Lucene search
+L
AttackerkbMost viewed

75401 matches found

attackerkb
attackerkb
added 2022/02/04 2:15 a.m.16 views

CVE-2021-45998

D-Link device DIR882 DIR882FW1.30B06Hotfix02 was discovered to contain a command injection vulnerability in the LocalIPAddress parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request...

9.8CVSS8.2AI score0.03715EPSS
Exploits0References4
attackerkb
attackerkb
added 2021/12/28 2:15 p.m.16 views

CVE-2021-45903

A persistent cross-site scripting XSS issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268...

6.1CVSS5.4AI score0.01121EPSS
Exploits0References4
attackerkb
attackerkb
added 2021/06/11 12:0 a.m.16 views

CVE-2021-25395

A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

6.4CVSS6.6AI score0.00366EPSS
Exploits0References2
attackerkb
attackerkb
added 2020/09/04 12:0 a.m.16 views

WordPress File Manager Plugin < 6.9 Arbitrary File Upload

We noticed multiple cases where WordPress sites were breached using 0-day in wp-file-manager confirmed with v6.8, which was the latest version available in wordpress.org. File lib/php/connector.minimal.php can be by default opened directly, and this file loads lib/php/elFinderConnector.class.php...

0.1AI score
Exploits0References2
attackerkb
attackerkb
added 2020/06/05 12:0 a.m.16 views

CVE-2017-1135

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

5.6AI score
Exploits0References1
attackerkb
attackerkb
added 2020/03/18 12:0 a.m.16 views

CVE-2020-8467

A migration tool component of Trend Micro Apex One 2019 and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations RCE. An attempted attack requires user authentication. Recent assessments: Assessed Attacker Value: 0 Assessed...

8.8CVSS7.8AI score0.10793EPSS
Exploits0References3
attackerkb
attackerkb
added 2020/02/18 12:0 a.m.16 views

CVE-2020-9266

SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajaxserver.php. Recent assessments: J3rryBl4nks at March 09, 2020 9:14pm UTC reported: Because there is no stored XSS That I could find at least you need to have interaction for th...

6.5CVSS1.2AI score0.0052EPSS
Exploits1References2
attackerkb
attackerkb
added 2020/02/13 12:0 a.m.16 views

Siemens Solid Edge WebPartHelper ActiveX Remote Code Execution

Siemens Solid Edge ST4 and ST5 contain a flaw in the OpenInEditor method in the WPHelper.dll ActiveX control. This issue may allow a context-dependent attacker to potentially execute arbitrary commands. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC reported: Vulnerability: the...

1.3AI score
Exploits0
attackerkb
attackerkb
added 2020/02/10 12:0 a.m.16 views

CVE-2019-19195

The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB11 devices does not properly restrict link-layer data length on reception, allowing attackers in radio range to cause a denial of service crash via a crafted packet. Recent assessments: pbarry-r7 at...

6.5CVSS3.9AI score0.00697EPSS
Exploits0References3
attackerkb
attackerkb
added 2019/12/03 12:0 a.m.16 views

CVE-2019-5112

Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filterstatus was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with...

8.8CVSS5AI score0.01605EPSS
Exploits1References2
attackerkb
attackerkb
added 2019/02/05 12:0 a.m.16 views

CVE-2018-20753

Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild. Recent assessments: Assessed Attacker Value:...

9.8CVSS6.6AI score0.29551EPSS
Exploits1References3
attackerkb
attackerkb
added 2018/11/29 6:29 p.m.16 views

CVE-2018-8787

FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdiBitmapDecompress and results in a memory corruption and probably even a remote code execution...

9.8CVSS6.1AI score0.08357EPSS
Exploits1References11
attackerkb
attackerkb
added 2018/05/09 12:0 a.m.16 views

CVE-2018-0824

A remote code execution vulnerability exists in “Microsoft COM for Windows” when it fails to properly handle serialized objects, aka “Microsoft COM for Windows Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server...

8.8CVSS8.7AI score0.73185EPSS
Exploits6References6
attackerkb
attackerkb
added 2017/12/12 9:29 p.m.16 views

CVE-2017-11885

Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service...

8.5CVSS6.7AI score0.45521EPSS
Exploits6References5
attackerkb
attackerkb
added 2017/11/15 3:29 a.m.16 views

CVE-2017-11837

ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an...

7.6CVSS5.5AI score0.69802EPSS
Exploits19References5
attackerkb
attackerkb
added 2017/10/05 12:0 a.m.16 views

CVE-2017-1000253

Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 committed on April 14, 2015. This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 backported to Linux 3.10.7...

7.8CVSS7.4AI score0.10695EPSS
Exploits5References14
attackerkb
attackerkb
added 2017/08/04 12:0 a.m.16 views

CVE-2015-9107

Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn’t use a per-system key or even a salt; therefore, it’s possible to create a universal decryptor. Recent assessments: thegu...

9.8CVSS1.2AI score0.04415EPSS
Exploits0References2
attackerkb
attackerkb
added 2015/01/07 7:59 p.m.16 views

CVE-2015-0361

Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service system crash via a crafted hypercall during HVM guest teardown...

7.8CVSS5.5AI score0.02513EPSS
Exploits0References9
attackerkb
attackerkb
added 2013/02/27 12:0 a.m.16 views

CVE-2013-0648

Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted...

9.3CVSS8AI score0.11094EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/07/05 10:45 p.m.15 views

CVE-2026-14775

A vulnerability was identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected is an unknown function of the file /processlesson.php. Such manipulation of the argument userid leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly...

6.5CVSS6.4AI score0.00214EPSS
Exploits0References6Affected Software1
attackerkb
attackerkb
added 2026/07/05 4:30 p.m.15 views

CVE-2026-14764

A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. This impacts an unknown function of the file /admin/addevent.php of the component Event Management Page. Such manipulation of the argument fdetails leads to sql injection. The attack can be launched remotely. The...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6Affected Software1
attackerkb
attackerkb
added 2026/07/05 10:45 a.m.15 views

CVE-2026-14742

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function freeze of the file libs/langgraph/langgraph/internal/cache.py of the component Task Result Cache. This manipulation of the argument defaultcachekey causes use of weak hash. The attack is...

3.1CVSS5AI score0.0016EPSS
Exploits0References7Affected Software1
attackerkb
attackerkb
added 2026/07/03 8:19 p.m.15 views

CVE-2026-27657

Gitea versions before 1.25.5 allow a user to change another user's primary email address...

5.9AI score0.00345EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/06/30 10:8 p.m.15 views

CVE-2026-56249

Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite existing channels by reusing their names. Attackers with app.createchannel permission can exploit a logic mismatch between existence validation and...

7.6CVSS5.8AI score0.00257EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/30 2:30 a.m.15 views

CVE-2026-12114

The Team Members – Multi Language Supported Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

4.4CVSS5.9AI score0.00212EPSS
Exploits0References9
attackerkb
attackerkb
added 2026/06/25 6:41 p.m.15 views

CVE-2026-54917

SeaweedFS is a distributed storage system for object storage S3, file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter.SkipCleantrue. With path cleaning disabled, a .. segment inside the URL survives...

7.8CVSS5.9AI score0.00345EPSS
Exploits1References3Affected Software1
attackerkb
attackerkb
added 2026/06/24 4:29 p.m.15 views

CVE-2026-52993

In the Linux kernel, the following vulnerability has been resolved: tipc: fix double-free in tipcbufappend tipcmsgvalidate can potentially reallocate the skb it is validating, freeing the old one. In tipcbufappend, it was being called with a pointer to a local variable which was a copy of the...

5.7AI score0.00359EPSS
Exploits0References9Affected Software1
attackerkb
attackerkb
added 2026/06/24 3:34 a.m.15 views

CVE-2026-12846

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

10CVSS6.2AI score0.00427EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/06/22 12:40 p.m.15 views

CVE-2026-6653

Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper entity resolution handling...

8.3CVSS5.9AI score0.00348EPSS
Exploits1References3Affected Software1
attackerkb
attackerkb
added 2026/06/19 2:16 p.m.15 views

CVE-2025-71326

AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that...

8.5CVSS6AI score0.00127EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/06/18 11:30 p.m.15 views

CVE-2026-10746

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.2AI score
Exploits0References1
attackerkb
attackerkb
added 2026/06/18 1:51 p.m.15 views

CVE-2026-12539

Docker Sandboxes sbx blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat...

5.7CVSS5.5AI score0.00097EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/06/09 2:45 a.m.15 views

CVE-2026-11620

A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the publi...

6.9CVSS5.1AI score0.00285EPSS
Exploits0References6Affected Software1
attackerkb
attackerkb
added 2026/06/05 11:28 p.m.15 views

CVE-2026-8976

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action...

4.3CVSS5.6AI score0.0029EPSS
Exploits0References23
attackerkb
attackerkb
added 2026/06/05 11:28 p.m.15 views

CVE-2026-6448

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in all versions up to, and including, 11.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

4.9CVSS5.7AI score0.00352EPSS
Exploits0References13
attackerkb
attackerkb
added 2026/06/05 11:28 p.m.15 views

CVE-2026-7047

The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the funpajaxmodifynotes function. This makes it possible for unauthenticated attackers to trick a logged-in...

4.3CVSS5.3AI score0.00132EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/06/05 5:59 p.m.15 views

CVE-2026-45746

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Termix contains a critical Broken Access Control vulnerability due to improper validation of the sessionId parameter. The backend...

9CVSS5.8AI score0.00387EPSS
Exploits1References2Affected Software1
attackerkb
attackerkb
added 2026/06/04 1:13 p.m.15 views

CVE-2026-8037

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...

9.6CVSS6.1AI score0.4343EPSS
Exploits3References2Affected Software4
attackerkb
attackerkb
added 2026/06/04 7:9 a.m.15 views

CVE-2026-50208

High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...

9.2CVSS5.8AI score0.00141EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/04 7:4 a.m.15 views

CVE-2026-50207

The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity...

8.5CVSS5.8AI score0.00133EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/03 1:31 p.m.15 views

CVE-2024-47273

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users to write specific files via unspecified vectors...

4.3CVSS5.8AI score0.00277EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/03 10:40 a.m.15 views

CVE-2026-35081

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...

8.1CVSS6AI score0.0037EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/02 10:22 p.m.15 views

CVE-2026-31942

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference IDOR vulnerability exists in the API keys management endpoint PUT /api/keys. Due to the use of the JavaScript object spread operator after setting...

7.1CVSS5.7AI score0.00206EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/06/02 8:31 p.m.15 views

CVE-2026-49143

BrowserStack Runner through 0.9.5 contains a remote code execution vulnerability in the /log HTTP handler that allows unauthenticated network-adjacent attackers to execute arbitrary code by submitting crafted JSON request bodies to the handler, which passes user-supplied data to vm.runInNewContex...

8.8CVSS6.7AI score0.00392EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/02 6:30 p.m.15 views

CVE-2026-5073

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS5.9AI score0.01383EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/06/02 4:59 p.m.15 views

CVE-2026-33244

React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in the statically generated HTML files if the redirect location comes from an...

5.4CVSS5.8AI score0.00144EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/06/02 4:44 p.m.15 views

CVE-2026-40571

NamelessMC is website software for Minecraft servers. In version 2.2.4, core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated low-privileged users can add reactions to private...

5.3CVSS5.8AI score0.00235EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/02 3:38 p.m.15 views

CVE-2026-42074

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the dangerouslyDisableSandbox parameter is exposed as part of the BashTool input schema, meaning the LLM an untrusted principal per the project's own threat model can set ...

9.3CVSS6AI score0.00544EPSS
Exploits1References4Affected Software1
attackerkb
attackerkb
added 2026/06/02 3:24 p.m.15 views

CVE-2026-45678

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Postgres protocol parser assumes BIND message payloads contain a valid NUL-terminated portal name. A crafted empty or unterminated payload can make OBI slice beyond th...

7.5CVSS5.9AI score0.00342EPSS
Exploits1References3Affected Software1
attackerkb
attackerkb
added 2026/06/02 6:0 a.m.15 views

CVE-2026-8293

The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user's password to obtain a WordPress authentication session for that user without completing the email...

7.5CVSS5.8AI score0.00236EPSS
Exploits0References1
Total number of security vulnerabilities5000