Lucene search
K
AttackerkbMost viewed

74766 matches found

ATTACKERKB
ATTACKERKB
•added 2022/11/09 10:15 p.m.•12 views

CVE-2022-41056

Network Policy Server NPS RADIUS Protocol Denial of Service Vulnerability...

7.5CVSS7.2AI score0.0193EPSS
Exploits0References3Affected Software26
ATTACKERKB
ATTACKERKB
•added 2022/11/01 4:15 p.m.•12 views

CVE-2022-3801

A vulnerability, which was classified as critical, was found in IBAX go-ibax. This affects an unknown part of the file /api/v2/open/rowsInfo. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...

8.8CVSS6.9AI score0.30082EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2022/10/18 9:15 p.m.•12 views

CVE-2022-21611

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.30 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server...

4.1CVSS6.5AI score0.00426EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2022/10/18 9:15 p.m.•12 views

CVE-2022-21600

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

7.2CVSS6.7AI score0.01161EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2022/10/18 9:15 p.m.•12 views

CVE-2022-21619

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to...

3.7CVSS6.7AI score0.02376EPSS
Exploits0References16
ATTACKERKB
ATTACKERKB
•added 2022/10/18 9:15 p.m.•12 views

CVE-2022-21640

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS6.5AI score0.01144EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2022/10/14 7:15 p.m.•12 views

CVE-2022-38671

In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel...

5.5CVSS5.8AI score0.00084EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2022/10/06 10:15 p.m.•12 views

CVE-2022-40494

NPS before v0.26.10 was discovered to contain an authentication bypass vulnerability via constantly generating and sending the Auth key and Timestamp parameters...

9.8CVSS7.4AI score0.0156EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
•added 2022/10/03 1:15 p.m.•12 views

CVE-2022-38817

Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attackers to obtain sensitive data...

7.5CVSS5.8AI score0.03026EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
•added 2022/09/22 8:20 a.m.•12 views

CVE-2022-2266

University Library Automation System developed by Yordam Bilgi Teknolojileri before version 19.2 has an unauthenticated Reflected XSS vulnerability. This has been fixed in the version 19.2...

6.1CVSS6.3AI score0.00367EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2022/09/13 7:15 p.m.•12 views

CVE-2022-37963

Microsoft Office Visio Remote Code Execution Vulnerability...

7.8CVSS5.9AI score0.0103EPSS
Exploits0References3Affected Software3
ATTACKERKB
ATTACKERKB
•added 2022/09/12 4:15 a.m.•12 views

CVE-2022-36257

A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc...

7.5CVSS7.5AI score0.00815EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
•added 2022/09/09 3:15 p.m.•12 views

CVE-2022-2964

A flaw was found in the Linux kernel’s driver for the ASIX AX88179178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes...

7.8CVSS6.1AI score0.00296EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2022/09/02 12:15 p.m.•12 views

CVE-2022-22100

Memory corruption in multimedia due to improper check on received export descriptors in Snapdragon Auto...

8.4CVSS7.2AI score0.00119EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2022/09/02 12:15 p.m.•12 views

CVE-2022-22097

Memory corruption in graphic driver due to use after free while calling multiple threads application to driver. in Snapdragon Consumer IOT...

8.4CVSS7.1AI score0.00119EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2022/08/30 9:15 p.m.•12 views

CVE-2022-36564

Incorrect access control in the install directory C:\Strawberry of StrawberryPerl v5.32.1.1 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory...

8.8CVSS7.7AI score0.00814EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2022/08/29 3:15 p.m.•12 views

CVE-2022-0358

A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...

7.8CVSS6.5AI score0.00332EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2022/08/22 3:15 p.m.•12 views

CVE-2022-35655

Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting...

6.1CVSS6.4AI score0.00403EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2022/08/16 9:15 p.m.•12 views

CVE-2022-35433

ffjpeg commit caade60a69633d74100bd3c2528bddee0b6a1291 was discovered to contain a memory leak via /src/jfif.c...

6.5CVSS6.6AI score0.0064EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
•added 2022/08/08 2:15 p.m.•12 views

CVE-2022-2046

The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite...

4.9CVSS6AI score0.00791EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
•added 2022/08/08 12:0 a.m.•12 views

CVE-2022-22369

IBM Workload Scheduler 9.4 and 9.5 could allow a local user to overwrite key system files which would cause the system to crash. IBM X-Force ID: 221187...

7.1CVSS6.7AI score0.00185EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2022/07/27 10:15 p.m.•12 views

CVE-2022-1862

Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page...

6.5CVSS6.8AI score0.00485EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2022/07/11 1:15 p.m.•12 views

CVE-2022-2089

The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS5.9AI score0.01046EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
•added 2022/07/06 5:15 p.m.•12 views

CVE-2022-26078

Gallagher Controller 6000 is vulnerable to a Denial of Service attack via conflicting ARP packets with a duplicate IP address. This issue affects: Gallagher Gallagher Controller 6000 vCR8.60 versions prior to 220303a; vCR8.50 versions prior to 220303a; vCR8.40 versions prior to 220303a; vCR8.30...

7.8CVSS7.1AI score0.00845EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2022/07/01 9:15 p.m.•12 views

CVE-2022-32384

Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security5g parameter in the function formWifiBasicSet...

8.8CVSS5.9AI score0.00594EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
•added 2022/06/27 9:15 a.m.•12 views

CVE-2022-1113

The Flower Delivery by Florist One WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setups...

4.8CVSS5.5AI score0.00565EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
•added 2022/06/22 12:15 p.m.•12 views

CVE-2022-23078

In habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page...

5.8CVSS5.8AI score0.0111EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2022/06/22 12:15 p.m.•12 views

CVE-2022-23077

In habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM XSS via the login page...

6.1CVSS5.8AI score0.00734EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2022/06/18 4:15 p.m.•12 views

CVE-2021-46822

The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the getwordrgbrow function in rdppm.c...

5.5CVSS6.9AI score0.01009EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2022/06/08 4:15 p.m.•12 views

CVE-2022-31325

There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php...

7.2CVSS7.2AI score0.04968EPSS
Exploits5References5
ATTACKERKB
ATTACKERKB
•added 2022/06/02 2:15 p.m.•12 views

CVE-2022-24701

An issue was discovered in WinAPRS 2.9.0. A buffer overflow in national.txt processing allows a local attacker to cause a denial of service or possibly achieve code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

7.8CVSS6.1AI score0.00455EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
•added 2022/05/26 7:15 p.m.•12 views

CVE-2022-26718

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges...

7.8CVSS7AI score0.00631EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2022/05/10 12:15 p.m.•12 views

CVE-2022-29591

Tenda TX9 Pro 22.03.02.10 devices have a SetNetControlList buffer overflow...

10CVSS6.2AI score0.01322EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2022/05/02 4:15 p.m.•12 views

CVE-2022-0771

The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions available to both unauthenticated and authenticated users, leading to Unauthenticated SQL Injections...

9.8CVSS5.6AI score0.01602EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
•added 2022/05/02 4:15 p.m.•12 views

CVE-2022-1239

The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the editposts capability by default contributor and above to perform SSRF attacks...

8.8CVSS7.6AI score0.01413EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
•added 2022/05/01 3:19 p.m.•12 views

CVE-2022-21230

This affects all versions of package org.nanohttpd:nanohttpd. Whenever an HTTP Session is parsing the body of an HTTP request, the body of the request is written to a RandomAccessFile when the it is larger than 1024 bytes. This file is created with insecure permissions that allow its contents to ...

5.5CVSS6AI score0.00289EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2022/04/29 4:15 p.m.•12 views

CVE-2022-1195

A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service DOS when the mkiss or sixpack device is detached and reclaim resources early...

5.5CVSS6.5AI score0.00229EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
•added 2022/04/25 5:15 p.m.•12 views

CVE-2022-0477

An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from the package registries...

4.9CVSS5.4AI score0.00909EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2022/04/19 9:15 p.m.•12 views

CVE-2022-21466

Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce component: Tools and Frameworks. The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Searc...

7.5CVSS7.1AI score0.01785EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2022/04/15 7:15 p.m.•12 views

CVE-2022-24537

Windows Hyper-V Remote Code Execution Vulnerability...

7.8CVSS7.2AI score0.00352EPSS
Exploits0References3Affected Software12
ATTACKERKB
ATTACKERKB
•added 2022/04/12 8:15 p.m.•12 views

CVE-2022-29052

Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

4.3CVSS5.9AI score0.00724EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2022/04/11 3:15 p.m.•12 views

CVE-2022-0314

The Nimble Page Builder WordPress plugin before 3.2.2 does not sanitise and escape the preview-level-guid parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.3AI score0.00788EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
•added 2022/04/04 8:15 p.m.•12 views

CVE-2022-1188

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring feature was possible...

5.3CVSS5.7AI score0.01187EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2022/04/03 11:15 p.m.•12 views

CVE-2022-27248

A directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative path when invoking the affected DownloadDwg endpoint. An attack uses the path field to...

6.5CVSS6AI score0.02823EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
•added 2022/04/01 5:32 p.m.•12 views

CVE-2022-24440

The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocessoptions function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a...

9.8CVSS7.2AI score0.02713EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2022/03/29 7:15 a.m.•12 views

CVE-2021-46743

In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue e.g., RS256 / HS256 exists via the kid aka Key ID header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way t...

9.1CVSS7.7AI score0.00777EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
•added 2022/03/28 7:15 p.m.•12 views

CVE-2022-0136

A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature...

8.1CVSS6.6AI score0.00828EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2022/03/21 9:0 a.m.•12 views

CVE-2022-0475

Malicious translator is able to inject JavaScript code in few translatable strings where HTML is allowed. The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions...

5.4CVSS5.9AI score0.0043EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2022/03/18 5:15 a.m.•12 views

CVE-2021-45968

An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x and in other products. An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394...

7.5CVSS7.8AI score0.10666EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
•added 2022/03/15 10:15 p.m.•12 views

CVE-2022-26212

Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceM...

9.8CVSS6.1AI score0.02806EPSS
Exploits1References2
Total number of security vulnerabilities5000