Lucene search
+L
AttackerkbMost viewed

75202 matches found

attackerkb
attackerkb
added 2026/01/20 4:14 a.m.20 views

CVE-2026-0899

Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.5AI score0.00382EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/01/14 6:4 p.m.20 views

CVE-2026-22819

Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. This vulnerability is fixed in 0.1.5...

5.9CVSS5.5AI score0.0021EPSS
Exploits1References3Affected Software1
attackerkb
attackerkb
added 2025/04/24 12:0 a.m.20 views

CVE-2025-31324

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availabili...

10CVSS6.7AI score0.99406EPSS
Exploits18References4
attackerkb
attackerkb
added 2025/04/16 12:0 a.m.20 views

CVE-2025-31200

A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a repor...

9.8CVSS6.8AI score0.21922EPSS
Exploits6References5
attackerkb
attackerkb
added 2025/03/11 12:0 a.m.20 views

CVE-2025-24991

Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

5.5CVSS6.3AI score0.01852EPSS
Exploits0References2
attackerkb
attackerkb
added 2025/01/18 12:0 a.m.20 views

CVE-2025-23209

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution RCE vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a...

8.1CVSS8.1AI score0.04714EPSS
Exploits1References4
attackerkb
attackerkb
added 2025/01/08 12:0 a.m.20 views

CVE-2024-50603

An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloudtype for...

10CVSS7.7AI score0.98545EPSS
Exploits5References4
attackerkb
attackerkb
added 2024/08/21 12:0 a.m.20 views

CVE-2024-7965

Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS6.5AI score0.17227EPSS
Exploits2References3
attackerkb
attackerkb
added 2024/08/13 12:0 a.m.20 views

CVE-2024-28986

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it...

9.8CVSS10AI score0.84628EPSS
Exploits0References3
attackerkb
attackerkb
added 2024/04/22 12:0 a.m.20 views

CVE-2024-27348

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue. Recent assessments: jheysel-r7...

9.8CVSS8.2AI score0.9921EPSS
Exploits11References5
attackerkb
attackerkb
added 2023/12/08 8:15 p.m.20 views

CVE-2023-46493

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js...

5.3CVSS5.8AI score0.01001EPSS
Exploits0References3
attackerkb
attackerkb
added 2023/09/28 2:15 p.m.20 views

CVE-2023-43867

D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanL2TP function...

7.5CVSS5.9AI score0.00826EPSS
Exploits1References3
attackerkb
attackerkb
added 2022/10/03 12:0 a.m.20 views

CVE-2022-42013

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

2.7AI score
Exploits0References1
attackerkb
attackerkb
added 2022/08/21 11:14 a.m.20 views

CVE-2022-36779

PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router with GPS4 Unauthenticated OS Command Injection Proscend M330-w / M33-W5 / M350-5G / M350-W5G / M350-6 / M350-W6 / M301-G / M301-GW ADVICE ICR 111WG /...

9.8CVSS5.8AI score0.02346EPSS
Exploits2References2Affected Software4
attackerkb
attackerkb
added 2022/08/12 8:15 p.m.20 views

CVE-2022-2619

Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page...

4.3CVSS6.3AI score0.00353EPSS
Exploits0References6
attackerkb
attackerkb
added 2022/07/25 2:15 p.m.20 views

CVE-2022-2514

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...

8CVSS6.8AI score0.00698EPSS
Exploits1References3
attackerkb
attackerkb
added 2022/07/22 11:15 p.m.20 views

CVE-2022-34114

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId...

8.8CVSS7.2AI score0.00779EPSS
Exploits1References2
attackerkb
attackerkb
added 2022/07/18 5:15 p.m.20 views

CVE-2022-2444

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...

8.8CVSS6AI score0.02196EPSS
Exploits0References7
attackerkb
attackerkb
added 2022/06/28 10:15 p.m.20 views

CVE-2022-31884

Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys...

6.5CVSS5.4AI score0.01129EPSS
Exploits1References4
attackerkb
attackerkb
added 2022/03/15 5:15 p.m.20 views

CVE-2022-27195

Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their build.xml files. These values are stored unencrypted and can be viewed by users with access to...

5.5CVSS5.8AI score0.00377EPSS
Exploits0References3
attackerkb
attackerkb
added 2021/10/06 12:0 a.m.20 views

CVE-2021-25489

Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

5.5CVSS6.5AI score0.00499EPSS
Exploits0References2
attackerkb
attackerkb
added 2021/03/26 12:0 a.m.20 views

CVE-2021-25372

An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.2CVSS6.8AI score0.00804EPSS
Exploits0References3
attackerkb
attackerkb
added 2021/02/10 12:0 a.m.20 views

CVE-2021-23874

Arbitrary Process Execution vulnerability in McAfee Total Protection MTP prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.2CVSS7.9AI score0.01026EPSS
Exploits0References2
attackerkb
attackerkb
added 2020/09/09 12:0 a.m.20 views

CVE-2020-2037

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1...

9CVSS7.6AI score0.0356EPSS
Exploits0References2
attackerkb
attackerkb
added 2020/07/15 12:0 a.m.20 views

CVE-2020-14644

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle...

9.8CVSS7.5AI score0.94465EPSS
Exploits1References2
attackerkb
attackerkb
added 2020/06/04 12:0 a.m.20 views

CVE-2020-10546

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes’ passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. Recent assessments: theguly at...

9.8CVSS4.1AI score0.99683EPSS
Exploits15References3
attackerkb
attackerkb
added 2020/04/06 12:0 a.m.20 views

CVE-2020-7356

CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter ‘wayfinderseqid’ in wayfindermeetinginput.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injectin...

10CVSS10AI score0.14014EPSS
Exploits5References3
attackerkb
attackerkb
added 2020/02/25 12:0 a.m.20 views

CVE-2020-8818

An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings merchant ID, secret key, etc. and therefor...

8.1CVSS8.1AI score0.04877EPSS
Exploits11References4
attackerkb
attackerkb
added 2020/02/06 12:0 a.m.20 views

CVE-2020-8657

An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key hardcoded as EONAPIKEY in include/apifunctions.php for API version 2.4.2 by default for all installations, hence allowing an attacker to calculate/guess the admin access token. Recent assessments: Assessed Attack...

9.8CVSS4.5AI score0.91874EPSS
Exploits4References3
attackerkb
attackerkb
added 2019/04/17 12:0 a.m.20 views

Intel CPU Memory Mapping Local Information Leak: 'Spoiler'

Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access. Recent assessments: busterb at April 10, 2020 1:12pm UTC reported: Another in the long line of speculative side-channel attacks, this...

3.8CVSS2.6AI score0.00931EPSS
Exploits0References3
attackerkb
attackerkb
added 2019/03/08 12:0 a.m.20 views

CVE-2019-9627

A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker without Administrator privileges to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path. Recent assessments:...

7CVSS3AI score0.00412EPSS
Exploits0References4
attackerkb
attackerkb
added 2018/10/12 12:0 a.m.20 views

Nuuo Central Management Server Session Bruteforce

Nuuo Central Management Server v3.1 and prior use an 8 digit session cookie that could be bruteforced. The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution. Recent assessments:...

9.8CVSS9.1AI score0.29639EPSS
Exploits2References6
attackerkb
attackerkb
added 2018/03/02 10:29 p.m.20 views

CVE-2015-7964

SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module...

7.8CVSS5.5AI score0.00399EPSS
Exploits0References6
attackerkb
attackerkb
added 2018/03/02 10:29 p.m.20 views

CVE-2015-7967

SafeNet Authentication Service for Citrix Web Interface Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module...

7.8CVSS5.5AI score0.00399EPSS
Exploits0References6
attackerkb
attackerkb
added 2014/07/26 12:0 a.m.20 views

Shunra Network Virtualization for Hewlett-Packard toServerObject() Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Network Visualization. Authentication is not required to exploit this vulnerability. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC reported: The specific flaw exists...

9.4CVSS7.8AI score0.19407EPSS
Exploits0References3
attackerkb
attackerkb
added 2013/04/08 4:55 p.m.20 views

CVE-2013-0109

The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not properly handle exceptions, which allows local users to gain privileges or cause a denial of service memory overwrite via a crafted application...

7.2CVSS5.5AI score0.04472EPSS
Exploits6References4
attackerkb
attackerkb
added 2012/12/30 12:0 a.m.20 views

CVE-2012-4792

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that 1 was not properly allocated or 2 is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild...

9.3CVSS7.8AI score0.78823EPSS
Exploits12References16
attackerkb
attackerkb
added 2012/09/18 12:0 a.m.20 views

Microsoft Internet Explorer execCommand Use-After-Free

Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC...

9.3CVSS1AI score0.81716EPSS
Exploits8References1
attackerkb
attackerkb
added 2011/02/19 12:0 a.m.20 views

Cisco Security Agent Management Console st_upload File Creation

The Management Console webagent.exe in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted stupload request. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC...

10CVSS0.5AI score0.19617EPSS
Exploits9References1
attackerkb
attackerkb
added 2008/06/20 11:48 a.m.20 views

CVE-2008-2791

SQL injection vulnerability in product.detail.php in Kalptaru Infotech Comparison Engine Power Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter...

7.5CVSS6.4AI score0.00973EPSS
Exploits1References5
attackerkb
attackerkb
added 2026/06/08 3:26 p.m.19 views

CVE-2026-49975

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's modhttp leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67...

5.4AI score0.11471EPSS
Exploits8References2Affected Software1
attackerkb
attackerkb
added 2026/06/03 1:16 p.m.19 views

CVE-2026-8404

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

3.1CVSS5.8AI score0.00285EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/06/02 1:9 p.m.19 views

CVE-2026-7312

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.8441, 15.3.8500 to 15.3.8531, and 15.4.8600 to 15.4.8630 allows a remote unauthenticated attacker to...

10CVSS5.8AI score0.00441EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/06/01 5:0 a.m.19 views

CVE-2026-10226

A flaw has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulation of the argument userid/courseid/teacherid/studentid/applicationid can lead to sql injection. The...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/06/01 4:30 a.m.19 views

CVE-2026-10224

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handlewebhookrequest of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...

6.9CVSS5.6AI score0.00372EPSS
Exploits0References5Affected Software1
attackerkb
attackerkb
added 2026/05/31 12:4 p.m.19 views

CVE-2026-49489

OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php to perform...

8.5CVSS5.9AI score0.00263EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/05/30 2:55 p.m.19 views

CVE-2018-25426

WinMTR 0.91 contains a denial of service vulnerability that allows attackers to crash the application by sending a malformed payload file containing a large buffer of repeated characters. Attackers can create a specially crafted input file with 238 bytes of data to trigger a buffer overflow...

8.7CVSS6AI score0.00514EPSS
Exploits1References4Affected Software1
attackerkb
attackerkb
added 2026/05/28 4:41 p.m.19 views

CVE-2026-44543

Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...

8.7CVSS5.8AI score0.00368EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/05/28 9:40 a.m.19 views

CVE-2026-46214

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix accept queue count leak on transport mismatch virtiotransportrecvlisten calls skacceptqadded before vsockassigntransport. If vsockassigntransport fails or selects a different transport, the error path returns...

5.8AI score0.00128EPSS
Exploits0References9Affected Software1
attackerkb
attackerkb
added 2026/05/28 5:59 a.m.19 views

CVE-2026-44604

A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...

7CVSS6AI score0.00547EPSS
Exploits0References4
Total number of security vulnerabilities5000