Lucene search
K
AttackerkbMost viewed

74967 matches found

ATTACKERKB
ATTACKERKB
added 2020/10/02 12:0 a.m.29 views

CVE-2020-17382

The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow 0x80102040, 0x80102044, 0x80102050,and 0x80102054. Recent assessments: bwatters-r7 at September 09, 2020 6:09pm UTC reported: This is a vulnerability in the MSI AmbientLink Version 1.0.0.8. The vulnerability allows a regular user...

7.8CVSS2AI score0.02075EPSS
Exploits4References4
ATTACKERKB
ATTACKERKB
added 2020/07/05 12:0 a.m.29 views

CVE-2020-15466

In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations. Recent assessments: M4ximuss at July 12, 2020 1:32am UTC reported: This is a denial of service condition...

7.5CVSS1.1AI score0.03101EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2020/04/08 12:0 a.m.29 views

CVE-2020-10263 - Smart Speaker Root Shell via internal UART

An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can i read Wi-Fi SSID or password, ii read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, iii use Text-To-Speech tools pretend...

7.2CVSS6.7AI score0.0052EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2020/02/13 12:0 a.m.29 views

MS13-055 Microsoft Internet Explorer CAnchorElement Use-After-Free

Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC reported: Analysis In IE8...

9.3CVSS7.5AI score0.23587EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2020/02/05 12:0 a.m.30 views

CVE-2020-3119 (AKA: CDPwn)

A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly...

8.8CVSS2.8AI score0.05098EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2020/01/24 12:0 a.m.29 views

CVE-2019-1414

An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka ‘Visual Studio Code Elevation of Privilege Vulnerability’. Recent assessments: goodlandsecurity at May 20, 2020 2:28am UTC reported: Vulnerability: An elevation ...

7.8CVSS7.6AI score0.01045EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2020/01/07 12:0 a.m.29 views

CVE-2020-5308

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php. Recent assessments: cinzinga at March 09, 2020...

9.8CVSS0.4AI score0.15652EPSS
Exploits3References4
ATTACKERKB
ATTACKERKB
added 2019/11/25 12:0 a.m.29 views

CVE-2019-5825

Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

6.5CVSS2.1AI score0.55925EPSS
Exploits6References4
ATTACKERKB
ATTACKERKB
added 2019/10/10 12:0 a.m.29 views

CVE-2019-1320

An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka ‘Microsoft Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1322, CVE-2019-1340. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

7.8CVSS7.9AI score0.19205EPSS
Exploits25References2
ATTACKERKB
ATTACKERKB
added 2018/02/14 12:0 a.m.29 views

CVE-2018-2393

Under certain conditions SAP Internet Graphics Server IGS 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server IGS to become unavailable. Recent assessments: gwillcox-r7 at October 06, 2020 4:05pm UTC reported: This...

7.5CVSS0.3AI score0.18204EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2017/03/17 12:0 a.m.29 views

CVE-2017-0101

The kernel-mode drivers in Transaction Manager in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted...

7.8CVSS7.5AI score0.57482EPSS
Exploits3References6
ATTACKERKB
ATTACKERKB
added 2017/02/22 12:0 a.m.29 views

CVE-2017-6077

ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the pingIPAddr field of an HTTP POST request. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attack...

10CVSS9.3AI score0.68201EPSS
Exploits5References4
ATTACKERKB
ATTACKERKB
added 2017/01/30 12:0 a.m.29 views

CVE-2016-10174

The NETGEAR WNR2000v5 router contains a buffer overflow in the hiddenlangavi parameter when invoking the URL /apply.cgi?/langcheck.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution. Recent assessments: Assessed Attacker Value: 0 Assessed...

10CVSS4.9AI score0.8345EPSS
Exploits6References9
ATTACKERKB
ATTACKERKB
added 2016/06/09 12:0 a.m.29 views

CVE-2016-4523

The WAP interface in Trihedral VTScada formerly VTS 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service out-of-bounds read and application crash via unspecified vectors. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...

7.5CVSS5.7AI score0.31392EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2016/03/12 12:0 a.m.29 views

CVE-2016-1010

Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary...

9.3CVSS3AI score0.19785EPSS
Exploits1References9
ATTACKERKB
ATTACKERKB
added 2015/10/15 12:0 a.m.29 views

CVE-2015-7645

Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015. Recent assessments: Assessed Attacker Value: 0...

9.3CVSS8.7AI score0.68396EPSS
Exploits0References17
ATTACKERKB
ATTACKERKB
added 2013/02/27 12:0 a.m.29 views

CVE-2013-0643

The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted...

9.3CVSS8AI score0.10533EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2013/01/31 12:0 a.m.29 views

CVE-2013-1490

Unspecified vulnerability in Oracle Java SE 7 Update 11 JRE 1.7.011-b21 allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors, aka “Issue 51,” a different vulnerability than CVE-2013-0431. NOTE: as of 20130130, this vulnerability does not contain any...

5.3CVSS9.3AI score0.89987EPSS
Exploits8References7
ATTACKERKB
ATTACKERKB
added 2010/09/09 12:0 a.m.29 views

CVE-2010-2883

Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a PDF document with a long field in a Smart INdependent...

9.3CVSS4.5AI score0.82485EPSS
Exploits13References20
ATTACKERKB
ATTACKERKB
added 2026/05/24 7:15 a.m.28 views

CVE-2026-9363

A vulnerability was detected in Edimax EW-7438RPn 1.12. This issue affects the function formEZCHNwlanSetup of the file /goform/formEZCHNwlanSetu of the component POST Request Handler. Performing a manipulation of the argument method results in command injection. Remote exploitation of the attack ...

6.5CVSS6.4AI score0.01158EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/23 4:27 a.m.28 views

CVE-2026-9284

The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the ppc-create-order and ppc-get-order WC-AJAX endpoints in all versions up to, and including, 4.0.1. The ppc-create-order endpoi...

8.2CVSS5.9AI score0.00401EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:2 p.m.28 views

CVE-2026-44371

Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2...

5.3CVSS5.9AI score0.00262EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/13 8:29 a.m.28 views

CVE-2026-7168

Successfully using libcurl to do a transfer over a specific HTTP proxy proxyA with Digest authentication and then changing the proxy host to a second one proxyB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Proxy-Authorization: header field meant for proxyA, to...

5.8AI score0.00471EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 2:10 p.m.28 views

CVE-2026-33579

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes...

8.6CVSS5.9AI score0.00624EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/24 8:22 p.m.28 views

CVE-2025-33242

NVIDIA B300 MCU contains a vulnerability in the CX8 MCU that could allow a malicious actor to modify unsupported registries, causing a bad state. A successful exploit of this vulnerability might lead to denial of service and data tampering...

5.9CVSS5.8AI score0.00311EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/05/13 12:0 a.m.28 views

CVE-2025-32706

Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS7.2AI score0.02129EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2025/03/11 12:0 a.m.28 views

CVE-2025-24983

Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7CVSS7.2AI score0.01267EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2025/02/04 12:0 a.m.28 views

CVE-2024-40890

UNSUPPORTED WHEN ASSIGNED A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00AAFR.4C020170615 could allow an authenticated attacker to execute operating system OS commands on an affected device by sending a crafte...

8.8CVSS7.7AI score0.22421EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/01/27 12:0 a.m.28 views

CVE-2025-24085

A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been...

10CVSS7.8AI score0.18668EPSS
Exploits5References6
ATTACKERKB
ATTACKERKB
added 2024/10/29 12:0 a.m.28 views

CVE-2024-51567

upgrademysqlstatus in databases/views.py in CyberPanel aka Cyber Panel before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware which is only for a POST request and using shell metacharacters in the...

10CVSS8.2AI score0.86725EPSS
Exploits7References8
ATTACKERKB
ATTACKERKB
added 2024/09/10 12:0 a.m.28 views

CVE-2024-38217

Windows Mark of the Web Security Feature Bypass Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

5.4CVSS6.8AI score0.09756EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2024/06/07 12:0 a.m.28 views

CVE-2024-4610

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0;...

7.8CVSS7AI score0.00758EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/03/18 12:0 a.m.28 views

CVE-2024-20767

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not require user interactio...

7.4CVSS6.9AI score0.98514EPSS
Exploits7References2
ATTACKERKB
ATTACKERKB
added 2023/11/15 12:0 a.m.28 views

CVE-2023-48365

Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requests on the backe...

9.9CVSS8.1AI score0.84967EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/08/29 12:0 a.m.28 views

CVE-2023-41266

A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous...

8.2CVSS7.1AI score0.82646EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/06/02 10:15 p.m.28 views

CVE-2022-31459

Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth...

7.4CVSS7.1AI score0.00791EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/05/12 12:0 a.m.28 views

CVE-2022-29303

SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via confmail.php. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

10CVSS3.9AI score0.97961EPSS
Exploits6References3
ATTACKERKB
ATTACKERKB
added 2022/02/16 12:0 a.m.28 views

CVE-2022-24663

PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.9CVSS7.1AI score0.02047EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/01/04 2:15 p.m.28 views

CVE-2021-43711

The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution...

9.8CVSS7.3AI score0.37835EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2021/07/14 12:0 a.m.28 views

CVE-2021-31196

Microsoft Exchange Server Remote Code Execution Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.2CVSS7.5AI score0.4638EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2021/04/12 12:0 a.m.28 views

CVE-2020-28872

An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/installation/register.php allows an unauthorized person to create valid credentials. Recent assessments: noraj at June 22, 2021 4:52pm UTC reported: This gives the ability to create an administrator account while...

9.8CVSS3AI score0.03318EPSS
Exploits3References5
ATTACKERKB
ATTACKERKB
added 2021/03/26 12:0 a.m.28 views

CVE-2021-25370

An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

6.1CVSS1.6AI score0.0089EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/03/08 12:0 a.m.28 views

CVE-2021-21324

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference IDOR on “Solutions”. This vulnerability gives an unauthorized user the abili...

6.8CVSS2.8AI score0.01416EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2020/08/17 12:0 a.m.28 views

CVE-2020-1584 - Windows dnsrslvr.dll Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka ‘Windows dnsrslvr.dll Elevation of Privilege Vulnerability’. Recent assessments: gwillcox-r7 at August 17, 2020 5:24pm UTC reported: Looking at the patch for this vulnerability, one can...

7.8CVSS0.1AI score0.00901EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/07/14 12:0 a.m.28 views

CVE-2020-13925

Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely. Users of all...

10CVSS5.2AI score0.97337EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2020/04/08 12:0 a.m.28 views

CVE-2020-10977

GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects. Recent assessments: wvu-r7 at June 09, 2020 10:49pm UTC reported: @zeroSteiner pointed us to this exploit chain today: . It uses CVE-2020-10535 to satisfy the authentication requirement. Note that...

5.5CVSS0.6AI score0.42741EPSS
Exploits10References6
ATTACKERKB
ATTACKERKB
added 2020/04/06 12:0 a.m.28 views

Microsoft Internet Explorer Use-After-Free Vulnerability

Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” ! Recent assessments: ebleiweiss-r7 at September 12, 2019 6:07pm UTC reported: Wind...

9.3CVSS7.7AI score0.12736EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2020/04/02 12:0 a.m.28 views

CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. Recent assessments: 3dcyber at April 23, 2020 1:18...

8.8CVSS1.6AI score0.60727EPSS
Exploits0References19
ATTACKERKB
ATTACKERKB
added 2020/03/26 12:0 a.m.28 views

CVE-2020-10245

CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow. Recent assessments: zeroSteiner at May 07, 2020 9:03pm UTC reported: The following analysis is based on CODESYS 3.5.15.20: Installer file: CODESYS 3.5.15.20.exe, SHA-1...

10CVSS0.3AI score0.02459EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2020/03/13 12:0 a.m.28 views

CVE-2020-10086

GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read. Recent assessments: ericalexanderorg at March 16, 2020 3:52pm UTC reported: Not enough information to accurately assess ATM. Potentia...

5.3CVSS3.3AI score0.01331EPSS
Exploits0References3
Total number of security vulnerabilities5000