Lucene search
+L
AttackerkbMost viewed

75202 matches found

attackerkb
attackerkb
added 2026/03/12 6:27 p.m.17 views

CVE-2026-3497

Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpktdisconnect on an error, which does not terminate the...

6.9CVSS6AI score0.0218EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/03/11 7:39 p.m.17 views

CVE-2026-31974

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, OpenProject SMTP test endpoint POST /admin/settings/mailnotifications accepts arbitrary host and port values and exhibits measurable differences in response behaviour depending on whether the target IP exists a...

3CVSS5.9AI score0.00156EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/03/06 7:23 a.m.17 views

CVE-2026-29074

SVGO, short for SVG Optimizer, is a Node.js library and command-line application for optimizing SVG files. From version 2.1.0 to before version 2.8.1, from version 3.0.0 to before version 3.3.3, and before version 4.0.1, SVGO accepts XML with custom entities, without guards against entity expansi...

7.5CVSS5.7AI score0.00612EPSS
Exploits1References2Affected Software1
attackerkb
attackerkb
added 2026/03/04 7:12 a.m.17 views

CVE-2026-28772

A Reflected Cross-Site Scripting XSS vulnerability in the /IDCLogging/index.cgi endpoint of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101 allows a remote attacker to execute arbitrary web scripts or HTML. The vulnerability is...

5.1CVSS6.2AI score0.0021EPSS
Exploits1References2Affected Software1
attackerkb
attackerkb
added 2026/03/03 2:41 a.m.17 views

CVE-2026-20801

Cleartext Transmission of Sensitive Information CWE-319 in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams. This issue affects all versions of Gallagher NxWitness VMS integration...

5.6CVSS5.9AI score0.00102EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/01/28 6:7 p.m.17 views

CVE-2026-24772

OpenProject is an open-source, web-based project management software. To enable the real time collaboration on documents, OpenProject 17.0 introduced a synchronization server. The OpenPrioject backend generates an authentication token that is currently valid for 24 hours, encrypts it with a share...

8.9CVSS5.9AI score0.00159EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/01/28 5:30 a.m.17 views

CVE-2026-1083

The Appointment Hour Booking – Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form field configuration parameters in all versions up to, and including, 1.5.60 due to insufficient input sanitization and output escaping on the 'Min length/characters' and 'Max...

4.4CVSS5.9AI score0.00262EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/01/23 12:0 a.m.17 views

CVE-2025-70985

Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope...

9.1CVSS5.9AI score0.00382EPSS
Exploits1References5
attackerkb
attackerkb
added 2026/01/16 8:10 p.m.17 views

CVE-2026-23744

MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution RCE vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam...

9.8CVSS6.5AI score0.43671EPSS
Exploits35References3Affected Software1
attackerkb
attackerkb
added 2026/01/15 7:20 p.m.17 views

CVE-2026-23520

Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to r...

9CVSS5.7AI score0.01643EPSS
Exploits6References5Affected Software1
attackerkb
attackerkb
added 2025/08/30 1:57 p.m.17 views

CVE-2012-10062

A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, accessible via /webdav/, accepts HTTP PUT requests using default credentials. This permits...

8.7CVSS6.6AI score0.01209EPSS
Exploits2References4
attackerkb
attackerkb
added 2025/04/07 4:15 a.m.17 views

CVE-2025-20657

In vdec, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09486425; Issue ID: MSV-2609...

6.7CVSS5.8AI score0.00087EPSS
Exploits0References2
attackerkb
attackerkb
added 2025/03/15 12:0 a.m.17 views

CVE-2025-30066

tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code...

8.6CVSS8.6AI score0.41008EPSS
Exploits2References20
attackerkb
attackerkb
added 2025/01/14 12:0 a.m.17 views

CVE-2024-13160

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS7.2AI score0.89738EPSS
Exploits1References2
attackerkb
attackerkb
added 2024/10/04 12:15 p.m.17 views

CVE-2024-6400

Cleartext Storage of Sensitive Information, Exposure of Sensitive Information Through Data Queries vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data, Authentication Bypass, IMAP/SMTP Command Injection, Collect Data from Common Resource Locations. This issue solved in...

8.2CVSS5.8AI score0.0062EPSS
Exploits0References3
attackerkb
attackerkb
added 2024/09/19 12:0 a.m.17 views

CVE-2024-8963

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.4CVSS7.2AI score0.98557EPSS
Exploits2References2
attackerkb
attackerkb
added 2023/10/31 1:15 a.m.17 views

CVE-2023-31794

MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdfmarklistpush. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted PDF file...

5.5CVSS5.7AI score0.00233EPSS
Exploits0References5
attackerkb
attackerkb
added 2023/07/14 6:15 p.m.17 views

CVE-2023-37224

An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via the log files...

6CVSS6.1AI score0.00188EPSS
Exploits0References3
attackerkb
attackerkb
added 2023/05/22 6:15 p.m.17 views

CVE-2023-2839

Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2...

7.5CVSS6.9AI score0.00639EPSS
Exploits1References4
attackerkb
attackerkb
added 2023/01/17 6:15 a.m.17 views

CVE-2022-23816

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...

6.4AI score
Exploits0References1
attackerkb
attackerkb
added 2023/01/10 10:15 p.m.17 views

CVE-2023-21557

Windows Lightweight Directory Access Protocol LDAP Denial of Service Vulnerability...

9.1CVSS7.1AI score0.02026EPSS
Exploits0References3Affected Software25
attackerkb
attackerkb
added 2022/10/03 2:15 p.m.17 views

CVE-2022-41429

Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4Atom::TypeFromString function in mp4tag...

8.8CVSS7.4AI score0.00718EPSS
Exploits1References2
attackerkb
attackerkb
added 2022/06/09 5:15 p.m.17 views

CVE-2022-26364

x86 pv: Insufficient care with non-coherent mappings This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to...

7.2CVSS5.8AI score0.00494EPSS
Exploits3References11
attackerkb
attackerkb
added 2022/04/13 12:0 a.m.17 views

CVE-2022-24816

JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging JAI API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects th...

10CVSS7.5AI score0.98739EPSS
Exploits1References3
attackerkb
attackerkb
added 2022/03/23 10:15 p.m.17 views

CVE-2022-27254

The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626...

6.5CVSS5.9AI score0.01083EPSS
Exploits3References7
attackerkb
attackerkb
added 2022/03/15 5:15 p.m.17 views

CVE-2022-27215

A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS5.9AI score0.00732EPSS
Exploits0References3
attackerkb
attackerkb
added 2022/02/18 8:15 p.m.17 views

CVE-2022-24370

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader Foxit reader 11.0.1.0719 macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...

6.5CVSS5.2AI score0.01889EPSS
Exploits0References3
attackerkb
attackerkb
added 2021/03/26 12:0 a.m.17 views

CVE-2021-25371

A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.2CVSS6.9AI score0.00802EPSS
Exploits0References3
attackerkb
attackerkb
added 2020/06/09 12:0 a.m.17 views

CVE-2020-1296 Windows Diagnostics & feedback Information Disclosure Vulnerability

A vulnerability exists in the way the Windows Diagnostics & feedback settings app handles objects in memory, aka ‘Windows Diagnostics & feedback Information Disclosure Vulnerability’. Recent assessments: busterb at June 09, 2020 11:34pm UTC reported: This is more embarrassing for Microsoft than...

5.5CVSS6.4AI score0.01261EPSS
Exploits0References2
attackerkb
attackerkb
added 2020/06/02 12:0 a.m.17 views

ThunderSpy

A combination of vulnerabilities for the Thunderbolt protocol have been announced that allow a malicious actor to access most machines with a Thunderbolt port and bypass security restrictions on the device. Recent assessments: agalauner-r7 at May 11, 2020 4:37pm UTC reported: The risks of DMA...

0.9AI score
Exploits0References2
attackerkb
attackerkb
added 2020/05/27 12:0 a.m.17 views

CVE-2020-13386

In SmartDraw 2020 27.0.0.0, the installer gives inherited write permissions to the Authenticated Users group on the SmartDraw 2020 installation folder. Additionally, when the product is installed, two scheduled tasks are created on the machine, SDMsgUpdate Local and SDMsgUpdate TE. The scheduled...

8.2CVSS1.3AI score0.00349EPSS
Exploits1References2
attackerkb
attackerkb
added 2020/04/22 12:0 a.m.17 views

CVE-2020-10914

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PerformHandshake method. The issue results from the lack of proper...

9.8CVSS2.3AI score0.4703EPSS
Exploits3References4
attackerkb
attackerkb
added 2020/04/16 12:0 a.m.17 views

CVE-2020-7350

Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer’s hostname or service name. An attacker can create a specially-crafted hostname or service name to b...

7.8CVSS8.1AI score0.04879EPSS
Exploits4References2
attackerkb
attackerkb
added 2020/04/08 12:0 a.m.17 views

CVE-2020-1986

Improper input validation vulnerability in Secdo allows an authenticated local user with ‘create folders or append data’ access to the root of the OS disk C: to cause a system crash on every login. This issue affects all versions Secdo for Windows. Recent assessments: xFreed0m at April 10, 2020...

5.5CVSS1.5AI score0.00261EPSS
Exploits0References2
attackerkb
attackerkb
added 2020/03/25 12:0 a.m.17 views

CVE-2019-7244

An issue was discovered in kerneld.sys in AIDA64 before 5.99. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x80112084 and does not properly filter the Model Specific Register MSR. Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. Recent...

9CVSS3.5AI score0.02394EPSS
Exploits1References2
attackerkb
attackerkb
added 2020/03/18 12:0 a.m.17 views

CVE-2020-8599

Trend Micro Apex One 2019 and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability. Recent assessments:...

10CVSS9.5AI score0.11576EPSS
Exploits0References3
attackerkb
attackerkb
added 2020/03/16 12:0 a.m.17 views

CVE-2020-10557

An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions. Recen...

8.8CVSS1.3AI score0.01373EPSS
Exploits1References3
attackerkb
attackerkb
added 2020/02/13 12:0 a.m.17 views

2011/2012 Mac EFI firmware leaves BCM4331 wireless enabled when transferring control to the bootloader/OS

The EFI firmware on Macs contains a full-fledged network stack for downloading OS X images from osrecovery.apple.com. Unfortunately on Macs introduced 2011 and 2012, EFI brings up the Broadcom 4331 wireless card on every boot and leaves it enabled even after ExitBootServices has been called. The...

1.1AI score
Exploits0References3
attackerkb
attackerkb
added 2020/02/13 12:0 a.m.17 views

Profile API CreateEnvBlock Local Information Disclosure

The exported function CreateEnvBlock from profapi.dll which is used by the CreateEnvironmentBlock API function has an information disclosure vulnerability when building the environment block for a user which can be locally exploited to disclose heap memory of a process calling the API. For exampl...

0.6AI score
Exploits0References1
attackerkb
attackerkb
added 2020/01/15 12:0 a.m.17 views

Serpico admin user can be accessed without admin creds

An issue was discovered in Serpico aka SimplE RePort wrIting and CollaboratiOn tool 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password value on the Change...

6.5CVSS1.8AI score0.00864EPSS
Exploits0References2
attackerkb
attackerkb
added 2020/01/07 12:0 a.m.17 views

CVE-2020-5307

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in...

9.8CVSS1.9AI score0.15652EPSS
Exploits1References3
attackerkb
attackerkb
added 2019/10/09 12:0 a.m.17 views

iTerm2 with tmux integration is vulnerable to remote command execution

A vulnerability exists in the way that iTerm2 integrates with tmux’s control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may allow an attacker to execut...

10CVSS3.5AI score0.0248EPSS
Exploits1References4
attackerkb
attackerkb
added 2019/08/14 12:0 a.m.17 views

CVE-2019-0344

Due to unsafe deserialization used in SAP Commerce Cloud virtualjdbc extension, versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with ‘Hybris’ user rights, resulting in Code Injection. Recent assessments: Assessed Attacker Value: 0 Assess...

9.8CVSS7.9AI score0.07079EPSS
Exploits0References3
attackerkb
attackerkb
added 2019/08/13 12:0 a.m.17 views

CVE-2019-14530

An issue was discovered in custom/ajaxdownload.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file that is readable by the user www-data from server storage. If the requested file is writable for the www-data user and the directory...

8.8CVSS1.4AI score0.66891EPSS
Exploits11References6
attackerkb
attackerkb
added 2019/07/03 12:0 a.m.17 views

CVE-2018-15811

DNN aka DotNetNuke 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.5CVSS6.7AI score0.74048EPSS
Exploits4References4
attackerkb
attackerkb
added 2019/06/30 11:15 p.m.17 views

CVE-2019-13110

A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service SIGSEGV via a crafted CRW image file...

6.5CVSS5.5AI score0.01925EPSS
Exploits1References9
attackerkb
attackerkb
added 2018/12/20 12:0 a.m.17 views

CVE-2018-18629

An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary. Recent assessments: bulw4rk ...

7.8CVSS1.3AI score0.01493EPSS
Exploits2References4
attackerkb
attackerkb
added 2018/05/31 12:0 a.m.17 views

CVE-2018-11138

The ‘/common/downloadagentinstaller.php’ script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

10CVSS9.4AI score0.91931EPSS
Exploits7References4
attackerkb
attackerkb
added 2018/03/28 12:0 a.m.17 views

CVE-2018-0154

A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN ISM-VPN running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient handling of VPN traffi...

7.8CVSS3.9AI score0.07209EPSS
Exploits0References4
attackerkb
attackerkb
added 2017/06/19 12:0 a.m.17 views

CVE-2017-9757

IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF. Recent assessments: h00die at March 25, 2020 12:10am UTC reported: Authentication is required,...

8.8CVSS8.8AI score0.38498EPSS
Exploits2References4
Total number of security vulnerabilities5000