Lucene search
K
AttackerkbMost viewed

75017 matches found

ATTACKERKB
ATTACKERKB
added 2023/10/16 8:15 p.m.13 views

CVE-2023-43118

Cross Site Request Forgery CSRF vulnerability in Chalet application in Extreme Networks Switch Engine EXOS before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API...

8.8CVSS7.5AI score0.00276EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/10/14 5:15 a.m.13 views

CVE-2023-45855

qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI...

7.5CVSS7.1AI score0.0333EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/08/03 11:15 p.m.13 views

CVE-2023-38950

A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 of ZKBioTime...

7.5CVSS7.4AI score0.8488EPSS
Exploits3References4
ATTACKERKB
ATTACKERKB
added 2023/07/20 7:15 p.m.13 views

CVE-2023-37602

An arbitrary file upload vulnerability in the component /workplace!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

6.1CVSS6.7AI score0.00586EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/07/18 7:15 p.m.13 views

CVE-2023-30153

An SQL injection vulnerability in the Payplug payplug module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller...

9.8CVSS7.6AI score0.00783EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/07/06 12:0 a.m.13 views

CVE-2023-34192

Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9CVSS7.2AI score0.77266EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/06/07 5:15 p.m.13 views

CVE-2023-1825

An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. It was possible to disclose issue notes to an unauthorized user at project export...

4.3CVSS5.7AI score0.00538EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/06/02 5:15 p.m.13 views

CVE-2023-29533

A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 112, Focus for Android 112,...

4.3CVSS6.8AI score0.00564EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2023/06/02 5:15 p.m.13 views

CVE-2023-25738

Members of the DEVMODEW struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables. This bug only affects Firefox on Windows. Other operating systems are...

6.5CVSS5.9AI score0.00635EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/05/31 8:15 p.m.13 views

CVE-2023-34257

An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified and, by default, authentication is not required. Some configuration fields related to SNMP e.g., masterAgentName or masterAgentStartLine result in code execution when the agent is restarted...

9.8CVSS6.2AI score0.01036EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/05/29 8:15 p.m.13 views

CVE-2022-24580

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-24580. Reason: This candidate is a duplicate of CVE-2023-24580. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2023-24580 instead of this candidate. All references and descriptions in this candidate have been...

7.5CVSS6.7AI score0.62575EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/05/15 11:15 a.m.13 views

CVE-2023-31409

Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests...

7.5CVSS7.2AI score0.01117EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/03/25 10:15 p.m.13 views

CVE-2023-1458

A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical. Affected by this vulnerability is an unknown functionality of the component OSPF Handler. The manipulation of the argument area leads to command injection. The attack can be launched remotely. The...

9.8CVSS5.6AI score0.03275EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/03/16 9:15 p.m.13 views

CVE-2023-21462

The sensitive information exposure vulnerability in Quick Share Agent prior to versions 3.5.14.18 in Android 12 and 3.5.16.20 in Android 13 allows to local attacker to access MAC address without related permission...

4.2CVSS5.9AI score0.00157EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/03/14 5:15 p.m.13 views

CVE-2023-23408

Azure Apache Ambari Spoofing Vulnerability...

4.5CVSS6.3AI score0.04047EPSS
Exploits3References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/01/30 9:15 a.m.13 views

CVE-2023-0473

Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.3AI score0.00678EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/01/26 9:16 p.m.13 views

CVE-2022-42330

Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" e.g. for performing a kexec the libxl based Xen toolstack will normally perform a XSRELEASE Xenstore operation. Due to a bug in xenstored this can result in a crash of xenstored. Any other use of XSRELEASE will have...

7.5CVSS5.8AI score0.01362EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/10/28 7:15 p.m.13 views

CVE-2022-3402

The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cross-Site Scripting via logged HTTP requests in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers who can trick a site's...

6.1CVSS6.6AI score0.00627EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/10/18 9:15 p.m.13 views

CVE-2022-21635

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

6.5CVSS6.7AI score0.01027EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/10/07 7:15 p.m.13 views

CVE-2022-37894

An unauthenticated Denial of Service DoS vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x:...

6.5CVSS5.8AI score0.00417EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/09/13 7:15 p.m.13 views

CVE-2022-37963

Microsoft Office Visio Remote Code Execution Vulnerability...

7.8CVSS5.9AI score0.0103EPSS
Exploits0References3Affected Software3
ATTACKERKB
ATTACKERKB
added 2022/08/31 4:15 p.m.13 views

CVE-2022-1319

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second...

7.5CVSS6.9AI score0.01258EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2022/08/30 9:15 p.m.13 views

CVE-2022-36564

Incorrect access control in the install directory C:\Strawberry of StrawberryPerl v5.32.1.1 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory...

8.8CVSS7.7AI score0.00814EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/29 3:15 p.m.13 views

CVE-2022-0496

A vulnerbiility was found in Openscad, where a DXF-format drawing with particular not necessarily malformed! properties may cause an out-of-bounds memory access when imported using import...

5.5CVSS6.4AI score0.00441EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2022/08/29 3:15 p.m.13 views

CVE-2022-0497

A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations...

7.1CVSS7AI score0.00411EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/08/29 6:15 a.m.13 views

CVE-2022-32548

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field...

10CVSS7.8AI score0.33795EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2022/08/19 6:15 p.m.13 views

CVE-2022-0542

Cross-site Scripting XSS - DOM in GitHub repository chatwoot/chatwoot prior to 2.7.0...

8.8CVSS7AI score0.00788EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/08/16 1:15 p.m.13 views

CVE-2022-36530

An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerability in the user agent related parameters of the info.php page...

6.1CVSS6.4AI score0.00692EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2022/08/12 3:15 p.m.13 views

CVE-2022-20334

In Bluetooth, there are possible process crashes due to dereferencing a null pointer. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-178800552...

6.5CVSS6.7AI score0.00218EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/12 3:15 p.m.13 views

CVE-2022-20261

In LocationManager, there is a possible way to get location information due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

2.3CVSS5.9AI score0.00093EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/09 8:15 p.m.13 views

CVE-2022-24516

Microsoft Exchange Server Elevation of Privilege Vulnerability...

8CVSS7.5AI score0.01763EPSS
Exploits0References3Affected Software5
ATTACKERKB
ATTACKERKB
added 2022/08/08 2:15 p.m.13 views

CVE-2022-2046

The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite...

4.9CVSS6AI score0.00791EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2022/06/06 6:15 p.m.13 views

CVE-2022-1680

An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature available only on Premium+...

9.9CVSS7.5AI score0.15471EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/06/02 2:15 p.m.13 views

CVE-2022-24701

An issue was discovered in WinAPRS 2.9.0. A buffer overflow in national.txt processing allows a local attacker to cause a denial of service or possibly achieve code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

7.8CVSS6.1AI score0.00455EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/05/18 8:15 p.m.13 views

CVE-2022-30033

Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status in httpd module...

7.8CVSS5.9AI score0.01124EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/04/25 4:16 p.m.13 views

CVE-2022-1392

The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues...

7.5CVSS7.2AI score0.1129EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2022/04/19 9:15 p.m.13 views

CVE-2022-21466

Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce component: Tools and Frameworks. The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Searc...

7.5CVSS7.1AI score0.01785EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/04/19 9:15 p.m.13 views

CVE-2022-21434

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

5.3CVSS6.5AI score0.02541EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2022/04/01 5:32 p.m.13 views

CVE-2022-24440

The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocessoptions function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a...

9.8CVSS7.2AI score0.02713EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/03/22 9:15 p.m.13 views

CVE-2022-26187

TOTOLINK N600R V4.3.0cu.7570B20200620 was discovered to contain a command injection vulnerability via the pingCheck function...

9.8CVSS5.9AI score0.19579EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/03/19 8:15 a.m.13 views

CVE-2022-0991

Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9...

8.2CVSS7.2AI score0.00997EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/03/18 11:15 a.m.13 views

CVE-2022-24655

A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication...

7.8CVSS7.5AI score0.01052EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/03/16 3:41 p.m.13 views

CVE-2022-23812

This affects the package node-ipc from 10.1.1 and before 10.1.3. This package contains malicious code, that targets users with IP located in Russia or Belarus, and overwrites their files with a heart emoji. Note: from versions 11.0.0 onwards, instead of having malicious code directly in the sourc...

10CVSS7.5AI score0.04194EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2022/02/24 3:15 p.m.13 views

CVE-2022-25072

TP-Link Archer A54 Archer A54USV1210111 routers were discovered to contain a stack overflow in the function DM Fillobjbystr. This vulnerability allows unauthenticated attackers to execute arbitrary code...

10CVSS7.6AI score0.13034EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/02/24 3:15 p.m.13 views

CVE-2022-24613

metadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. This could be used to mount a denial of service attack against services that use metadata-extractor library...

5.5CVSS6.5AI score0.00769EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/02/15 5:15 p.m.13 views

CVE-2022-25195

A missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS5.8AI score0.0055EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/02/12 4:0 a.m.13 views

CVE-2022-22766

Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic...

7CVSS6AI score0.00228EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/02/09 11:15 p.m.13 views

CVE-2022-24666

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS fram...

7.5CVSS7.2AI score0.01354EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/02/09 4:15 a.m.13 views

CVE-2022-0525

Out-of-bounds Read in Homebrew mruby prior to 3.2...

9.1CVSS7.5AI score0.01153EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/02/04 2:15 a.m.13 views

CVE-2022-24157

Tenda AX3 v16.03.12.10CN was discovered to contain a stack overflow in the function formSetMacFilterCfg. This vulnerability allows attackers to cause a Denial of Service DoS via the deviceList parameter...

7.8CVSS7.2AI score0.01175EPSS
Exploits1References2
Total number of security vulnerabilities5000