Lucene search
K
AttackerkbMost viewed

74872 matches found

ATTACKERKB
ATTACKERKB
added 2019/11/12 12:0 a.m.28 views

CVE-2019-1436

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka ‘Win32k Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1440. Recent assessments: tekwizz123 at February 21, 2020 8:00pm UTC reported: This is a...

5.5CVSS6.3AI score0.01954EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2019/10/30 12:0 a.m.28 views

Backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858

The Debian backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858; Affects Debian versions 9.9.5.dfsg-9+deb8u15; 9.9.5.dfsg-9+deb8u18; 9.10.3.dfsg.P4-12.3+deb9u5; 9.11.5.P4+dfsg-5.1 No ISC releases are affected. Other packages from other distributions who did similar...

7.5CVSS3.7AI score0.08902EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2019/08/28 12:0 a.m.28 views

CVE-2019-15752

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restar...

9.3CVSS7.7AI score0.29628EPSS
Exploits5References6
ATTACKERKB
ATTACKERKB
added 2019/03/07 12:0 a.m.28 views

Webmin 1.900 Upload Execution

Webmin 1.900 allows authenticated users with “Upload and Download” module access to upload cgi files to a webroot subdirectory and the uploaded files can be executed by sending requests to the web server. Recent assessments: jrobles-r7 at May 09, 2019 5:57pm UTC reported: Details Webmin 1.900...

7.8CVSS7.3AI score0.23689EPSS
Exploits3References4
ATTACKERKB
ATTACKERKB
added 2018/11/27 12:0 a.m.28 views

Nuuo Central Management Server Authenticated Arbitrary File Upload

Nuuo Central Management Server v3.3 and prior allow authenticated users to upload files and specify the destination in a FileName header that is vulnerable to directory traversal. Recent assessments: jrobles-r7 at May 09, 2019 5:57pm UTC reported: Details Details from module documentation in...

9.8CVSS9AI score0.15312EPSS
Exploits3References5
ATTACKERKB
ATTACKERKB
added 2018/10/15 12:0 a.m.28 views

CVE-2018-17532

Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges...

10CVSS10AI score0.71328EPSS
Exploits3References4
ATTACKERKB
ATTACKERKB
added 2018/03/28 12:0 a.m.28 views

CVE-2018-0155

A vulnerability in the Bidirectional Forwarding Detection BFD offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service DoS condition. Th...

8.6CVSS1.2AI score0.07894EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2017/08/07 12:0 a.m.28 views

CVE-2017-6663

A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to reload, resulting in a denial of service DoS condition. More Information: CSCvd88936. Known...

6.5CVSS3.9AI score0.02135EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2017/07/20 12:0 a.m.28 views

CVE-2017-6316

Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge the former name of NetScaler SD-WAN devices, the cookie name was CAKEPHP rather than CGISESSID. Recent assessments: Assessed Attacker...

10CVSS6.5AI score0.72596EPSS
Exploits4References8
ATTACKERKB
ATTACKERKB
added 2017/03/27 12:0 a.m.28 views

CVE-2016-10225

The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending “rootmydevice” to /proc/sunxidebug/sunxidebug. Recent assessments: h00die at March 24, 2020 11:24pm UTC reported: This vulnerability is unbelievably easy to...

7.8CVSS3.7AI score0.03953EPSS
Exploits2References7
ATTACKERKB
ATTACKERKB
added 2017/03/06 12:0 a.m.28 views

CVE-2017-6334

dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the hostname field of an HTTP POST request, a different vulnerability than CVE-2017-6077. Recent assessments: Assessed Attacker...

10CVSS9.2AI score0.72199EPSS
Exploits13References8
ATTACKERKB
ATTACKERKB
added 2017/01/19 12:0 a.m.28 views

CVE-2016-5198

V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page. Rece...

8.8CVSS3.7AI score0.34703EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2017/01/17 12:0 a.m.28 views

CVE-2017-5521

An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug is exploitable remotely if the remote...

8.1CVSS2.1AI score0.89294EPSS
Exploits7References5
ATTACKERKB
ATTACKERKB
added 2016/11/10 12:0 a.m.28 views

CVE-2016-7208

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-7200, CVE-2016-7201,...

8.8CVSS8.4AI score0.8249EPSS
Exploits13References4
ATTACKERKB
ATTACKERKB
added 2014/07/07 12:0 a.m.28 views

CVE-2013-3993

IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

6.5CVSS6.2AI score0.05236EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2013/08/14 12:0 a.m.28 views

Microsoft Internet Explorer EnsureRecalcNotify Use-After-Free

Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” Recent assessments: wchen-r7 at September 12, 2019 6:08pm UTC reported: Set...

9.3CVSS7.1AI score0.58427EPSS
Exploits8References5
ATTACKERKB
ATTACKERKB
added 2012/06/12 12:0 a.m.28 views

MS12-037 Microsoft Internet Explorer Same ID Property Deleted Object Handling Memory Corruption

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka “Same ID Property Remote Code Execution Vulnerability.” Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC reported: A...

9.3CVSS7.6AI score0.61655EPSS
Exploits11References4
ATTACKERKB
ATTACKERKB
added 2012/05/03 12:0 a.m.28 views

CVE-2012-1709

Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1710. Recent...

9.8CVSS5.5AI score0.11636EPSS
Exploits4References4
ATTACKERKB
ATTACKERKB
added 2012/02/16 12:0 a.m.28 views

CVE-2012-0754

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified...

9.3CVSS7.4AI score0.9203EPSS
Exploits11References9
ATTACKERKB
ATTACKERKB
added 2011/06/09 12:0 a.m.28 views

CVE-2011-1823

The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PFNETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the...

7.8CVSS6.4AI score0.41634EPSS
Exploits1References16
ATTACKERKB
ATTACKERKB
added 2026/05/28 1:22 p.m.27 views

CVE-2026-49238

An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component sshfsserver, which executes with root privileges on the host, contains a path containment bypass vulnerability within its validatepath function in src/sshfsmount/sftpserver.cpp. The function...

8.4CVSS6AI score0.00505EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:2 p.m.27 views

CVE-2026-44371

Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2...

5.3CVSS5.9AI score0.00262EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:33 a.m.27 views

CVE-2026-23394

In the Linux kernel, the following vulnerability has been resolved: afunix: Give up GC if MSGPEEK intervened. Igor Ushakov reported that GC purged the receive queue of an alive socket due to a race with MSGPEEK with a nice repro. This is the exact same issue previously fixed by commit cbcf01128d0...

5.5AI score0.00089EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 9:25 p.m.27 views

CVE-2026-3584

The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'formprocess' function. This is due to the 'preparepostdata' function mapping user-supplied keys directly into internal placeholder storage, combined with the use of...

9.8CVSS6.1AI score0.07239EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2026/03/05 5:53 a.m.27 views

CVE-2026-27326

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme window-ac-services allows PHP Local File Inclusion.This issue affects AC Services | HVAC, Air...

5.9AI score0.00403EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/12/31 10:15 p.m.27 views

CVE-2025-67706

ArcGIS Server versions 11.5 and earlier on Windows and Linux do not sufficiently validate uploaded files, enabling a remote unauthenticated attacker to upload arbitrary files to the server’s designated upload directories. However, the server’s architecture enforces controls that restrict uploaded...

7.3CVSS5.7AI score0.00325EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/03/11 12:0 a.m.27 views

CVE-2025-24985

Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS7.4AI score0.03705EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2024/10/08 12:0 a.m.27 views

CVE-2024-43573

Windows MSHTML Platform Spoofing Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.1CVSS6.9AI score0.44382EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/10/07 12:0 a.m.27 views

CVE-2024-43047

Memory corruption while maintaining memory maps of HLOS memory. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS7.3AI score0.00674EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/09/10 12:0 a.m.27 views

CVE-2024-38014

Windows Installer Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS6.9AI score0.06008EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2024/08/21 12:0 a.m.27 views

CVE-2024-28987

The SolarWinds Web Help Desk WHD software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. Recent assessments: sfewer-r7 at November 22, 2024 4:16pm UTC reported: SolarWinds Web Help Desk is described as an...

9.1CVSS9.7AI score0.93299EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2024/08/15 12:0 a.m.27 views

CVE-2024-7262

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 exclusive on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive...

9.3CVSS6.9AI score0.01773EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/08/13 12:0 a.m.27 views

CVE-2024-38213

Windows Mark of the Web Security Feature Bypass Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

6.5CVSS6.9AI score0.1337EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2024/01/12 12:0 a.m.27 views

CVE-2023-7028

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to a...

10CVSS9.5AI score0.94955EPSS
Exploits16References7
ATTACKERKB
ATTACKERKB
added 2023/11/15 12:0 a.m.27 views

CVE-2023-48365

Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requests on the backe...

9.9CVSS8.1AI score0.84967EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/07/31 12:0 a.m.27 views

CVE-2023-37580

Zimbra Collaboration ZCS 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. Recent assessments: ccondon-r7 at January 28, 2024 7:36pm UTC reported: Per Google’s Threat Analysis Group TAG, this bug was exploited as a zero-day and has been used by at least four different threat...

6.1CVSS6.4AI score0.60034EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/04/05 2:15 p.m.27 views

CVE-2023-25330

A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoi...

9.8CVSS7.5AI score0.0121EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/02/09 8:15 p.m.27 views

CVE-2023-22799

A ReDoS based DoS vulnerability in the GlobalID 1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediate...

7.5CVSS6.8AI score0.01049EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/04/25 5:15 p.m.27 views

CVE-2022-28290

Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request...

6.1CVSS5.9AI score0.01436EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2022/03/29 12:0 a.m.27 views

CVE-2022-22948

The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information. Recent assessments: Assessed Attacker Value: 0 Assessed...

6.5CVSS6.7AI score0.13935EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2021/09/15 12:0 a.m.27 views

CVE-2021-38646

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS3.9AI score0.044EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/03/02 12:0 a.m.27 views

CVE-2021-21255

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch entities with IDOR from a logged in user. This is fixed in version 9.5.4. Recent assessments: indevi0...

5.8CVSS4.5AI score0.00854EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2020/10/16 12:0 a.m.27 views

CVE-2020-9907

A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

9.3CVSS4.1AI score0.03899EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2020/09/09 12:0 a.m.27 views

CVE-2020-2038

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlie...

9CVSS5.7AI score0.86086EPSS
Exploits7References2
ATTACKERKB
ATTACKERKB
added 2020/06/09 12:0 a.m.27 views

CVE-2020-1241

A security feature bypass vulnerability exists when Windows Kernel fails to properly sanitize certain parameters.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system.The update addresses the vulnerability by...

7.8CVSS8AI score0.03178EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/05/22 12:0 a.m.27 views

CVE-2020-1956

Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...

10CVSS3.3AI score0.97337EPSS
Exploits2References14
ATTACKERKB
ATTACKERKB
added 2020/05/11 12:0 a.m.27 views

CVE-2020-11108

The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges t...

9CVSS0.1AI score0.78262EPSS
Exploits17References7
ATTACKERKB
ATTACKERKB
added 2020/04/21 12:0 a.m.27 views

CVE-2020-4430

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535. Recent assessments: Assessed Attacker...

4.3CVSS6.1AI score0.68544EPSS
Exploits6References3
ATTACKERKB
ATTACKERKB
added 2020/04/15 12:0 a.m.27 views

CVE-2020-0970

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-0968. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assess...

7.6CVSS8.1AI score0.30018EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/03/11 12:0 a.m.27 views

CVE-2020-10181

goform/formEMR30 in Sumavision Enhanced Multimedia Router EMR 3.0.4.27 allows creation of arbitrary users with elevated privileges administrator on a device, as demonstrated by a setString=newuseradministrator123456 request. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

9.8CVSS9.4AI score0.14209EPSS
Exploits5References4
Total number of security vulnerabilities5000