Lucene search
K
AttackerkbMost viewed

74967 matches found

ATTACKERKB
ATTACKERKB
added 2020/05/08 12:0 a.m.26 views

CVE-2020-11530

A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to getscript/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user. Recent assessments: h00die ...

9.8CVSS1.1AI score0.95657EPSS
Exploits8References6
ATTACKERKB
ATTACKERKB
added 2020/04/27 12:0 a.m.26 views

CVE-2020-12138

AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space of the calling process. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM...

9CVSS2.4AI score0.03322EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2020/04/01 12:0 a.m.26 views

CVE-2020-10204

Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. Recent assessments: ericalexanderorg at April 03, 2020 1:18pm UTC reported: Wording on this and eludes to an authenticated RCE, but they consider an anonymous user authenticated. Nexus servers store artifacts that could be...

9CVSS4.1AI score0.24318EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2020/03/20 12:0 a.m.26 views

CVE-2020-8135

The uppy npm package 1.9.3 is vulnerable to a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems. Recent assessments: ericalexanderorg at March 21, 2020 1:52pm UTC reported: SSRF in npm package...

9.8CVSS1.1AI score0.01328EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2020/03/18 12:0 a.m.26 views

CVE-2020-8468

Trend Micro Apex One 2019, OfficeScan XG and Worry-Free Business Security 9.0, 9.5, 10.0 agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication. Recent...

10CVSS8.3AI score0.1324EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2020/03/12 12:0 a.m.26 views

CVE-2020-0791

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka ‘Windows Graphics Component Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0898. Recent assessments: zeroSteiner at April 24, 2020 10:02pm UTC...

7.8CVSS2.7AI score0.01117EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/03/08 12:0 a.m.26 views

CVE-2020-10224

An unauthenticated file upload vulnerability has been identified in adminadd.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution. Recent...

9.8CVSS5.2AI score0.05474EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2020/02/22 12:0 a.m.26 views

CVE-2020-9340

fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/opkandidat.php id parameter. Recent assessments: J3rryBl4nks at March 09, 2020 9:27pm UTC reported: This is an authenticated SQL Injection that should lead to a reverse shell. It’s very easy to identify, and to exploit. The value is low...

7.2CVSS3.4AI score0.0104EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2019/04/09 12:0 a.m.26 views

CVE-2019-0808

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0797. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

7.8CVSS7.8AI score0.53298EPSS
Exploits10References3
ATTACKERKB
ATTACKERKB
added 2019/02/28 12:0 a.m.26 views

CVE-2018-18492: Mozilla Firefox Select Element Use-After-Free

Firefox is a free and open-source web browser developed by the Mozilla Foundation. A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection, which gets garbage collected, and results in a potentially...

9.8CVSS0.3AI score0.09646EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2019/02/18 12:0 a.m.26 views

Total.js requestcontinue Directory Traversal Vulnerability

Total.js is prone to a directory traversal vulnerability. Attackers can exploit this issue and read files remotely. Recent assessments: Mad-robot at July 05, 2020 2:29pm UTC reported: Totaljs – Unathenticated Directory Traversal DESCRIPTION User can make requests like “GET...

7.5CVSS7.3AI score0.72058EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2019/01/16 12:0 a.m.26 views

CVE-2019-6447

The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to...

8.1CVSS8.2AI score0.6202EPSS
Exploits9References4
ATTACKERKB
ATTACKERKB
added 2018/11/28 12:0 a.m.26 views

CVE-2018-12122

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service DoS by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time. Recent assessments:...

7.5CVSS2.1AI score0.41288EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2018/11/06 12:0 a.m.26 views

CVE-2018-14667

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData. Recen...

9.8CVSS8.3AI score0.74171EPSS
Exploits6References9
ATTACKERKB
ATTACKERKB
added 2018/03/08 12:0 a.m.26 views

CVE-2018-0147

A vulnerability in Java deserialization used by Cisco Secure Access Control System ACS prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by...

10CVSS5.5AI score0.18554EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2017/11/06 12:0 a.m.26 views

Advantech WebAccess Webvrpcs Service Opcode 80061 Stack Buffer Overflow

There is a stack buffer overflow in Advantech WebAccess 8.2. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary code. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC reported: The stack overflow happens in sub10004BC8:...

6.8CVSS7.1AI score0.16043EPSS
Exploits4References5
ATTACKERKB
ATTACKERKB
added 2017/10/17 12:0 a.m.26 views

CVE-2014-9118

The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9CVSS9AI score0.53364EPSS
Exploits4References5
ATTACKERKB
ATTACKERKB
added 2017/09/29 12:0 a.m.26 views

CVE-2017-12234

Multiple vulnerabilities in the implementation of the Common Industrial Protocol CIP feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerabilities are due to the...

7.8CVSS5.1AI score0.07128EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2017/05/26 12:0 a.m.26 views

CVE-2017-8540

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft...

9.3CVSS7.6AI score0.71961EPSS
Exploits4References6
ATTACKERKB
ATTACKERKB
added 2016/06/17 12:0 a.m.26 views

CVE-2016-3643

SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by “sudo cat /etc/passwd.” Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS7.7AI score0.03704EPSS
Exploits5References5
ATTACKERKB
ATTACKERKB
added 2015/06/10 12:0 a.m.26 views

CVE-2015-1770

Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Uninitialized Memory Use Vulnerability.” Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.3CVSS8.8AI score0.35105EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2015/04/10 12:0 a.m.26 views

CVE-2015-1130

The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS7.5AI score0.09887EPSS
Exploits16References8
ATTACKERKB
ATTACKERKB
added 2015/02/06 12:0 a.m.27 views

CVE-2015-0320

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, and...

10CVSS8AI score0.95683EPSS
Exploits9References15
ATTACKERKB
ATTACKERKB
added 2014/08/12 12:0 a.m.26 views

CVE-2014-0546

Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via unspecified vectors. Recent assessments: gwillcox-r7 at November 22, 2020 3:25am UTC reported...

10CVSS6.6AI score0.2233EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2014/02/26 12:0 a.m.26 views

CVE-2013-7331

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild ...

6.5CVSS3.4AI score0.58023EPSS
Exploits3References7
ATTACKERKB
ATTACKERKB
added 2013/09/11 12:0 a.m.26 views

Microsoft Internet Explorer CCaret Use-After-Free

Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC reported: This is...

9.3CVSS7.2AI score0.66277EPSS
Exploits8References4
ATTACKERKB
ATTACKERKB
added 2013/03/29 12:0 a.m.26 views

Novell ZENworks Admin Studio ISProxy Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Admin Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Recent assessments: wchen-r7 at...

6.8CVSS1.2AI score0.02329EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2013/02/14 12:0 a.m.26 views

CVE-2013-0641

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value...

9.3CVSS7.8AI score0.32449EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 2012/04/10 12:0 a.m.26 views

CVE-2012-0151

The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable P...

9.3CVSS6.7AI score0.8878EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 6 days ago25 views

CVE-2026-15308

The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...

8.7CVSS5.9AI score0.00553EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/30 3:12 p.m.25 views

CVE-2026-48277

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS6.4AI score0.00855EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/30 4:0 p.m.25 views

CVE-2026-10125

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack can be...

9CVSS8AI score0.00447EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/24 9:45 a.m.25 views

CVE-2026-9371

A security vulnerability has been detected in ItzCrazyKns Vane up to 1.12.1. Affected by this issue is some unknown functionality of the file route.ts of the component API. The manipulation leads to missing authentication. The attack may be initiated remotely. The attack's complexity is rated as...

6.3CVSS5.2AI score0.00437EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/12/31 4:32 a.m.25 views

CVE-2025-15374

A vulnerability was detected in EyouCMS up to 1.7.7. The affected element is an unknown function of the file application/home/model/Ask.php of the component Ask Module. Performing a manipulation of the argument content results in cross site scripting. The attack can be initiated remotely. The...

5.4CVSS3.9AI score0.0021EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2025/10/19 10:2 p.m.25 views

CVE-2025-11947

A weakness has been identified in bftpd up to 6.2. Impacted is the function expandgroups of the file options.c of the component Configuration File Handler. Executing a manipulation can lead to heap-based buffer overflow. It is possible to launch the attack on the local host. Attacks of this natur...

4.5CVSS5.2AI score0.00165EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/05/13 12:0 a.m.25 views

CVE-2025-32701

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS7.6AI score0.01291EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/10/09 12:0 a.m.25 views

CVE-2024-9465

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expeditio...

9.2CVSS8.1AI score0.99597EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2024/06/06 12:0 a.m.25 views

CVE-2024-28995

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. Recent assessments: sfewer-r7 at June 13, 2024 9:17am UTC reported: Based upon our Rapid7 Analysis, I have rated the attacker value of this vulnerability...

8.6CVSS8AI score0.99614EPSS
Exploits8References3
ATTACKERKB
ATTACKERKB
added 2024/05/31 12:0 a.m.25 views

CVE-2024-29824

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. Recent assessments: cdelafuente-r7 at July 23, 2024 8:10am UTC reported: Ivanti Endpoint Manager EPM versions 2022 SU5 a...

9.6CVSS9.1AI score0.99951EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2023/11/09 10:15 p.m.25 views

CVE-2023-29975

An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification...

7.2CVSS7AI score0.01679EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/09/22 12:0 a.m.25 views

CVE-2023-43770

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcubestringreplacer.php behavior. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

6.1CVSS5.9AI score0.58483EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2023/07/06 2:15 p.m.25 views

CVE-2021-46896

Buffer Overflow vulnerability in PX4-Autopilot allows attackers to cause a denial of service via handler function handling msgid 332...

7.5CVSS7.2AI score0.00815EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/01/10 12:0 a.m.25 views

CVE-2022-22265

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS9.2AI score0.00392EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/08/13 12:0 a.m.25 views

CVE-2021-36380

Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

10CVSS7.5AI score0.97599EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2021/05/21 3:15 p.m.25 views

CVE-2021-31474

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library. The issue results...

10CVSS7.4AI score0.94431EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2020/10/28 12:0 a.m.25 views

CVE-2018-19953

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on buil...

6.1CVSS5.1AI score0.23894EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/09/11 12:0 a.m.25 views

CVE-2020-0878

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

7.5CVSS6.2AI score0.02696EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/08/06 12:0 a.m.25 views

CVE-2020-7360

An Uncontrolled Search Path Element CWE-427 vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was...

7.4CVSS1.3AI score0.00487EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2020/07/03 12:0 a.m.25 views

CVE-2020-1425 - Windows Codecs Library RCE

A remote code execution in Windows Codecs Library has been fixed by Microsoft with out-of-band patch on 30th June 2020. The vulnerability allows attacker to remotely execute arbitrary code, if the victim opens maliciously crafted media file. Recent assessments: busterb at July 07, 2020 6:42pm UTC...

7.8CVSS8AI score0.123EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/06/09 12:0 a.m.25 views

CVE-2020-12004

The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway versions prior to 8.0.10 and Ignition 7 Gateway versions prior to 7.9.14, allowing an attacker to obtain sensitive information. Recent assessments: cdelafuente-r7 at June 26, 2020 11:13am UTC...

7.5CVSS8.5AI score0.20208EPSS
Exploits4References3
Total number of security vulnerabilities5000