Lucene search
K
AttackerkbMost viewed

75075 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/24 3:45 a.m.19 views

CVE-2026-9353

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.23. Impacted is an unknown function of the file agent/skillsguard.py of the component Skills Guard Multi-Word Prompt Handler. The manipulation of the argument THREATPATTERNS leads to injection. Remote exploitatio...

7.5CVSS6.6AI score0.00305EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/22 3:21 a.m.19 views

CVE-2026-9054

An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic...

9.2CVSS5.8AI score0.00291EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/21 10:49 a.m.19 views

CVE-2026-43494

In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails When iovitergetpages2 fails in rdsmessagezcopyfromuser, the pinned pages are released with putpage, and rm-data.opmmpznotifier is cleared. But we fail to properly clear...

5.7AI score0.00269EPSS
Exploits3References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/18 7:0 p.m.19 views

CVE-2026-45245

Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...

7.4CVSS5.8AI score0.0033EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/05/17 12:11 p.m.19 views

CVE-2018-25339

Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data...

8.8CVSS5.9AI score0.00267EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/11 8:8 p.m.19 views

CVE-2026-28913

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash...

7.5CVSS5.8AI score0.00326EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/04 4:5 p.m.19 views

CVE-2026-29514

NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.getenvironmentparams method that allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code by specifying malicious Python callables in the...

8.8CVSS6.7AI score0.00782EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/09 8:45 p.m.19 views

CVE-2026-5979

A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack can be launched...

9CVSS7.7AI score0.0069EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 4:51 p.m.19 views

CVE-2026-33636

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit...

7.6CVSS6AI score0.00585EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/23 11:15 a.m.19 views

CVE-2026-4585

A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/ImportSystemConfiguration.jsp of the component Configuration Handler. The manipulation of the argument File leads to os command...

10CVSS5.5AI score0.03312EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/17 11:24 p.m.19 views

CVE-2026-27448

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/27 9:54 p.m.19 views

CVE-2026-28417

Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...

7.8CVSS6.1AI score0.01162EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/24 2:42 a.m.19 views

CVE-2026-27128

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a Time-of-Check-Time-of-Use TOCTOU race condition exists in Craft CMS’s token validation service for tokens that explicitly set a limited usage. The getTokenRoute method reads a token’s...

6.9CVSS5.5AI score0.00176EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/23 8:45 a.m.19 views

CVE-2026-25747

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. ...

8.8CVSS6.3AI score0.00903EPSS
Exploits2References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/19 11:1 p.m.19 views

CVE-2026-26958

filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If Point.MultiScalarMult i...

6.3CVSS5.5AI score0.00366EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/11 6:8 p.m.19 views

CVE-2026-2317

Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.6AI score0.00199EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/27 7:44 p.m.19 views

CVE-2026-24688

pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. This has been fixed in pypdf 6.6.2. If projects...

5.1CVSS5.8AI score0.00388EPSS
Exploits2References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/13 3:34 p.m.19 views

CVE-2025-71081

In the Linux kernel, the following vulnerability has been resolved: ASoC: stm32: sai: fix OF node leak on probe The reference taken to the sync provider OF node when probing the platform device is currently only dropped if the setsync callback fails during DAI probe. Make sure to drop the referen...

5.2AI score0.00111EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/04/25 12:0 a.m.19 views

CVE-2025-3928

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: “Webservers can be compromised through bad actors creating and executing webshells.” Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217...

8.8CVSS8.7AI score0.01932EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2025/04/08 12:0 a.m.19 views

CVE-2025-29824

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS7.4AI score0.13475EPSS
Exploits4References2
ATTACKERKB
ATTACKERKB
added 2025/01/14 12:0 a.m.19 views

CVE-2024-13159

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS7.2AI score0.99762EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2024/10/08 12:0 a.m.19 views

CVE-2024-9379

SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.2CVSS7.1AI score0.62988EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/09/17 12:0 a.m.19 views

CVE-2024-8956

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can...

9.1CVSS7.7AI score0.60879EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2024/09/04 12:0 a.m.19 views

CVE-2024-20439

A vulnerability in Cisco Smart Licensing Utility CSLU could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could...

9.8CVSS7.3AI score0.91911EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/03/06 1:15 a.m.19 views

CVE-2023-49973

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customersupport/index.php?page=customerlist...

6.1CVSS6AI score0.0045EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/10/19 5:15 p.m.19 views

CVE-2023-45278

Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request...

9.1CVSS7.4AI score0.01582EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/09/29 5:15 a.m.19 views

CVE-2023-44464

pretix before 2023.7.2 allows Pillow to parse EPS files...

7.8CVSS7.1AI score0.003EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/11/18 9:0 a.m.19 views

CVE-2022-24038

Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to damage the page where the agents are listed...

7.5CVSS5.4AI score0.00568EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/08/12 8:15 p.m.19 views

CVE-2022-2622

Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file...

6.5CVSS6.9AI score0.00562EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/08/11 1:3 a.m.19 views

CVE-2022-2154

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-34345. Reason: This candidate is a reservation duplicate of CVE-2022-34345. Notes: All CVE users should reference CVE-2022-34345 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

6.2CVSS5.8AI score0.00312EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/07/20 12:0 a.m.19 views

CVE-2022-26137

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability:...

8.8CVSS5.9AI score0.01852EPSS
Exploits0References9Affected Software13
ATTACKERKB
ATTACKERKB
added 2022/02/18 8:15 p.m.19 views

CVE-2022-24355

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of file name...

8.8CVSS7.7AI score0.02051EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/01/11 5:15 p.m.19 views

CVE-2022-0173

radare2 is vulnerable to Out-of-bounds Read...

9.6CVSS6.8AI score0.01105EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2021/12/23 1:15 a.m.19 views

CVE-2021-4053

Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.7AI score0.01237EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2021/10/13 12:0 a.m.19 views

CVE-2021-20123

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

7.8CVSS6.8AI score0.74279EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2021/04/28 12:0 a.m.19 views

CVE-2021-29483

ManageWiki is an extension to the MediaWiki project. The ‘wikiconfig’ API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by https://github.com/miraheze/ManageWiki/compare/99f3b2c8af18…befb83c66f5b.patch. If you are unabl...

9.4CVSS2.3AI score0.01211EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2021/01/05 12:0 a.m.19 views

CVE-2020-17519

A change introduced in Apache Flink 1.11.0 and released in 1.11.1 and 1.11.2 as well allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users shou...

9.1CVSS7.3AI score0.97856EPSS
Exploits14References32
ATTACKERKB
ATTACKERKB
added 2020/04/27 12:0 a.m.19 views

CVE-2020-1631

A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning ZTP allows an unauthenticated attacker to perform local file inclusion LFI or path traversal. Using this vulnerability...

9.8CVSS9.6AI score0.04725EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/04/15 12:0 a.m.19 views

CVE-2020-1094

An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka ‘Windows Work Folder Service Elevation of Privilege Vulnerability’. Recent assessments: bac2binary at April 15, 2020 4:47pm UTC reported: The attack complexity is very less,...

7.8CVSS7.7AI score0.00894EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/03/25 12:0 a.m.19 views

CVE-2020-5261

Saml2 Authentication services for ASP.NET NuGet package Sustainsys.Saml2 greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patche...

8.2CVSS1.4AI score0.01204EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2020/03/25 12:0 a.m.19 views

Cerberus Helpdesk Workers File User Credentials Disclosure

Cerberus Helpdesk on Version 4.2.3 Stable Build 925 and 5.4.4 and potentially below, contain an unsecured file which contains configuration details including all user’s usernames and password hashes. Recent assessments: h00die at March 25, 2020 12:30am UTC reported: Found this software in an...

2.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2020/03/20 12:0 a.m.19 views

CVE-2020-10799

The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call. Recent assessments: ericalexanderorg at March 21, 2020 1:24pm UTC reported: XXE vulnerability in library that’s in use by over 500 projects on Github. Assessed Attacker Value: 3 Assessed Attacker Value: 3Assessed...

9.8CVSS4.3AI score0.01448EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2020/03/16 12:0 a.m.19 views

CVE-2020-5849

Unraid 6.8.0 allows authentication bypass. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

10CVSS8.7AI score0.95844EPSS
Exploits8References8
ATTACKERKB
ATTACKERKB
added 2020/03/02 12:0 a.m.19 views

CVE-2020-8500

DISPUTED In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality. Recent assessments: J3rryBl4nks at March 03, 2020 7:47pm UTC reported: Due to the fact tha...

7.2CVSS3.4AI score0.0354EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2020/02/13 12:0 a.m.19 views

Inferring and hijacking VPN-tunneled TCP connections

We have discovered a vulnerability in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android which allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and...

0.6AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2019/12/19 12:0 a.m.19 views

CVE-2019-7483

In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.5CVSS4.7AI score0.03977EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2019/09/05 12:0 a.m.19 views

CVE-2019-15954: Total.js CMS 12 Widget Remote Code Execution

Total.js is a Node.js Framework for building e-commerce applications, REST services, real-time apps, or apps for Internet of Things IoT, etc. Total.js CMS is a Content Management System application that is part of the Total.js framework. A commercial version is also available, and can be seen use...

9.9CVSS9AI score0.79204EPSS
Exploits5References2
ATTACKERKB
ATTACKERKB
added 2019/08/26 12:0 a.m.19 views

CVE-2019-15637

Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop. Recent assessments: ccondon-r7 at July 26, 2024 2:21pm UTC...

8.1CVSS7.1AI score0.14314EPSS
Exploits5References5
ATTACKERKB
ATTACKERKB
added 2018/07/13 7:29 p.m.19 views

CVE-2018-8847

Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution...

9.8CVSS6.5AI score0.06838EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/07/13 12:0 a.m.19 views

CVE-2018-14054: LibMP4v2 MP4StringProperty Handling Double Free Vulnerability

LibMP4v2 is an open source MP4 processing library, designed to create and modify MP4 files as defined by ISO-IEC:14496-1:2001 MPEG-4 Systems. Originally discovered by Ruikai Liu, a double free vulnerability was found in the MP4StringProperty code. While parsing MP4 atoms, it is possible to cause ...

9.8CVSS9.1AI score0.02596EPSS
Exploits1References2
Total number of security vulnerabilities5000