.3AI score0.02706EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/02/13 12:0 a.m.30 views

CVE-2023-25717

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?loginusername=admin&password=password$curl substring. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS9.9AI score0.95326EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2021/11/17 12:0 a.m.30 views

CVE-2021-41277

Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map admin-settings-maps-custom maps-add a map support and potential local file inclusion including environment variables. URLs were not validated prior to being...

10CVSS6.5AI score0.97178EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2021/09/27 12:0 a.m.30 views

CVE-2021-20034

An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. Recent assessments: jbaines-r7 at October 12, 2021 8:21pm UTC reported: Beyon...

6.4CVSS4.5AI score0.80701EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2021/08/26 12:0 a.m.30 views

SES-by-oretnom23 -v1.0-SQL-Injection-bypass-Login

The SES-byoretnom23 -v1.0 is vulnerable in the application /elearning/classes/Login.php which is called from /elearning/dist/js/script.js app. The parameter username from the login form is not protected correctly and there is no security and escaping from malicious payloads. When the user is...

0.9AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/08/16 2:15 p.m.30 views

CVE-2021-38757

Persistent cross-site scripting XSS in Hospital Management System targeted towards web admin through contact.php...

6.1CVSS6.3AI score0.00876EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2021/03/26 12:0 a.m.30 views

CVE-2021-25369

An improper access control vulnerability in seclog file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

6.2CVSS4.3AI score0.01121EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/03/05 12:0 a.m.30 views

CVE-2020-29134

The TOTVS Fluig platform allows path traversal through the parameter “file = .. /” encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4 Recent assessments: lucxssouza at March 24, 2021 6:54pm UTC reported: Assessed Attacker Value: 5 Assessed Attacker Value:...

8.6CVSS4.6AI score0.15025EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2020/12/28 12:0 a.m.30 views

CVE-2020-35730

An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkrefaddindex in rcubestringreplacer.php. Recent assessments: Assess...

6.1CVSS6.2AI score0.32823EPSS
Exploits1References12
ATTACKERKB
ATTACKERKB
added 2020/07/28 12:0 a.m.30 views

CVE-2020-15900

A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The ‘rsearch’ calculation for the ‘post’ size resulted in a size that was too large, and could underflow to max uint32t. This was fixed...

9.8CVSS0.05186EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2020/06/05 12:0 a.m.30 views

CVE-2017-16238

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

7.4AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/02/28 12:0 a.m.30 views

CVE-2020-9442

OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there. Recent assessments: wolfthefallen at February 28, 2020 10:58pm UTC reported: Research of...

7.8CVSS8AI score0.00642EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2020/02/13 12:0 a.m.30 views

Easy Adress Book Web Server Buffer Overflow

Easy Adress Book Web Server suffers from a vulnerability while processing a user-supplied cookie, specifically the UserID parameter, which allows the attacker to cause a buffer overflow and result a crash or gain arbitrary code execution under the context of the user. This was originally discover...

8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/02/11 12:0 a.m.30 views

CVE-2020-0662

A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka ‘Windows Remote Code Execution Vulnerability’. Recent assessments: zeroSteiner at March 17, 2020 8:31pm UTC reported: Analysis performed using ipnathlp.dll from Windows Server 2019 x64 sha256:...

9CVSS8.8AI score0.13253EPSS
Exploits0References2
Total number of security vulnerabilities5000