Lucene search
+L
AttackerkbMost viewed

75301 matches found

attackerkb
attackerkb
added 2026/01/19 8:32 p.m.15 views

CVE-2026-1175

A vulnerability was identified in birkir prime up to 0.4.0.beta.0. This impacts an unknown function of the file /graphql of the component GraphQL Directive Handler. Such manipulation leads to information exposure through error message. The attack may be performed from remote. The exploit is...

7.5CVSS5AI score0.00417EPSS
Exploits1References5Affected Software1
attackerkb
attackerkb
added 2026/01/16 12:47 p.m.15 views

CVE-2026-0615

The Librarian supervisord status page can be retrieved by the webfetch tool, which can be used to retrieve running processes within TheLibrarian backend. The vendor has fixed the vulnerability in all affected versions...

7.3CVSS5.7AI score0.00249EPSS
Exploits0References3
attackerkb
attackerkb
added 2025/05/20 6:15 p.m.15 views

CVE-2025-22157

This High severity PrivEsc Privilege Escalation vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server This PrivEsc Privilege Escalation vulnerability, wi...

8.8CVSS5.8AI score0.00612EPSS
Exploits0References4Affected Software4
attackerkb
attackerkb
added 2025/05/02 4:15 p.m.15 views

CVE-2023-53120

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix config page DMA memory leak A fix for: DMA-API: pci 0000:83:00.0: device driver has pending DMA allocations while released from device count=1...

5.5CVSS6.3AI score0.00163EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2025/04/25 3:15 p.m.15 views

CVE-2025-32432

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity...

10CVSS7.6AI score0.99803EPSS
Exploits24References8Affected Software1
attackerkb
attackerkb
added 2025/04/14 7:15 p.m.15 views

CVE-2025-1782

In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an attacker to do anything as the web server user. This flaw requires the attacker to be authenticated...

9.9CVSS6AI score0.00498EPSS
Exploits0References2Affected Software2
attackerkb
attackerkb
added 2025/04/03 2:15 p.m.15 views

CVE-2025-30889

Deserialization of Untrusted Data vulnerability in PickPlugins Testimonial Slider testimonial allows Object Injection.This issue affects Testimonial Slider: from n/a through = 2.0.13...

8.8CVSS7.2AI score0.0045EPSS
Exploits0References3
attackerkb
attackerkb
added 2025/03/04 12:0 a.m.15 views

CVE-2024-48248

NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials. Recent assessments: Assessed Attacker Value: 0 Assesse...

8.6CVSS8AI score0.9408EPSS
Exploits2References3
attackerkb
attackerkb
added 2025/03/03 12:0 a.m.15 views

CVE-2025-0289

Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service. Recent assessments: Assessed...

7.8CVSS7.6AI score0.00318EPSS
Exploits0References4
attackerkb
attackerkb
added 2025/01/16 8:15 p.m.15 views

CVE-2025-23715

Cross-Site Request Forgery CSRF vulnerability in RaymondDesign Post & Page Notes post-page-notes allows Stored XSS.This issue affects Post & Page Notes: from n/a through = 0.1.1...

7.1CVSS7.2AI score0.0018EPSS
Exploits0References3
attackerkb
attackerkb
added 2024/11/15 12:0 a.m.15 views

CVE-2024-11120

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received relat...

9.8CVSS10AI score0.28554EPSS
Exploits1References3
attackerkb
attackerkb
added 2024/06/05 7:15 p.m.15 views

CVE-2023-49927

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not...

5.3CVSS5.8AI score0.00133EPSS
Exploits0References2
attackerkb
attackerkb
added 2023/11/27 10:15 p.m.15 views

CVE-2023-42363

A use-after-free vulnerability was discovered in xasprintf function in xfuncsprintf.c:344 in BusyBox v.1.36.1...

5.5CVSS5.8AI score0.00428EPSS
Exploits1References2
attackerkb
attackerkb
added 2023/07/15 2:15 a.m.15 views

CVE-2023-38350

PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. This affects 0.6.26...

5.4CVSS6AI score0.00449EPSS
Exploits1References2
attackerkb
attackerkb
added 2023/04/05 11:0 p.m.15 views

CVE-2023-20152

Multiple vulnerabilities in specific Cisco Identity Services Engine ISE CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid...

6.7CVSS6.7AI score0.00465EPSS
Exploits0References2
attackerkb
attackerkb
added 2023/04/03 12:0 a.m.15 views

CVE-2022-43769

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream. Recent assessments: gwillcox-r7 at May 10, 2023 5:31pm UTC reported: This is a...

9.8CVSS8.6AI score0.9767EPSS
Exploits7References3
attackerkb
attackerkb
added 2023/04/03 12:0 a.m.15 views

CVE-2022-43939

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented. Recent assessments: gwillcox-r7 at May 10, 2023 5:02pm UTC reported: This is an authentication bypass in Hitachi...

9.8CVSS7.6AI score0.9767EPSS
Exploits7References3
attackerkb
attackerkb
added 2023/01/30 9:15 a.m.15 views

CVE-2023-0473

Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.3AI score0.00678EPSS
Exploits0References4
attackerkb
attackerkb
added 2023/01/10 10:15 p.m.15 views

CVE-2023-21752

Windows Backup Service Elevation of Privilege Vulnerability...

7.1CVSS7.1AI score0.05327EPSS
Exploits2References3Affected Software10
attackerkb
attackerkb
added 2022/09/17 12:0 a.m.15 views

CVE-2022-40234

Versions of IBM Spectrum Protect Plus prior to 10.1.12 excluding 10.1.12 include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can obtain the private ke...

5.9CVSS6.2AI score0.00498EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2022/07/19 10:15 p.m.15 views

CVE-2022-21539

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of th...

5CVSS6.5AI score0.00846EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2022/07/17 5:15 p.m.15 views

CVE-2022-35861

pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. Shims are executables that pass a command along to a specific versio...

7.8CVSS7.2AI score0.00288EPSS
Exploits0References2
attackerkb
attackerkb
added 2022/06/17 8:0 p.m.15 views

CVE-2022-25345

All versions of package @discordjs/opus are vulnerable to Denial of Service DoS when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash...

7.5CVSS7AI score0.01274EPSS
Exploits1References3
attackerkb
attackerkb
added 2022/06/16 6:15 p.m.15 views

CVE-2022-32545

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior...

7.8CVSS6.7AI score0.01327EPSS
Exploits0References5
attackerkb
attackerkb
added 2022/05/11 4:15 p.m.15 views

CVE-2022-22975

An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name CN of their user entry on the LDAP or AD server to include special characters, which could be used ...

6.6CVSS6.8AI score0.00925EPSS
Exploits0References2
attackerkb
attackerkb
added 2022/03/23 10:15 p.m.15 views

CVE-2022-22819

NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers ROM version 1B have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-persistent code execution via a crafted...

7.8CVSS7.7AI score0.01314EPSS
Exploits1References3
attackerkb
attackerkb
added 2022/03/18 9:15 p.m.15 views

CVE-2022-25455

Tenda AC6 v15.03.05.09multi was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function...

10CVSS7.2AI score0.01665EPSS
Exploits1References2
attackerkb
attackerkb
added 2022/02/05 10:0 a.m.15 views

CVE-2021-4198

A NULL Pointer Dereference vulnerability in the messagingipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects:...

6.1CVSS6.3AI score0.00557EPSS
Exploits0References3
attackerkb
attackerkb
added 2022/02/05 2:15 a.m.15 views

CVE-2022-0437

Cross-site Scripting XSS - DOM in NPM karma prior to 6.3.14...

6.1CVSS5.9AI score0.15174EPSS
Exploits1References4
attackerkb
attackerkb
added 2022/01/30 2:15 p.m.15 views

CVE-2022-0273

Improper Access Control in Pypi calibreweb prior to 0.6.16...

6.5CVSS5.6AI score0.0067EPSS
Exploits1References3
attackerkb
attackerkb
added 2022/01/27 9:15 p.m.15 views

CVE-2021-46498

Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsiwswebsocketObjFree in src/jsiWebSocket.c. This vulnerability can lead to a Denial of Service DoS...

5.5CVSS5.9AI score0.00638EPSS
Exploits1References2
attackerkb
attackerkb
added 2021/11/10 1:17 a.m.15 views

CVE-2021-36957

Windows Desktop Bridge Elevation of Privilege Vulnerability...

7.8CVSS7.2AI score0.0043EPSS
Exploits0References2Affected Software14
attackerkb
attackerkb
added 2021/10/13 12:0 a.m.15 views

CVE-2021-20124

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. Recent...

7.8CVSS6.8AI score0.69248EPSS
Exploits1References2
attackerkb
attackerkb
added 2021/09/30 12:15 a.m.15 views

CVE-2021-41824

Craft CMS before 3.7.14 allows CSV injection...

8.8CVSS7.3AI score0.01329EPSS
Exploits0References4
attackerkb
attackerkb
added 2021/09/27 12:0 a.m.15 views

CVE-2021-20035

Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a ‘nobody’ user which potentially leads to DoS. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

6.8CVSS7AI score0.0389EPSS
Exploits0References2
attackerkb
attackerkb
added 2020/06/16 12:0 a.m.16 views

CVE-2020-13162

A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows which runs as NT AUTHORITY/SYSTEM allows unprivileged users to run a Microsoft Installer executable with elevated privileges. Recent assessments:...

7CVSS6.4AI score0.00793EPSS
Exploits3References11
attackerkb
attackerkb
added 2020/03/03 12:0 a.m.15 views

Task Scheduler S4U Logon Elevation of Privilege

The windows task scheduler allows a split token administrator to register a task which runs as a batch job from a limited privilege context. This doesn’t require a user’s password to accomplish as the task will be run non-interactively and so doesn’t need access to the password in order to access...

2.7AI score
Exploits0References1
attackerkb
attackerkb
added 2020/02/13 12:0 a.m.15 views

FlightGear flightgear/src/Environment/fgclouds.cxx Cloud Name Handling Remote Format String

FlightGear contains a format string flaw in flightgear/src/Environment/fgclouds.cxx. The issue is triggered as format string specifiers e.g. %s and %x are not properly sanitized in user-supplied input during the handling of a specially crafted cloud name. This may allow a remote attacker to cause...

0.1AI score
Exploits0
attackerkb
attackerkb
added 2020/02/13 12:0 a.m.15 views

Novell Unicode Buffer Overflow

The Novell Messenger Client is prone to an overflow condition. The application fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted contact list file containing an arbitrary ‘name’ value of a ‘folder’ tag, a context-dependent attacker...

1.1AI score
Exploits0
attackerkb
attackerkb
added 2019/09/13 12:0 a.m.15 views

CVE-2019-11660

Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges. Recent assessments: pbarry-r7 at November 20, 2019 3:15p...

7.8CVSS2.8AI score0.07847EPSS
Exploits4References3
attackerkb
attackerkb
added 2018/07/31 12:0 a.m.15 views

CVE-2018-14581

Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12.5 allow attackers to execute code by decompiling a compiled .NET object such as a DLL or EXE file with a specific embedded resource file. Recent assessments: zeroSteiner at March 20, 2020 12:43pm UTC reported: A crafted .RESX...

7.8CVSS2.9AI score0.01838EPSS
Exploits1References4
attackerkb
attackerkb
added 2012/03/14 12:0 a.m.15 views

HP Data Protector Express 6.0.00.11974 dpwintdb.exe Buffer Overflow

Unspecified vulnerability in HP Data Protector Express aka DPX 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1498. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UT...

10CVSS0.4AI score0.62655EPSS
Exploits8References1
attackerkb
attackerkb
added 2011/08/18 11:55 p.m.15 views

CVE-2011-2955

Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via vectors related to a modal...

9.3CVSS6.2AI score0.03682EPSS
Exploits0References4
attackerkb
attackerkb
added 2009/04/03 6:30 p.m.15 views

CVE-2009-0556

Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in t...

9.3CVSS6.2AI score0.67539EPSS
Exploits5References19
attackerkb
attackerkb
added 2026/07/04 1:31 p.m.14 views

CVE-2026-14535

In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shortencodenode on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in...

8.8CVSS5.9AI score0.00321EPSS
Exploits1References5
attackerkb
attackerkb
added 2026/07/03 8:35 p.m.14 views

CVE-2026-57984

Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

7.5CVSS6.1AI score0.00429EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/07/03 6:13 a.m.14 views

CVE-2026-12064

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

6AI score0.00574EPSS
Exploits1References4Affected Software1
attackerkb
attackerkb
added 2026/07/02 2:49 p.m.14 views

CVE-2026-54409

A malicious actor with access to the network and under certain conditions could exploit an Improper Initialization vulnerability found in UniFi Protect Application to bypass authentication in UniFi Protect Cameras...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/27 9:25 a.m.14 views

CVE-2026-49416

The CONSHISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting in a heap allocation smaller than expected. Subsequent initialization of the buffer wrote beyond the end of the allocation. An...

6AI score0.00107EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/26 8:12 p.m.14 views

CVE-2026-48800

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag text content inside in shortcuts.xml is read by NppXml::valueaNode Parameters.cpp:3658 in the feedUserCmds function and stored in UserCommand.cmd without any validation. When the user clicks the corresponding entry ...

7.8CVSS5.8AI score0.0036EPSS
Exploits3References3Affected Software1
Total number of security vulnerabilities5000