Lucene search
K
AttackerkbMost viewed

74766 matches found

ATTACKERKB
ATTACKERKB
added 2022/03/10 8:15 p.m.12 views

CVE-2022-23042

Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removing access rights of the...

7CVSS5.7AI score0.00359EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/03/10 5:46 p.m.12 views

CVE-2022-24603

Luocms v2.0 is affected by SQL Injection in /admin/news/sortmod.php...

9.8CVSS7.4AI score0.01137EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/03/09 5:15 p.m.12 views

CVE-2022-24465

Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability...

5.5CVSS6.5AI score0.00671EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/03/02 11:15 p.m.12 views

CVE-2022-25114

Event Management v1.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the fullname parameter under register.php...

6.1CVSS6.2AI score0.00739EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/03/02 9:15 p.m.12 views

CVE-2022-25045

Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel...

9.8CVSS5.8AI score0.01287EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/02/24 3:15 p.m.12 views

CVE-2022-24614

When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor...

5.5CVSS6.6AI score0.00717EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/02/19 12:15 a.m.12 views

CVE-2022-25137

A command injection vulnerability in the function recvSlaveUpgstatus of TOTOLINK Technology routers T6 V3Firmware T6V3V4.1.5cu.748B20211015 and T10 V2Firmware V4.1.8cu.5207B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet...

9.8CVSS7.5AI score0.02198EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/02/15 8:15 p.m.12 views

CVE-2021-46264

Tenda AC Series Router AC11V02.03.01.104CN was discovered to contain a stack buffer overflow in the onlineList module. This vulnerability allows attackers to cause a Denial of Service DoS via crafted overflow data...

9.8CVSS8.1AI score0.01734EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/02/15 5:15 p.m.12 views

CVE-2022-25184

Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs...

6.5CVSS6.6AI score0.00876EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/02/15 5:15 p.m.12 views

CVE-2022-25192

A cross-site request forgery CSRF vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS7.2AI score0.00655EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/02/09 4:15 p.m.12 views

CVE-2021-46152

A vulnerability has been identified in Simcenter Femap V2020.2 All versions, Simcenter Femap V2021.1 All versions. Affected application contains a type confusion vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. ZDI-CAN-1464...

7.8CVSS7.3AI score0.01596EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/02/04 7:15 p.m.12 views

CVE-2022-24249

A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtraboxwrite function in /boxcodebase.c, which causes a Denial of Service. This vulnerability was fixed in commit 71f9871...

5.5CVSS6.8AI score0.00614EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/02/04 2:15 a.m.12 views

CVE-2022-24158

Tenda AX3 v16.03.12.10CN was discovered to contain a stack overflow in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service DoS via the list parameter...

7.8CVSS7.2AI score0.01175EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/02/01 2:15 a.m.12 views

CVE-2021-46665

MariaDB through 10.5.9 allows a sqlparse.cc application crash because of incorrect usedtables expectations...

5.5CVSS6.8AI score0.004EPSS
Exploits1References10
ATTACKERKB
ATTACKERKB
added 2022/01/30 3:15 p.m.12 views

CVE-2022-0413

Use After Free in GitHub repository vim/vim prior to 8.2...

8.4CVSS7.2AI score0.01395EPSS
Exploits1References10
ATTACKERKB
ATTACKERKB
added 2022/01/26 6:15 p.m.12 views

CVE-2021-46561

controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitrary new organization, and thereby achieve unintended access within the context of that new...

7.2CVSS7.2AI score0.00836EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/01/19 12:15 p.m.12 views

CVE-2022-21361

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Sample apps. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic...

6.1CVSS6.7AI score0.00946EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/01/19 12:15 p.m.12 views

CVE-2022-21334

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where th...

6.3CVSS6.7AI score0.02795EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/01/12 5:0 p.m.12 views

CVE-2022-22159

A vulnerability in the NETISR network queue functionality of Juniper Networks Junos OS kernel allows an attacker to cause a Denial of Service DoS by sending crafted genuine packets to a device. During an attack, the routing protocol daemon rpd CPU may reach 100% utilization, yet FPC CPUs forwardi...

7.5CVSS7.1AI score0.01137EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/01/12 5:0 p.m.12 views

CVE-2022-22176

An Improper Validation of Syntactic Correctness of Input vulnerability in the Juniper DHCP daemon jdhcpd of Juniper Networks Junos OS allows an adjacent unauthenticated attacker sending a malformed DHCP packet to cause a crash of jdhcpd and thereby a Denial of Service DoS. If option-82 is...

7.4CVSS6.6AI score0.00368EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/01/01 12:15 a.m.12 views

CVE-2021-45929

Wasm3 0.5.0 has an out-of-bounds write in CompileBlock called from CompileElseBlock and CompileIf...

5.5CVSS5.5AI score0.00664EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2021/12/15 2:15 p.m.12 views

CVE-2021-4116

yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.6CVSS6.3AI score0.00456EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2021/11/10 1:17 a.m.12 views

CVE-2021-36957

Windows Desktop Bridge Elevation of Privilege Vulnerability...

7.8CVSS7.2AI score0.0043EPSS
Exploits0References2Affected Software14
ATTACKERKB
ATTACKERKB
added 2021/10/04 12:0 a.m.12 views

CVE-nu11-100421

The search parameter appears to be vulnerable to time-based blind SQL injection attacks, on the web app “Local Offices Contact Directories Site” by oretnom23. The malicious attacker can execute a malicious payload and he can dump hashes authentication credentials. Then the attacker can to take...

8.3AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/02/13 12:0 a.m.12 views

AppInfo AiCheckSecureApplicationDirectory Bypass

The AppInfo service handles requests for UAC elevation. There’s an issue with the checking of secure directories which allows a user to install a UIAccess application without requiring full access to a secure directory leading to the potential for EoP Recent assessments: busterb at May 09, 2019...

2.3AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/02/13 12:0 a.m.12 views

TrendMicro Password Manager node.js Unsafe API Calls

When you install TrendMicro Antivirus on Windows, by default a component called Password Manager is also installed and automatically launched on startup. This product is primarily written in JavaScript with node.js, and opens multiple HTTP RPC ports for handling API requests. It took about 30...

0.7AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/02/13 12:0 a.m.12 views

Return Of Bleichenbacher's Oracle Threat

ROBOT is the return of a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server. Recent assessments: busterb at May 09, 2019 5:57pm UTC reported: The details are pretty heavily documented on robotattack.org, so no need to...

2.4AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2017/10/13 1:29 p.m.12 views

CVE-2017-11822

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how...

7.6CVSS6.1AI score0.08484EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2012/05/29 8:55 p.m.12 views

CVE-2012-1987

Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to 1 cause a denial of service memory consumption via a REST request to a stream tha...

3.5CVSS5.7AI score0.02553EPSS
Exploits0References22
ATTACKERKB
ATTACKERKB
added 6 days ago11 views

CVE-2026-59225

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.12 before 0.10.0, an authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model through task endpoints such as /api/v1/tasks/moa/completions. The...

5.4CVSS6AI score0.00211EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 4:2 p.m.11 views

CVE-2026-57851

MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...

8.5CVSS6AI score0.0017EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/07 9:19 a.m.11 views

CVE-2026-49487

In Apache Airflow before 3.3.0, the REST API task-instance detail and list endpoints returned a deferred task's trigger kwargs without masking. When a deferred operator passed a secret for example a provider API key into its trigger, any authenticated user with DAG-scoped task-instance read acces...

6.5CVSS6AI score0.00664EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 10:58 p.m.11 views

CVE-2026-53646

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when a ClientPasswordReset record already exists for a client from a previous unexpired reset request, subsequent calls to the resetpassword guest API endpoint reuse the existing token instea...

7.7CVSS6AI score0.00215EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:9 p.m.11 views

CVE-2026-21384

Memory Corruption when updating prepared commands with invalid port indices based on user space input exceeds supported read client limits...

5.3CVSS6AI score0.00056EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 2:4 p.m.11 views

CVE-2026-54893

URL path injection in the Microsoft Graph adapter of Swoosh. Swoosh.Adapters.MsGraph builds its Microsoft Graph API request URL by interpolating the sender's email address into the URL path /users/from/sendMail without percent-encoding or validation. In applications that derive the from address...

2.1CVSS6AI score0.00143EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 1:58 p.m.11 views

CVE-2026-58380

A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscannergettoken function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption,...

7.3CVSS6.3AI score0.00216EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/07/06 1:30 a.m.11 views

CVE-2026-14787

A weakness has been identified in radareorg radare2 up to 6.1.6. Affected is the function cmdprint in the library libr/core/cmdprint.inc of the component pb Print Command Handler. This manipulation causes integer overflow. The attack needs to be launched locally. The exploit has been made availab...

4.8CVSS5.5AI score0.00136EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/05 11:45 p.m.11 views

CVE-2026-14783

A vulnerability was determined in NousResearch hermes-agent 2026.5.29.2. The impacted element is the function skillview of the file tools/skillstool.py. Executing a manipulation of the argument Name can lead to path traversal. The attack can be launched remotely. The exploit has been publicly...

5.3CVSS5.6AI score0.00333EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/05 7:45 a.m.11 views

CVE-2026-14723

A vulnerability was determined in AD-Security ADMiner 1.9.0. Affected is the function requesta of the file adminer/scripts/analysecache.py of the component Cache Handler. This manipulation of the argument sys.argv1 causes deserialization. The attack can only be executed locally. The pull request ...

5.3CVSS5.8AI score0.00121EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/05 7:30 a.m.11 views

CVE-2026-14722

A vulnerability was found in tiddly-gittly TidGi-Desktop up to 0.13.0. This impacts an unknown function of the file src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts of the component Git Repository Import. The manipulation results in code injection. The attack may be performed from...

7.5CVSS6.7AI score0.00315EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/05 6:55 a.m.11 views

CVE-2026-14781

A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the emailverified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but...

4.8CVSS6.1AI score0.00196EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/05 4:15 a.m.11 views

CVE-2026-14703

A vulnerability has been found in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /patientorder.php. Such manipulation of the argument editid leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and...

6.5CVSS6.4AI score0.002EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/04 2:0 p.m.11 views

CVE-2026-14630

A vulnerability has been found in ForceInjection AI-fundermentals 2.0/3.0. Affected by this vulnerability is the function getconversationhistory of the file 08agenticsystem/memory/langchain/code/smartcustomerservice.py of the component Memory Recall Handler. The manipulation leads to use of weak...

3.1CVSS4.9AI score0.0016EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.11 views

CVE-2025-71380

The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or...

8.8CVSS6.2AI score0.00413EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.11 views

CVE-2025-71375

picklescan before 0.0.34 fails to detect the operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using operator.methodcaller that evade detection and execute arbitrary code when loaded by pickle.load...

8.1CVSS6.3AI score0.00365EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.11 views

CVE-2025-71372

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle reduce methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded, bypassing Picklescan's safety checks and enabling...

8.1CVSS6.3AI score0.00379EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/03 9:45 p.m.11 views

CVE-2026-14617

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected is the function GatewayStreamConsumer.filterandaccumulate of the file gateway/streamconsumer.py of the component Streaming Reasoning Tag Filter. The manipulation leads to improper handling of case...

3.1CVSS5.1AI score0.00237EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:58 a.m.11 views

CVE-2026-4322

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows Reflected XSS. This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the produ...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/03 6:15 a.m.11 views

CVE-2026-8925

The curl logic that works with SASL authentication could end up cleaning up the GSASL context twice without clearing the pointer in between, making it free the same pointer twice...

5.9AI score0.0108EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/03 6:13 a.m.11 views

CVE-2026-11856

Successfully using libcurl to do a transfer to a specific HTTP origin hostA with Digest authentication and then changing the origin to a different one hostB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Authorization: header field meant for hostA, to hostB...

6AI score0.01064EPSS
Exploits1References4Affected Software1
Total number of security vulnerabilities5000