Lucene search
K
AttackerkbMost viewed

75081 matches found

ATTACKERKB
ATTACKERKB
added 2022/01/26 7:15 p.m.14 views

CVE-2022-22850

A Stored Cross Site Scripting XSS vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the description parameter in roomtypes...

5.4CVSS6AI score0.00654EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/01/25 8:15 p.m.14 views

CVE-2022-0332

A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data...

9.8CVSS6.4AI score0.44918EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2022/01/19 12:15 p.m.14 views

CVE-2022-21280

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

6.3CVSS6.7AI score0.76548EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/12/21 12:0 a.m.14 views

CVE-2021-44207

Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.1CVSS7.3AI score0.17578EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/12/14 12:0 a.m.14 views

CVE-2021-4044

Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for example out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO...

7.5CVSS7.3AI score0.50099EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2021/11/10 1:17 a.m.14 views

CVE-2021-36957

Windows Desktop Bridge Elevation of Privilege Vulnerability...

7.8CVSS7.2AI score0.0043EPSS
Exploits0References2Affected Software14
ATTACKERKB
ATTACKERKB
added 2021/05/11 11:0 p.m.14 views

CVE-2021-28560

Acrobat Reader DC versions versions 2021.001.20150 and earlier, 2020.001.30020 and earlier and 2017.011.30194 and earlier are affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of...

8.8CVSS6.3AI score0.66918EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/04/09 12:0 a.m.14 views

CVE-2021-21431

sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 2.0.1, on some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may have been possible to remove users from oth...

8.1CVSS3.8AI score0.01072EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2020/09/25 12:0 a.m.14 views

CVE-2020-25223

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 Recent assessments: wvu-r7 at November 02, 2021 7:12pm UTC reported: See the other topic. Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

10CVSS7.7AI score0.96693EPSS
Exploits9References6
ATTACKERKB
ATTACKERKB
added 2020/08/05 7:15 p.m.14 views

CVE-2020-15106

In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentional...

6.5CVSS5.5AI score0.01291EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2020/02/13 12:0 a.m.15 views

CVE-2019-3719

Dell support agent fails to properly identify the origin of updates. By DNS spoofing and crafted payloads, an attacker can serve up an executable file that the support agent will run as system. Recent assessments: bwatters-r7 at July 18, 2019 9:47pm UTC reported: As exploits go, being able to ser...

8CVSS1.3AI score0.16145EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2020/02/13 12:0 a.m.14 views

Dell Foundation Services installs root certificate and private key (eDellRoot)

Dell Foundation Services installs the eDellRoot certificate into theTrusted Root Certificate Store on Microsoft Windows systems. The certificate includes the private key. This allows attackers to create trusted certificates and perform impersonation, man-in-the-middle MiTM, and passive decryption...

2.2AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2019/10/06 12:0 a.m.14 views

CVE-2019-17240

bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers. Recent assessments: noraj at May 08, 2021 7:26pm UTC reported: This is just a security bypass allowing an attacker t...

9.8CVSS2.4AI score0.39598EPSS
Exploits9References7
ATTACKERKB
ATTACKERKB
added 2019/09/13 12:0 a.m.14 views

CVE-2019-11660

Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges. Recent assessments: pbarry-r7 at November 20, 2019 3:15p...

7.8CVSS2.8AI score0.07847EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2019/06/19 12:0 a.m.14 views

CVE-2019-19908

phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmcusername parameter to passreset.php is vulnerable. Recent assessments: cinzinga at March 09, 2020 9:23pm UTC reported: I am the founder of this exploit. Google dorking...

6.1CVSS1AI score0.21232EPSS
Exploits4References4
ATTACKERKB
ATTACKERKB
added 2019/03/28 12:0 a.m.14 views

CVE-2019-17621

The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. Recent...

10CVSS7.2AI score0.89624EPSS
Exploits8References10
ATTACKERKB
ATTACKERKB
added 2018/08/13 12:0 a.m.14 views

CVE-2018-15142

Directory traversal in portal/importtemplate.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the “docid” and “content” parameters and accessing it in the traversed...

8.8CVSS5.5AI score0.18208EPSS
Exploits6References6
ATTACKERKB
ATTACKERKB
added 2018/03/27 4:29 p.m.14 views

CVE-2018-8718

Cross-site request forgery CSRF vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request...

8CVSS5.8AI score0.06773EPSS
Exploits5References6
ATTACKERKB
ATTACKERKB
added 2017/12/20 9:29 a.m.14 views

CVE-2017-17785

In GIMP 2.8.22, there is a heap-based buffer overflow in the flireadbrun function in plug-ins/file-fli/fli.c...

7.8CVSS6.6AI score0.01154EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2014/09/30 10:55 a.m.14 views

CVE-2014-6278

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and...

10CVSS7.3AI score0.99621EPSS
Exploits31References137
ATTACKERKB
ATTACKERKB
added 2014/02/05 12:0 a.m.14 views

CVE-2014-0497

Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors. Recent assessments: Assessed Attacker Value: 0 Assessed...

10CVSS8.2AI score0.99883EPSS
Exploits7References17
ATTACKERKB
ATTACKERKB
added 2014/01/22 9:55 p.m.14 views

CVE-2014-0808

Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request...

9.1CVSS5.3AI score0.02245EPSS
Exploits0References8Affected Software2
ATTACKERKB
ATTACKERKB
added 2007/03/02 9:18 p.m.14 views

CVE-2007-1195

Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might overlap CVE-2006-2225, CVE-2006-2226, or CVE-2006-5728...

7.5CVSS6.3AI score0.06031EPSS
Exploits2References6
ATTACKERKB
ATTACKERKB
added 2026/07/08 4:30 a.m.13 views

CVE-2026-9701

The Eventer plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 4.4.2. The plugin stores a plaintext copy of the password reset key in the eventerverificationcode user meta field when a user requests a password reset. The plaintext key...

9.8CVSS6AI score0.00267EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 12:0 a.m.13 views

CVE-2026-14784

A vulnerability was identified in vxcontrol PentAGI up to 2.1.0. This affects an unknown function of the file backend/pkg/docker/client.go of the component Docker API. The manipulation leads to sandbox issue. The attack may be initiated remotely. The pull request to fix this issue awaits acceptan...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/05 3:30 a.m.13 views

CVE-2026-14700

A security vulnerability has been detected in code-projects Internship Management System 1.0. The impacted element is an unknown function of the file employer/login.php of the component Employer Login Endpoint. The manipulation of the argument email/password leads to sql injection. Remote...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:31 p.m.13 views

CVE-2026-14535

In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shortencodenode on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in...

8.8CVSS5.9AI score0.00321EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.13 views

CVE-2026-57756

Contributor SQL Injection in nicen-localize-image = 1.4.9 versions...

8.5CVSS5.8AI score0.0022EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.13 views

CVE-2026-57755

Contributor Cross Site Scripting XSS in Mosaic Gallery - Advanced Gallery = 1.2.0 versions...

6.5CVSS5.8AI score0.00139EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:25 a.m.13 views

CVE-2026-57277

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.9AI score0.0028EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/01 10:22 p.m.13 views

CVE-2026-14394

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00235EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/01 3:11 p.m.13 views

CVE-2026-57517

Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges...

9.8CVSS6.7AI score0.00587EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2026/06/29 5:0 p.m.13 views

CVE-2026-13591

A weakness has been identified in DeepMyst Mysti 0.4.0. Affected is the function isTrackedConversation of the file src/managers/ChannelBridge.ts of the component Contact Tracking. This manipulation of the argument channelType causes improper authorization. The attack may be initiated remotely. A...

5CVSS5.1AI score0.00199EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/28 4:4 a.m.13 views

CVE-2026-10646

Zephyr's BSD-sockets getaddrinfo implementation subsys/net/lib/sockets/getaddrinfo.c passes a pointer to a stack-allocated state object struct getaddrinfostate aistate as the userdata of an asynchronous DNS resolver query. The socket layer waits on a semaphore with a timeout deliberately set...

7.4CVSS6.1AI score0.00269EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/27 9:22 a.m.13 views

CVE-2026-49414

The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As a result, a user-requested ASLR disable was still in effect at the point where the base address was chosen. An unprivileged local user ca...

5.8AI score0.00106EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 1:59 a.m.13 views

CVE-2026-8661

Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdowntopdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted...

4.8CVSS6.2AI score0.00254EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:7 p.m.13 views

CVE-2026-55412

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only...

8.3CVSS5.9AI score0.00193EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 7:3 a.m.13 views

CVE-2026-56129

Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user with no administrative privilege may access physical memory...

6.8CVSS5.8AI score0.00121EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.13 views

CVE-2026-56368

ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly freed. Attackers can trigger this leak by processing specially crafted images, causing memory exhaustion and denial of service...

7.5CVSS5.8AI score0.0026EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:13 p.m.13 views

CVE-2026-56762

Hono before 4.12.12 does not validate cookie names on the write path in the setCookie, serialize, and serializeSigned functions, allowing invalid characters such as control characters e.g. \r or \n when an application passes a user-controlled cookie name. This can produce malformed Set-Cookie...

6.9CVSS5.9AI score0.00247EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/19 7:46 a.m.13 views

CVE-2026-46461

Dell Server Hardware Manager, versions prior to 3.2.2, contains an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

7.8CVSS5.9AI score0.001EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 11:30 p.m.13 views

CVE-2026-6716

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.2AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/09 2:30 a.m.13 views

CVE-2026-11619

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. The manipulation leads to improper authorization. It is possible to initiate the...

6.5CVSS5AI score0.00209EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.13 views

CVE-2026-11634

Use after free in Gamepad in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.5AI score0.00252EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 2:30 a.m.13 views

CVE-2026-11480

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. Impacted is an unknown function of the file beike/Admin/Routes/admin.php of the component Admin Design Builder Endpoint. Performing a manipulation of the argument settings.value results in sql injection. I...

6.5CVSS6.3AI score0.002EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.13 views

CVE-2026-8978

The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

4.9CVSS5.8AI score0.00259EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/05 11:31 a.m.13 views

CVE-2026-11346

A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...

5.3CVSS5.6AI score0.00226EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:6 p.m.13 views

CVE-2026-11274

Inappropriate implementation in DOM Distiller in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.5AI score0.00175EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.13 views

CVE-2026-11191

Out of bounds memory access in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00272EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.13 views

CVE-2026-11177

Use after free in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00234EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities5000