Lucene search
K
AttackerkbMost viewed

74775 matches found

ATTACKERKB
ATTACKERKB
added 2025/06/25 8:15 a.m.12 views

CVE-2024-51977

An unauthenticated attacker who can access either the HTTP service TCP port 80, the HTTPS service TCP port 443, or the IPP service TCP port 631, can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mntinfo.csv can be accessed via a GET request and no...

5.3CVSS7.3AI score0.7656EPSS
Exploits0References12Affected Software21
ATTACKERKB
ATTACKERKB
added 2025/06/16 12:0 a.m.12 views

CVE-2025-43200

This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS 2.3.1, macOS Sequoia 15.3.1, iOS 18.3.1 and iPadOS 18.3.1, macOS Sonoma 14.7.4. A logic issue existed...

4.2CVSS6.1AI score0.01009EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2025/05/08 12:0 a.m.12 views

CVE-2025-47729

The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL aka Archive Signal app users, which is different functionality than described in the TeleMessage “End-to-End encryption from the mobile phone through to the corporate archive” documentation, as...

4.9CVSS7.2AI score0.00407EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/04/28 3:15 p.m.12 views

CVE-2025-23375

Dell PowerProtect Data Manager Reporting, versions 19.17, contains an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

7.8CVSS5.8AI score0.00122EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/03/15 12:0 a.m.12 views

CVE-2025-30066

tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code...

8.6CVSS8.6AI score0.41008EPSS
Exploits2References20
ATTACKERKB
ATTACKERKB
added 2025/03/04 3:15 p.m.12 views

CVE-2024-9149

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wind Media E-Commerce Website Template allows SQL Injection. This issue affects E-Commerce Website Template: before v1.5...

8.6CVSS5.8AI score0.00286EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/01/14 12:0 a.m.12 views

CVE-2024-13161

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS7.2AI score0.88518EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2024/12/27 12:0 a.m.12 views

CVE-2024-12987

A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command...

9.8CVSS7.5AI score0.98084EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2024/12/24 12:0 a.m.12 views

CVE-2024-53150

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn’t check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descripto...

7.1CVSS7.4AI score0.01325EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2024/11/17 11:15 a.m.12 views

CVE-2023-1419

A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data...

5.9CVSS5.9AI score0.0038EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2024/11/04 2:15 p.m.12 views

CVE-2024-50526

Unrestricted Upload of File with Dangerous Type vulnerability in mahlamusa Multi Purpose Mail Form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through 1.0.2...

10CVSS5.4AI score0.00611EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2024/09/19 1:15 p.m.12 views

CVE-2024-46382

A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, and name parameters in AdminOrderController.java...

7.5CVSS5.6AI score0.00631EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2024/02/27 7:4 p.m.12 views

CVE-2021-46940

In the Linux kernel, the following vulnerability has been resolved: tools/power turbostat: Fix offset overflow issue in index converting The idxtooffset function returns type int 32-bit signed, but MSRPKGENERGYSTAT is u32 and would be interpreted as a negative number. The end result is that it hi...

5.5CVSS5.7AI score0.00222EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/02/20 10:15 p.m.12 views

CVE-2023-47422

An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL...

8.8CVSS5.8AI score0.00491EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2024/02/13 5:15 a.m.12 views

CVE-2022-48623

The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a denial of service...

9.1CVSS5.1AI score0.00788EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2024/02/12 3:15 a.m.12 views

CVE-2024-25739

createemptylvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi-lebsize...

5.5CVSS5.8AI score0.00248EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2023/12/14 8:15 p.m.12 views

CVE-2023-45894

The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques...

10CVSS6.4AI score0.01205EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/12/07 8:15 p.m.12 views

CVE-2023-49464

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::getlumabitsperpixelfromconfigurationunci...

8.8CVSS7.3AI score0.00762EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/11/22 6:15 p.m.12 views

CVE-2023-46357

In the module "Cross Selling in Modal Cart" motivationsale 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method motivationsaleDataModel::getProductsByIds has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injectio...

9.8CVSS5.9AI score0.00714EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/11/09 7:15 p.m.12 views

CVE-2023-47237

A vulnerability in Northern Beaches Websites WP Google My Business Auto Publish wp-google-my-business-auto-publish.This issue affects WP Google My Business Auto Publish: from n/a through = 3.7...

8.8CVSS8AI score0.00272EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/11/06 10:15 a.m.12 views

CVE-2023-47184

A vulnerability in Collins Agbonghama Admin Bar & Dashboard Access Control admin-bar-dashboard-control.This issue affects Admin Bar & Dashboard Access Control: from n/a through = 1.2.8...

5.9CVSS5.8AI score0.00357EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2023/10/25 6:17 p.m.12 views

CVE-2023-39732

The leakage of the client secret in Tokueimaruwaiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages...

8.2CVSS7.3AI score0.00576EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/10/22 7:15 p.m.12 views

CVE-2021-46898

views/switch.py in django-grappelli aka Django Grappelli before 2.15.2 attempts to prevent external redirection with startswith"/" but this does not consider a protocol-relative URL e.g., //example.com attack...

6.1CVSS6.3AI score0.0047EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2023/10/19 10:15 p.m.12 views

CVE-2023-43359

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component...

5.4CVSS6.2AI score0.00462EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/10/19 1:15 p.m.12 views

CVE-2023-45384

KnowBand supercheckout 5.0.7 and 6.0.7 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the module "Module One Page Checkout, Social Login & Mailchimp" supercheckout, a guest can upload files with extensions .php...

9.8CVSS7.3AI score0.00578EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/10/19 10:15 a.m.12 views

CVE-2022-24404

Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream cipher is employed, this allows an active adversary to manipulate cleartext data in a bit-by-bit fashion...

7.5CVSS7.3AI score0.00219EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/10/16 9:15 p.m.12 views

CVE-2023-40852

SQL Injection vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to obtain sensitive information via crafted string in the admin user name field on the admin log in page...

9.8CVSS5.9AI score0.00815EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/10/11 6:15 p.m.12 views

CVE-2023-43960

An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to escalate privileges via the User Modify function in the Maintenance/Access function component...

8.8CVSS5.9AI score0.01051EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/10/06 1:15 p.m.12 views

CVE-2023-44771

A Cross-Site Scripting XSS vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout...

5.4CVSS6.2AI score0.00536EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/09/28 4:15 a.m.12 views

CVE-2023-38872

An Insecure Direct Object Reference IDOR vulnerability in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment...

3.7CVSS5.8AI score0.00599EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/09/27 11:15 p.m.12 views

CVE-2023-43320

An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component...

8.8CVSS5.8AI score0.0099EPSS
Exploits3References5
ATTACKERKB
ATTACKERKB
added 2023/09/27 3:18 p.m.12 views

CVE-2023-3223

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service DoS attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass...

7.5CVSS5.7AI score0.02044EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2023/09/21 6:15 p.m.12 views

CVE-2023-42279

Dreamer CMS v4.1.3 was discovered to contain a SQL injection vulnerability via the model-form-management-field form...

9.8CVSS5.9AI score0.00659EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/09/01 11:15 a.m.12 views

CVE-2023-4378

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the...

5.5CVSS5.7AI score0.00711EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/08/10 2:15 p.m.12 views

CVE-2023-38229

Adobe Acrobat Reader versions 23.003.20244 and earlier and 20.005.30467 and earlier are affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open...

7.8CVSS6.9AI score0.02346EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/08/07 5:15 a.m.12 views

CVE-2023-39903

An issue was discovered in Fujitsu Software Infrastructure Manager ISM before 2.8.0.061. The ismsnap component in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log allows insecure collection and storage of authorization credentials in cleartext...

7.5CVSS6.4AI score0.00351EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/08/01 11:15 p.m.12 views

CVE-2023-33560

There is a Cross Site Scripting XSS vulnerability in "cid" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3...

6.1CVSS6.4AI score0.00434EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/07/14 12:15 a.m.12 views

CVE-2023-37721

Tenda F1202 V1.0BRV1.2.0.20408, FH1202V1.2.0.19EN were discovered to contain a stack overflow in the page parameter in the function fromSafeMacFilter...

9.8CVSS7.4AI score0.00776EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/07/11 6:15 p.m.12 views

CVE-2023-35299

Windows Common Log File System Driver Elevation of Privilege Vulnerability...

7.8CVSS5.7AI score0.00411EPSS
Exploits0References2Affected Software21
ATTACKERKB
ATTACKERKB
added 2023/06/30 1:15 a.m.12 views

CVE-2023-36143

Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the "Diagnostic tool" functionality of the device...

8.8CVSS5.8AI score0.02654EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2023/06/21 9:15 p.m.12 views

CVE-2023-33405

Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect...

6.1CVSS5.7AI score0.31265EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/06/15 7:15 p.m.12 views

CVE-2023-21127

In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12...

8.8CVSS7.8AI score0.0047EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/06/14 12:15 a.m.12 views

CVE-2023-32012

Windows Container Manager Service Elevation of Privilege Vulnerability...

7.8CVSS5.8AI score0.00507EPSS
Exploits0References2Affected Software4
ATTACKERKB
ATTACKERKB
added 2023/06/13 2:15 a.m.12 views

CVE-2023-2563

The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function accuaformsformeditaction. This makes it possible for unauthenticated attackers to...

4.3CVSS6.6AI score0.00298EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/06/02 5:15 p.m.12 views

CVE-2023-32206

An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

6.5CVSS6.9AI score0.00703EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2023/05/29 10:29 a.m.12 views

CVE-2022-36244

Shop Beat Solutions Pty LTD Shop Beat Media Player 2.5.95 up to 3.2.57 suffers from Multiple Stored Cross-Site Scripting XSS vulnerabilities via Shop Beat Control Panel found at www.shopbeat.co.za controlpanel.shopbeat.co.za...

5.4CVSS6AI score0.00334EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/05/25 9:15 a.m.12 views

CVE-2023-2886

Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...

4.3CVSS5.8AI score0.00208EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/05/20 3:15 a.m.12 views

CVE-2023-2736

The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajaxeditcontact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and...

8CVSS7.1AI score0.00399EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/03/29 9:15 p.m.12 views

CVE-2022-1274

A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users...

5.4CVSS6.4AI score0.00692EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/03/16 12:0 a.m.12 views

CVE-2023-25280

OS Command injection vulnerability in D-Link DIR820LA1FW105B03 allows attackers to escalate privileges to root via a crafted payload with the pingaddr parameter to ping.ccp. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS7.3AI score0.98053EPSS
Exploits1References3
Total number of security vulnerabilities5000