Search Results | AttackerKB

Show filters

Topics 10,538 Users 9,730

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

10,538 Total Results

Displaying 221-230 of 10,000

Refine your search criteria for more targeted results.

Attacker Value

Unknown

CVE-2024-5594

Disclosure Date: January 06, 2025 (last updated January 07, 2025)

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which attackers can use to inject unexpected arbitrary data into third-party executables or plug-ins.

0

Attacker Value

Unknown

CVE-2024-37452

Disclosure Date: January 02, 2025 (last updated January 03, 2025)

Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop Schema Lite allows Cross Site Request Forgery.This issue affects Schema Lite: from n/a through 1.2.2.

0

Attacker Value

Unknown

CVE-2024-56267

Disclosure Date: January 02, 2025 (last updated January 03, 2025)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fla-shop.com Interactive UK Map allows Stored XSS.This issue affects Interactive UK Map: from n/a through 3.4.8.

0

Attacker Value

Unknown

CVE-2023-46203

Disclosure Date: January 02, 2025 (last updated January 03, 2025)

Missing Authorization vulnerability in JustCoded / Alex Prokopenko Just Custom Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Just Custom Fields: from n/a through 3.3.2.

0

Attacker Value

Unknown

CVE-2023-45649

Disclosure Date: January 02, 2025 (last updated January 03, 2025)

Missing Authorization vulnerability in CodePeople Appointment Hour Booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Hour Booking: from n/a through 1.4.23.

0

Attacker Value

Unknown

CVE-2023-45104

Disclosure Date: January 02, 2025 (last updated January 03, 2025)

Missing Authorization vulnerability in WPDeveloper BetterLinks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterLinks: from n/a through 1.6.0.

0

Attacker Value

Unknown

CVE-2024-56027

Disclosure Date: January 02, 2025 (last updated January 02, 2025)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BizSwoop a CPF Concepts, LLC Brand Leads CRM allows Reflected XSS.This issue affects Leads CRM: from n/a through 2.0.13.

0

Attacker Value

Unknown

CVE-2024-56063

Disclosure Date: December 31, 2024 (last updated February 27, 2025)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through 6.0.7.

0

Attacker Value

Unknown

CVE-2024-45805

Disclosure Date: December 26, 2024 (last updated February 27, 2025)

OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed by users with access privileges to admin and support information (SETTINGS_SUPPORT). This is due to inadequate access control for support information (http://<opencti_domain>/storage/get/support/UUID/UUID.zip), and that the UUID is available to general users using an attached query (logs query). This vulnerability is fixed in 6.3.0.

0

Attacker Value

Unknown

CVE-2024-1609

Disclosure Date: December 25, 2024 (last updated February 27, 2025)

In OPPOStore iOS App, there's a possible escalation of privilege due to improper input validation.

0