Lucene search
K
AttackerkbMost viewed

74485 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/25 8:47 a.m.11 views

CVE-2026-31683

In the Linux kernel, the following vulnerability has been resolved: batman-adv: avoid OGM aggregation when skb tailroom is insufficient When OGM aggregation state is toggled at runtime, an existing forwarded packet may have been allocated with only packetlen bytes, while a later packet can still ...

5.5AI score0.00121EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/24 7:26 p.m.11 views

CVE-2026-41433

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to before 0.8.0, a flaw in the Java agent injection path allows a local attacker controlling a Java workload to overwrite arbitrary host files when Java injection is enabled and OBI is...

8.4CVSS5.5AI score0.00194EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/24 6:49 p.m.11 views

CVE-2026-41418

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, 4ga Boards is vulnerable to user enumeration via a timing side-channel in the login endpoint POST /api/access-tokens. When an invalid username/email is provided, the server responds immediately 17ms average. When a val...

5.3CVSS5.3AI score0.00197EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:42 p.m.11 views

CVE-2026-31617

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: validate minimum blocklen in ncmunwrapntb The blocklen read from the host-supplied NTB header is checked against ntbmax but has no lower bound. When blocklen is smaller than opts-ndpsize, the bounds check of:...

5.5CVSS5.2AI score0.00129EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/23 7:15 p.m.11 views

CVE-2026-41270

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery SSRF protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTPDENYLIST for axios and...

7.1CVSS5.8AI score0.00234EPSS
Exploits1References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/04/23 12:28 a.m.11 views

CVE-2026-41196

Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...

9CVSS6.2AI score0.00374EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:8 p.m.11 views

CVE-2026-35364

A Time-of-Check to Time-of-Use TOCTOU race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before recreating it through a copy operation. A local attacker with write access to the destination directory can exploit thi...

6.3CVSS5.9AI score0.00091EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:4 p.m.11 views

CVE-2026-1660

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to cause denial of service when importing issues due to improper input validation...

6.5CVSS5.8AI score0.00402EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/22 2:56 p.m.11 views

CVE-2018-25259

Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious input file with shellcode and jump instructions that...

8.6CVSS6.5AI score0.00189EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/21 8:35 p.m.11 views

CVE-2026-34308

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: JSON. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

6.5CVSS5.7AI score0.00303EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/21 2:45 p.m.11 views

CVE-2026-3298

The method "sockrecvfrominto" of "asyncio.ProacterEventLoop" Windows only was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected...

8.8CVSS5.9AI score0.00374EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/20 7:30 p.m.11 views

CVE-2025-11249

This CVE id was assigned as a duplicate of CVE-2025-66414...

8.1CVSS5.8AI score0.00463EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/20 1:55 p.m.11 views

CVE-2026-34427

Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject roleid=1 into profile save requests to escalate to Super Administrator privileges,...

8.8CVSS6.2AI score0.00562EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/19 12:45 p.m.11 views

CVE-2026-6573

A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...

6.5CVSS5.5AI score0.00258EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/18 12:1 a.m.11 views

CVE-2026-40348

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can trigger server-side requests to arbitrary internal targets through POST /settings/jellyfin/server-url-verify. The endpoint accepts a user-controlled URL, appends...

7.7CVSS5.8AI score0.00379EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/17 8:25 p.m.11 views

CVE-2026-23500

Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAINODTASPDF configuration constant directly into a shell command passed to exec without...

9.4CVSS6.5AI score0.00922EPSS
Exploits3References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/16 11:33 p.m.11 views

CVE-2026-22734

Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed no...

8.6CVSS5.8AI score0.00364EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/16 6:43 p.m.11 views

CVE-2026-6442

Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository, causing the CLI agent...

8.3CVSS6.2AI score0.00358EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/16 1:30 p.m.11 views

CVE-2026-5968

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 7:4 p.m.11 views

CVE-2026-6360

Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00253EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/15 7:4 p.m.11 views

CVE-2026-6302

Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/15 12:0 a.m.11 views

CVE-2026-30364

CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function...

7.5CVSS5.8AI score0.00307EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/14 9:9 p.m.11 views

CVE-2026-34160

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS Package Exchange Notification Services plugin endpoint at public/plugin/Pens/pens.php is accessible without authentication and accepts a user-controlled package-url parameter that the server fetche...

8.6CVSS5.7AI score0.00344EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/14 4:57 p.m.11 views

CVE-2026-33825

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally...

7.8CVSS5.7AI score0.06749EPSS
Exploits3References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/14 4:57 p.m.11 views

CVE-2026-32202

Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network...

4.3CVSS5.8AI score0.64095EPSS
Exploits3References2Affected Software21
ATTACKERKB
ATTACKERKB
added 2026/04/14 8:9 a.m.11 views

CVE-2026-33929

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. Users are recommended to update to version 2.0.37 or...

5.3CVSS5.8AI score0.00886EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/13 9:6 p.m.11 views

CVE-2026-33908

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the DestroyXMLTree function; however, this process is executed recursively with no depth limit imposed. When...

7.5CVSS5.7AI score0.0051EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/11 12:13 a.m.11 views

CVE-2026-5494

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in...

7.8CVSS7.6AI score0.00284EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/10 7:23 p.m.11 views

CVE-2026-40175

Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound requests. This...

4.8CVSS6.8AI score0.01815EPSS
Exploits5References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/08 5:4 p.m.11 views

CVE-2026-32589

A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to rea...

7.4CVSS5.8AI score0.00243EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/04/07 4:25 a.m.11 views

CVE-2026-0740

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NFFUAJAXControllersUploads::handleupload' function in all versions up to, and including, 3.3.26. This makes it possible for unauthenticated attackers to upload...

9.8CVSS6.6AI score0.54254EPSS
Exploits7References3
ATTACKERKB
ATTACKERKB
added 2026/04/06 5:54 p.m.11 views

CVE-2026-35177

Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280...

4.1CVSS6.8AI score0.00731EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/04 12:38 a.m.11 views

CVE-2026-35616

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests...

9.8CVSS6AI score0.88505EPSS
Exploits8References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/03 8:13 p.m.11 views

CVE-2026-5485

OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a local user-initiated connection. To...

7.8CVSS6.3AI score0.00727EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/02 3:3 p.m.11 views

CVE-2026-33691

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

6.8CVSS5.7AI score0.02172EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/02 8:59 a.m.11 views

CVE-2026-33616

An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.5CVSS6.1AI score0.00339EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/01 4:41 a.m.11 views

CVE-2026-5274

Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.1AI score0.00336EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/01 12:30 a.m.11 views

CVE-2024-58342

XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially crafted URL. The getDynamicRedirect function does not adequately validate the redirect target, allowing attackers to redirect users to arbitrary external sites using crafted URLs containing newlines, user credentials, or host...

6.3CVSS6AI score0.00147EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 3:47 p.m.11 views

CVE-2026-34219

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an attacker-controlled...

8.2CVSS5.8AI score0.00332EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 9:15 p.m.11 views

CVE-2026-33670

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. Version 3.6.2 patches the issue...

9.8CVSS5.8AI score0.0066EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/25 6:12 p.m.11 views

CVE-2026-1001

Domoticz versions prior to 2026.1 contain a stored cross-site scripting vulnerability in the Add Hardware and rename device functionality of the web interface that allows authenticated administrators to execute arbitrary scripts by supplying crafted names containing script or HTML markup. Attacke...

4.8CVSS6.1AI score0.00211EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/25 5:47 p.m.11 views

CVE-2026-33713

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulate...

8.7CVSS6AI score0.00423EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/24 6:46 p.m.11 views

CVE-2026-30932

Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file...

8.6CVSS5.8AI score0.00544EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/24 12:30 p.m.11 views

CVE-2026-4706

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

7.5CVSS7.2AI score0.00452EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/03/24 12:30 p.m.11 views

CVE-2026-4685

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

7.5CVSS5.8AI score0.00687EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/03/24 12:24 a.m.11 views

CVE-2026-4679

Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.9AI score0.0034EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/24 12:24 a.m.11 views

CVE-2026-4675

Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.1AI score0.00385EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/23 10:25 p.m.11 views

CVE-2026-3225

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the deletequestionanswer function of the EditQuestionAjax class in all versions up to, and including, 4.3.2.8. The...

4.3CVSS5.8AI score0.00262EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/23 9:3 p.m.11 views

CVE-2026-29111

systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this i...

5.5CVSS6AI score0.00121EPSS
Exploits0References12Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/23 8:52 p.m.11 views

CVE-2026-23882

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the MCP Model Context Protocol server creation function allows specifying arbitrary commands and arguments, which are executed when testing the connection. This issue has been patched in version 1.8.4...

8.6CVSS5.9AI score0.00362EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities5000