Lucene search
K
AttackerkbMost viewed

75017 matches found

ATTACKERKB
ATTACKERKB
added 2013/11/19 12:0 a.m.22 views

CVE-2013-5223

Multiple cross-site scripting XSS vulnerabilities in D-Link DSL-2760U Gateway Rev. E1 allow remote authenticated users to inject arbitrary web script or HTML via the 1 ntpServer1 parameter to sntpcfg.cgi, username parameter to 2 ddnsmngr.cmd or 3 todmngr.tod, 4 TodUrlAdd parameter to urlfilter.cm...

5.4CVSS5.4AI score0.33567EPSS
Exploits3References19
ATTACKERKB
ATTACKERKB
added 2013/06/14 12:0 a.m.22 views

CVE-2013-3576

ginkgosnmp.inc in HP System Management Homepage SMH allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATHINFO to smhutil/snmpchp.php.en. Recent assessments: theguly at February 28, 2020 4:42pm UTC reported: this product runs as SYSTEM by default, and...

9CVSS7AI score0.66592EPSS
Exploits12References3
ATTACKERKB
ATTACKERKB
added 2013/06/14 12:0 a.m.22 views

HP Insight Diagnostics 8.20 b2878 multiple vulnerabilities

HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC reported: Environment: Tested on both windows and linux x32 platforms. The installation requires HP Insight...

10CVSS7.4AI score0.0491EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2011/09/02 12:0 a.m.22 views

CVE-2011-2763

The web interface on the LifeSize Room appliance LSRM13.5.3 11 and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoomRemoting.doCommand function in gateway.php. Recent assessments: zeroSteiner at January 13, 2020 5:56pm UTC reported: The request to...

7.5CVSS4.1AI score0.36116EPSS
Exploits8References9
ATTACKERKB
ATTACKERKB
added 2010/08/30 12:0 a.m.22 views

CVE-2010-3035

Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service peering reset via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, a...

7.5CVSS3.9AI score0.05562EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2009/06/10 12:0 a.m.22 views

CVE-2009-0563

Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word,...

9.3CVSS8AI score0.63081EPSS
Exploits1References10
ATTACKERKB
ATTACKERKB
added 2008/10/15 8:7 p.m.22 views

CVE-2008-4554

The dosplicefrom function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the OAPPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file...

4.6CVSS5.7AI score0.00392EPSS
Exploits1References26
ATTACKERKB
ATTACKERKB
added 2005/12/02 6:3 p.m.22 views

CVE-2005-3965

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-2607. Reason: This candidate is a duplicate of CVE-2004-2607. Notes: All CVE users should reference CVE-2004-2607 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

2.1CVSS5.9AI score0.0046EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/07/08 12:17 a.m.21 views

CVE-2026-60002

ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. This outcome occurs only on the client side...

7.7CVSS6AI score0.00263EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:48 p.m.21 views

CVE-2026-50128

Mastodon is a free, open-source social network server based on ActivityPub. From 4.3.0 until 4.5.11 and 4.4.18, Mastodon has a feature to let websites credit authors of their articles. To prevent false attribution claims, Mastodon uses the attributionDomains JSON-LD term, however, an error in how...

5.3CVSS5.9AI score0.00129EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:10 p.m.21 views

CVE-2026-48020

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a...

7.8CVSS5.9AI score0.00591EPSS
Exploits2References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:0 a.m.21 views

CVE-2026-35904

Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable the Telnet service via sending a crafted request to a vulnerable CGI component...

5.8AI score0.00547EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:40 a.m.21 views

CVE-2026-46229

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPUGEMCREATEVRAMWIPEONRELEASE but not AMDGPUGEMCREATEVRAMCLEARED, leaving freshly allocated VRAM with stale data from prior use...

5.8AI score0.00119EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 6:41 p.m.21 views

CVE-2026-45104

MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls SLDApplyRuleValuespsRule, psLayer, 1; for any carrying — it assumes msSLDParseRule added one class. When the rule has no symbolizer a structurally valid SLD, msSLDParseRul...

7.5CVSS5.8AI score0.0032EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:45 a.m.21 views

CVE-2026-3375

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/litespeed/v1/notifyccss and /wp-json/litespeed/v1/notifyucss REST API endpoints in all versions up to, and including, 7.7. These endpoints accept CSS content from QUIC.cloud callback notificatio...

7.2CVSS5.8AI score0.00359EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/05/24 10:45 p.m.21 views

CVE-2026-9403

A vulnerability was determined in Edimax BR-6675nD 1.12. The impacted element is the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component POST Request Handler. This manipulation of the argument selSSID causes buffer overflow. The attack may be initiated remotely. The...

9CVSS6.2AI score0.00445EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/20 7:12 p.m.21 views

CVE-2026-9123

Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS prior to 148.0.7778.179 allowed a local attacker to execute arbitrary code inside a sandbox via malicious network traffic. Chromium security severity: Medium...

7.5CVSS6.4AI score0.00187EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/14 7:52 p.m.21 views

CVE-2026-8544

Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.0028EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/06 2:15 a.m.21 views

CVE-2026-7573

An authorization bypass CWE-639 in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy roles and permissions for any user across all organizations by supplying targeted Name and Org...

5CVSS5.8AI score0.00255EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/03 12:30 p.m.21 views

CVE-2026-7696

A vulnerability was found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This impacts an unknown function of the file /SubstationWEBV2/main/uploadH5Files. The manipulation of the argument File results in unrestricted upload. The attack may be launched...

6.5CVSS6.2AI score0.00224EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/25 4:15 p.m.21 views

CVE-2026-32499

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through = 7.7.9...

5.9AI score0.00283EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/23 8:21 p.m.21 views

CVE-2026-3055

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread...

9.8CVSS5.8AI score0.83996EPSS
Exploits7References4Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/03/23 7:10 p.m.21 views

CVE-2026-30849

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of an improper type checking on the password parameter. Other database backends are not...

9.3CVSS5.9AI score0.00413EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/07 2:32 p.m.21 views

CVE-2026-3664

A vulnerability was determined in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::compounddocument::readdirectory of the file source/detail/cryptography/compounddocument.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to out-of-bounds rea...

4.8CVSS5.4AI score0.00179EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/02 9:20 p.m.21 views

CVE-2026-3337

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...

8.2CVSS5.9AI score0.01079EPSS
Exploits0References4Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/02/27 9:44 p.m.21 views

CVE-2026-28415

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the redirecttotarget function in Gradio's OAuth flow accepts an unvalidated targeturl query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback...

4.7CVSS6AI score0.00232EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/20 10:30 a.m.21 views

CVE-2026-26995

Further research determined the issue is an external dependency vulnerability...

5.4AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/10 9:58 a.m.21 views

CVE-2026-23719

A vulnerability has been identified in Simcenter Femap All versions V2512, Simcenter Nastran All versions V2512. The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the curre...

7.8CVSS6AI score0.00131EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/08 4:32 p.m.21 views

CVE-2026-2163

A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTPST/REMOTEADDR/REMOTEPORT/SERVERID leads to command injection. The attack may be launched remotely. The exploit is publicly availabl...

5.8CVSS5.1AI score0.0568EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/10/16 2:2 p.m.21 views

CVE-2025-11839

A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tgtagtype of the file prdbg.c. Performing a manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks...

5.5CVSS5AI score0.00256EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/05/13 12:0 a.m.21 views

CVE-2025-4427

An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API. Recent assessments: remmons-r7 at May 22, 2025 5:21am UTC reported: On May 13, 2025, Ivanti published an adviso...

8.8CVSS8.9AI score0.99899EPSS
Exploits10References2
ATTACKERKB
ATTACKERKB
added 2024/09/06 12:0 a.m.21 views

CVE-2021-26138

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit...

7.8AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/08/22 11:15 a.m.21 views

CVE-2024-39744

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

4.3CVSS5.7AI score0.00174EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2024/07/10 12:0 a.m.21 views

CVE-2024-4879

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted...

9.8CVSS9.8AI score0.99976EPSS
Exploits8References4
ATTACKERKB
ATTACKERKB
added 2024/05/03 2:15 a.m.21 views

CVE-2023-32172

Unified Automation UaGateway OPC UA Server Use-After-Free Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability. The...

6.5CVSS5.8AI score0.01374EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/01/24 7:30 a.m.21 views

CVE-2022-4554

B2B Customer Ordering System developed by ID Software Project and Consultancy Services before version 1.0.0.347 has an authenticated Reflected XSS vulnerability. This has been fixed in the version 1.0.0.347...

5.4CVSS6AI score0.00337EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/01/01 1:15 a.m.21 views

CVE-2022-43821

To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used...

5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/25 6:15 p.m.21 views

CVE-2022-32745

A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault...

8.1CVSS6.5AI score0.00904EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/08/16 5:0 p.m.21 views

CVE-2022-30576

The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, and TIBCO Statistica Trial contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site...

8.7CVSS5.9AI score0.00443EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/03/28 7:15 p.m.21 views

CVE-2022-26980

Teampass 2.1.26 allows reflected XSS via the index.php PATHINFO...

6.1CVSS5.8AI score0.01071EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/03/11 11:15 a.m.21 views

CVE-2022-0870

Server-Side Request Forgery SSRF in GitHub repository gogs/gogs prior to 0.12.5...

5.3CVSS6.1AI score0.03422EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/03/10 5:47 p.m.21 views

CVE-2022-25824

Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...

4CVSS6AI score0.00231EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/02/17 7:15 p.m.21 views

CVE-2022-22912

Prototype pollution vulnerability via .parse in Plist before v3.0.4 allows attackers to cause a Denial of Service DoS and may lead to remote code execution...

9.8CVSS7.6AI score0.02553EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/01/25 1:15 p.m.21 views

CVE-2022-23223

On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later...

7.5CVSS7.1AI score0.04306EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2021/08/04 12:0 a.m.21 views

CVE-2021-20028

Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access SRA products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

9.8CVSS9.9AI score0.30084EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/06/09 12:0 a.m.21 views

CVE-2020-10644

The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway versions prior to 8.0.10 and Ignition 7 Gateway versions prior to 7.9.14, allowing an attacker to obtain sensitive information. Recent assessments:...

7.5CVSS8.6AI score0.20208EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2020/06/02 12:0 a.m.21 views

Windowsrcer IE/Edge Cross-URL vulnerabilities

Cross-Origin bugs in IE and Edge allow bypassing SOP in both browsers. 0-days released by James Lee @Windowsrcer Recent assessments: busterb at August 21, 2019 4:31pm UTC reported: A SOP bug requires the attacker to inject a resource into one domain, and be listening on another. Such a...

6.8AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2020/04/08 12:0 a.m.21 views

CVE-2020-1984

Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with ‘create folders or append data’ access to the root of the OS disk C: to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo f...

7.8CVSS1.8AI score0.00311EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/03/30 12:0 a.m.21 views

CVE-2020-10560

An issue was discovered in Open Source Social Network OSSN through 5.3. A user-controlled file path with a weak cryptographic rand can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the...

5.9CVSS0.7AI score0.03797EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2020/03/23 12:0 a.m.21 views

CVE-2020-8864

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login...

8.8CVSS2.9AI score0.80221EPSS
Exploits0References3
Total number of security vulnerabilities5000