Lucene search
K
AttackerkbMost viewed

75081 matches found

ATTACKERKB
ATTACKERKB
•added 2026/02/24 1:33 p.m.•14 views

CVE-2026-2778

Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

10CVSS5.9AI score0.00483EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
•added 2026/02/16 1:2 a.m.•14 views

CVE-2026-2525

A vulnerability has been found in Free5GC up to 4.1.0. This affects an unknown function of the component PFCP UDP Endpoint. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...

6.9CVSS5.1AI score0.00493EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
•added 2026/02/11 10:58 p.m.•14 views

CVE-2026-20635

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash...

4.3CVSS5.8AI score0.00295EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
•added 2026/02/11 10:58 p.m.•14 views

CVE-2026-20676

This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions...

5.3CVSS5.8AI score0.00222EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/02/10 5:51 p.m.•14 views

CVE-2026-21245

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00417EPSS
Exploits0References2Affected Software5
ATTACKERKB
ATTACKERKB
•added 2026/02/03 4:52 p.m.•14 views

CVE-2020-37115

GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access...

7.1CVSS5.3AI score0.00263EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
•added 2025/12/09 8:21 p.m.•14 views

CVE-2025-64787

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass...

4CVSS5.3AI score0.00387EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2025/05/02 4:15 p.m.•14 views

CVE-2023-53103

In the Linux kernel, the following vulnerability has been resolved: bonding: restore bond's IFFSLAVE flag if a non-eth dev enslave fails syzbot reported a warning1 where the bond device itself is a slave and we try to enslave a non-ethernet device as the first slave which fails but then in the...

5.5CVSS6.1AI score0.00165EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2025/04/24 12:0 a.m.•14 views

CVE-2025-1976

Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

8.6CVSS7.7AI score0.00751EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2025/03/12 12:0 a.m.•14 views

CVE-2025-21590

An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. A local attacker with access to the shell is able to inject arbitrary code which can compromise an affecte...

6.7CVSS7.2AI score0.01657EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2025/02/11 5:15 p.m.•14 views

CVE-2025-24472

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to...

8.1CVSS7.4AI score0.03092EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
•added 2025/02/03 2:15 a.m.•14 views

CVE-2025-0974

A vulnerability was determined in MaxD Lightning Module 4.43/4.44 on OpenCart. This issue affects some unknown processing. Executing a manipulation of the argument liop/md can lead to deserialization. The attack may be launched remotely. The attack requires a high level of complexity. The...

5CVSS5.2AI score0.0042EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
•added 2024/08/29 11:15 a.m.•14 views

CVE-2024-4428

Missing Authentication for Critical Function, Missing Authorization vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users. This issue affects Managment Portal: through 21.05.2024...

9.8CVSS5.8AI score0.00487EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2024/08/12 10:15 p.m.•14 views

CVE-2024-43210

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in LA-Studio LA-Studio Element Kit for Elementor allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.9.2...

6.5CVSS5.2AI score0.00245EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2024/07/09 5:15 p.m.•14 views

CVE-2024-35264

.NET and Visual Studio Remote Code Execution Vulnerability...

8.1CVSS5.6AI score0.02565EPSS
Exploits0References2Affected Software5
ATTACKERKB
ATTACKERKB
•added 2024/06/25 12:0 a.m.•14 views

CVE-2024-4885

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges. Recent assessments: Assessed Attacker Value: 0...

9.8CVSS8.4AI score0.99288EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
•added 2024/05/03 3:15 a.m.•14 views

CVE-2023-40505

LG Simple Editor createThumbnailByMovie Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists...

9.8CVSS7.9AI score0.0196EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2023/11/17 6:15 a.m.•14 views

CVE-2023-41102

An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the consumption of all available memory. Affected OpenNDS before version 10.1.3 fixed in OpenW...

7.5CVSS5.7AI score0.00972EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2023/11/17 2:15 a.m.•14 views

CVE-2023-45382

In the module "SoNice Retour" soniceretour up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a gues...

7.5CVSS7.1AI score0.00761EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2023/10/19 10:15 a.m.•14 views

CVE-2022-24402

The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks...

8.8CVSS7.3AI score0.00557EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2023/09/27 3:19 p.m.•14 views

CVE-2023-4737

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Hedef Tracking Admin Panel allows SQL Injection. This issue affects Admin Panel: before 1.2...

9.8CVSS7.4AI score0.00846EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2023/09/20 7:15 p.m.•14 views

CVE-2023-43373

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the nutenteagg parameter at /hoteldruid/interconnessioni.php...

9.8CVSS5.9AI score0.03753EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
•added 2023/09/20 6:15 a.m.•14 views

CVE-2023-43617

An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name...

5.3CVSS5.8AI score0.00628EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
•added 2023/09/15 1:15 a.m.•14 views

CVE-2023-40984

A reflected cross-site scripting XSS vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file...

5.4CVSS5.7AI score0.00408EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
•added 2023/07/15 2:15 a.m.•14 views

CVE-2023-38350

PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. This affects 0.6.26...

5.4CVSS6AI score0.00449EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
•added 2023/06/14 12:15 a.m.•14 views

CVE-2023-32009

Windows Collaborative Translation Framework Elevation of Privilege Vulnerability...

8.8CVSS5.8AI score0.00425EPSS
Exploits0References2Affected Software11
ATTACKERKB
ATTACKERKB
•added 2023/01/30 9:15 a.m.•14 views

CVE-2023-0473

Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.3AI score0.00678EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2022/10/18 9:15 p.m.•14 views

CVE-2022-39425

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful...

8.1CVSS7.3AI score0.01635EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2022/09/11 12:15 p.m.•14 views

CVE-2022-39135

Apache Calcite 1.22.0 introduced the SQL operators EXISTSNODE, EXTRACTXML, XMLTRANSFORM and EXTRACTVALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity XXE attack. Therefore any client exposing these operators,...

9.8CVSS6.8AI score0.01931EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2022/08/12 8:15 p.m.•14 views

CVE-2022-37397

An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty password...

9.8CVSS7.4AI score0.00766EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2022/07/06 2:15 p.m.•14 views

CVE-2022-21775

In sched driver, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479032; Issue ID: ALPS06479032...

6.7CVSS6.7AI score0.00086EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2022/06/23 5:15 p.m.•14 views

CVE-2022-34181

Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller ...

9.1CVSS6.8AI score0.01213EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2022/06/15 10:15 p.m.•14 views

CVE-2022-30158

Microsoft SharePoint Server Remote Code Execution Vulnerability...

8.8CVSS7.4AI score0.03031EPSS
Exploits0References3Affected Software5
ATTACKERKB
ATTACKERKB
•added 2022/06/15 10:15 p.m.•14 views

CVE-2022-30163

Windows Hyper-V Remote Code Execution Vulnerability...

8.5CVSS7.6AI score0.01753EPSS
Exploits0References3Affected Software20
ATTACKERKB
ATTACKERKB
•added 2022/06/01 6:15 a.m.•14 views

CVE-2022-1285

Server-Side Request Forgery SSRF in GitHub repository gogs/gogs prior to 0.12.8...

8.3CVSS6.9AI score0.01193EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
•added 2022/05/24 7:15 p.m.•14 views

CVE-2022-22977

VMware Tools for Windows12.0.0, 11.x.y and 10.x.y contains an XML External Entity XXE vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or...

7.1CVSS7.1AI score0.00782EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2022/05/10 9:15 p.m.•14 views

CVE-2022-23279

Windows ALPC Elevation of Privilege Vulnerability...

7CVSS7.1AI score0.04861EPSS
Exploits0References3Affected Software7
ATTACKERKB
ATTACKERKB
•added 2022/05/10 9:15 p.m.•14 views

CVE-2022-21972

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability...

9.3CVSS7.3AI score0.80933EPSS
Exploits0References3Affected Software26
ATTACKERKB
ATTACKERKB
•added 2022/04/25 10:15 a.m.•14 views

CVE-2022-1457

Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the...

9CVSS6.9AI score0.0074EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
•added 2022/03/29 7:15 a.m.•14 views

CVE-2021-46743

In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue e.g., RS256 / HS256 exists via the kid aka Key ID header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way t...

9.1CVSS7.7AI score0.00777EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
•added 2022/03/15 10:15 p.m.•14 views

CVE-2022-26992

Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ddns function via the DdnsUserName, DdnsHostName, and DdnsPassword parameters. This vulnerability allows attackers to execute arbitrary commands...

9.8CVSS6.1AI score0.02937EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
•added 2022/03/09 5:15 p.m.•14 views

CVE-2022-22010

Media Foundation Information Disclosure Vulnerability...

5.5CVSS6.6AI score0.02445EPSS
Exploits0References3Affected Software19
ATTACKERKB
ATTACKERKB
•added 2022/02/25 3:15 p.m.•14 views

CVE-2022-24345

In JetBrains IntelliJ IDEA before 2021.2.4, local code execution without permission from a user upon opening a project was possible...

7.8CVSS7.5AI score0.00372EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2022/02/15 5:15 p.m.•14 views

CVE-2022-25178

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system...

6.5CVSS6.7AI score0.01668EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2022/02/08 9:15 p.m.•14 views

CVE-2022-0523

Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2...

8.8CVSS7.3AI score0.01097EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
•added 2022/01/28 12:0 a.m.•14 views

CVE-2021-40407

An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.13620121102. At 1 or 2, based on DDNS type, the ddns-domain variable, that has the value of the domain parameter provided through the SetDdns API, is not validated properly. This...

9.1CVSS7.6AI score0.47915EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
•added 2022/01/27 1:15 p.m.•14 views

CVE-2022-23181

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is...

7CVSS6.8AI score0.56636EPSS
Exploits16References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2022/01/26 7:15 p.m.•14 views

CVE-2022-22850

A Stored Cross Site Scripting XSS vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the description parameter in roomtypes...

5.4CVSS6AI score0.00654EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
•added 2022/01/25 8:15 p.m.•14 views

CVE-2022-0332

A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data...

9.8CVSS6.4AI score0.44918EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
•added 2022/01/19 12:15 p.m.•14 views

CVE-2022-21280

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

6.3CVSS6.7AI score0.76548EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities5000