Lucene search
K
AttackerkbMost viewed

75081 matches found

ATTACKERKB
ATTACKERKB
added 2020/07/03 12:0 a.m.25 views

CVE-2020-1425 - Windows Codecs Library RCE

A remote code execution in Windows Codecs Library has been fixed by Microsoft with out-of-band patch on 30th June 2020. The vulnerability allows attacker to remotely execute arbitrary code, if the victim opens maliciously crafted media file. Recent assessments: busterb at July 07, 2020 6:42pm UTC...

7.8CVSS8AI score0.123EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/06/09 12:0 a.m.25 views

CVE-2020-12004

The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway versions prior to 8.0.10 and Ignition 7 Gateway versions prior to 7.9.14, allowing an attacker to obtain sensitive information. Recent assessments: cdelafuente-r7 at June 26, 2020 11:13am UTC...

7.5CVSS8.5AI score0.20208EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2020/02/28 12:0 a.m.25 views

CVE-2020-9463

Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the serverip field in JSON data in an api/internal.php?object=centreonconfigurationremote request. Recent assessments: kevthehermit at February 28, 2020 7:40pm UTC reported: Centreon is a...

9CVSS0.9AI score0.04122EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2020/01/27 12:0 a.m.25 views

CVE-2020-8091

svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname. Recent assessments: Mad-robot at July 05, 2020 1:27pm UTC reported:...

6.1CVSS0.1AI score0.05214EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2019/10/28 12:0 a.m.25 views

CVE-2019-18187

Trend Micro OfficeScan versions 11.0 and XG 12.0 could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution RCE. The remote process...

7.5CVSS7.9AI score0.25125EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2019/10/24 12:0 a.m.25 views

CVE-2019-18394

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests. Recent assessments: ericalexanderorg at August 04, 2020 4:42pm UTC reported: More detail Stupid easy SSRF...

9.8CVSS2.7AI score0.32304EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2019/09/11 12:0 a.m.25 views

CVE-2019-8451

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF vulnerability due to a logic bug in the JiraWhitelist class. Recent assessments: h0ffayyy at September...

6.5CVSS1.7AI score0.94453EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2019/09/04 12:0 a.m.25 views

CVE-2019-12644

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability exists...

6.1CVSS1.6AI score0.01109EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2019/08/05 12:0 a.m.25 views

CVE-2019-4473

Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984. Recent assessments: timb-machine at March 05, 2021 12:23am UTC reported: Unlikel...

8.4CVSS2.5AI score0.0045EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2019/03/11 12:0 a.m.25 views

CVE-2018-1890

IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081. Recent assessments: timb-machine at March 05, 2021 12:26am UTC reported: Unlikely to be setUID, unlikely that you...

7.8CVSS3.8AI score0.00465EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2019/02/12 12:0 a.m.26 views

CVE-2019-5596

In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to ga...

8.8CVSS1.4AI score0.01229EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2018/06/11 12:0 a.m.25 views

CVE-2018-6961

VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future...

8.1CVSS3.8AI score0.86431EPSS
Exploits6References6
ATTACKERKB
ATTACKERKB
added 2018/02/08 12:0 a.m.25 views

CVE-2018-0125

A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The...

10CVSS3.1AI score0.55409EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2017/09/01 12:0 a.m.25 views

CVE-2017-14105

HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker – even restricted as a tenant – can add a jsp at...

7.8CVSS2.8AI score0.013EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2016/11/10 12:0 a.m.25 views

CVE-2016-7256

atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a...

9.3CVSS8.8AI score0.64835EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2016/10/14 12:0 a.m.25 views

CVE-2016-3298

Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka “Internet Explorer Information Disclosure...

6.5CVSS5.5AI score0.3279EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2016/04/21 12:0 a.m.25 views

CVE-2016-3427

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assesse...

10CVSS8.4AI score0.92334EPSS
Exploits1References77
ATTACKERKB
ATTACKERKB
added 2016/02/10 12:0 a.m.25 views

CVE-2016-0983

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute...

9.3CVSS9.2AI score0.55375EPSS
Exploits4References9
ATTACKERKB
ATTACKERKB
added 2015/01/23 12:0 a.m.25 views

CVE-2015-0310

Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on...

10CVSS1.7AI score0.15217EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2014/12/10 12:0 a.m.25 views

CVE-2014-9163

Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in December 2014. Recent assessments: gwillcox-...

10CVSS7.8AI score0.20356EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2014/08/31 12:0 a.m.25 views

CVE-2013-2597

Stack-based buffer overflow in the acdbioctl function in audioacdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that...

8.4CVSS6.6AI score0.01516EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2014/05/23 12:0 a.m.25 views

CVE-2013-1668

The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file. Recent assessments: wchen-r7 at September 12, 2019 6:08pm UTC reported: In fact, doesn’t seem like the user shoul...

8.5CVSS0.6AI score0.06977EPSS
Exploits5References7
ATTACKERKB
ATTACKERKB
added 2014/04/27 12:0 a.m.25 views

CVE-2014-1776

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this iss...

10CVSS9.5AI score0.88013EPSS
Exploits1References12
ATTACKERKB
ATTACKERKB
added 2013/07/10 12:0 a.m.25 views

Microsoft Internet Explorer Use-After-Free

Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC reported: PoC does not...

9.3CVSS7.5AI score0.23587EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2012/12/03 12:0 a.m.25 views

CVE-2012-5611 MySQL Buffer Overflow

Stack-based buffer overflow in the aclget function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to...

6.5CVSS4.1AI score0.24564EPSS
Exploits2References13
ATTACKERKB
ATTACKERKB
added 2005/09/02 12:0 a.m.25 views

CVE-2005-2773

HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 node parameter to connectedNodes.ovpl, 2 cdpView.ovpl, 3 freeIPaddrs.ovpl, and 4 ecscmg.ovpl. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...

9.8CVSS8AI score0.7409EPSS
Exploits9References9
ATTACKERKB
ATTACKERKB
added 2026/05/31 1:30 a.m.24 views

CVE-2026-10160

A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formSetEnableWizard of the file /goform/formSetEnableWizard. Such manipulation of the argument startwizard leads to stack-based buffer overflow. The attack can be launched remotely. T...

9CVSS7.8AI score0.00472EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 3:45 p.m.24 views

CVE-2026-10124

A vulnerability was determined in Shibby Tomato up to 1.28. Affected is the function ripzebrareadipv4 of the file /usr/sbin/ripd of the component Zserv Handler. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been...

9CVSS7.7AI score0.00472EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:33 p.m.24 views

CVE-2026-44287

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import with the regex /\bimport\s/.testcode. JavaScript syntax accepts a block comment between import and ; the regex matches only ASCII...

6.3CVSS6AI score0.00239EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:5 a.m.24 views

CVE-2026-47074

Improper Certificate Validation vulnerability in ex-aws exawssns ExAws.SNS, ExAws.SNS.PublicKeyCache modules allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/exaws/sns.ex, lib/exaws/sns/publickeycache.ex and program routines...

8.7CVSS5.8AI score0.00226EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:26 p.m.24 views

CVE-2026-5509

An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interface. After successfully authenticating to the admin interface, an attacker can leverage the...

8.5CVSS6.2AI score0.02458EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/22 10:22 a.m.24 views

CVE-2026-5740

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server process and cause a full service outage for all users v...

7.5CVSS5.8AI score0.00327EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/05 5:53 a.m.24 views

CVE-2026-27097

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes CasaMia | Property Rental Real Estate WordPress Theme casamia allows PHP Local File Inclusion.This issue affects CasaMia | Property Rental Real Estate WordPress Them...

5.9AI score0.00512EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/02 6:42 p.m.24 views

CVE-2026-0025

In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS6.1AI score0.00102EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/19 7:40 p.m.24 views

CVE-2026-26278

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible ...

7.5CVSS5.9AI score0.00811EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/09 5:2 a.m.24 views

CVE-2026-2216

A flaw has been found in rachelos WeRSS we-mp-rss up to 1.4.8. Impacted is the function downloadexportfile of the file apis/tools.py. Executing a manipulation of the argument filename can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used...

5.3CVSS5AI score0.00292EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/06/10 12:0 a.m.24 views

CVE-2025-33053

External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network. Recent assessments: cbeek-r7 at June 12, 2025 6:57am UTC reported: CVE-2025-33053 is a zero-day vulnerability that enables remote code execution RCE through abuse of ho...

8.8CVSS9AI score0.81558EPSS
Exploits10References3
ATTACKERKB
ATTACKERKB
added 2025/05/13 12:0 a.m.24 views

CVE-2025-32756

A stack-based buffer overflow vulnerability CWE-121 vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8,...

9.8CVSS10AI score0.31974EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2024/11/19 12:0 a.m.24 views

CVE-2024-50302

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let’s zero-initialize it during allocation to make sure that it can’t be ever used to leak kernel memory via...

5.5CVSS7.2AI score0.00809EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2024/08/29 12:0 a.m.24 views

CVE-2024-6670

In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS8AI score0.94661EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2024/08/13 12:0 a.m.24 views

CVE-2024-7593

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS7.5AI score0.99987EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2024/07/09 9:15 a.m.24 views

CVE-2024-5457

The Panda Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS6.1AI score0.00352EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2023/10/26 3:15 p.m.24 views

CVE-2023-45868

The Learning Module in ILIAS 7.25 2023-09-12 release allows an attacker with basic user privileges to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside...

8.1CVSS5.8AI score0.01116EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2022/08/25 6:15 p.m.24 views

CVE-2022-32745

A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault...

8.1CVSS6.5AI score0.00904EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/06/02 10:15 p.m.24 views

CVE-2022-31462

Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password derived from the serial number that can be found in Bluetooth broadcast data...

9.3CVSS7.5AI score0.00824EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/05/12 12:15 p.m.24 views

CVE-2022-28872

A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails in a loop...

8.8CVSS7.2AI score0.00465EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/04/12 3:19 p.m.24 views

CVE-2022-21803

This affects the package nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted...

7.5CVSS7.1AI score0.01753EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2022/03/10 11:15 p.m.24 views

CVE-2022-0815

Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed...

7.5CVSS5.5AI score0.00982EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/02/24 3:15 p.m.24 views

CVE-2022-23043

Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server...

7.2CVSS5.8AI score0.01459EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2021/05/24 12:0 a.m.24 views

CVE-2021-29256

. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0. Recent...

9CVSS6.4AI score0.0302EPSS
Exploits0References2
Total number of security vulnerabilities5000