Lucene search
+L
AttackerkbMost viewed

75202 matches found

attackerkb
attackerkb
added 2026/05/28 12:16 p.m.17 views

CVE-2026-9818

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

4.7CVSS5.7AI score
Exploits0References6
attackerkb
attackerkb
added 2026/05/28 9:35 a.m.17 views

CVE-2026-46107

In the Linux kernel, the following vulnerability has been resolved: dm-thin: fix metadata refcount underflow There's a bug in dm-thin in the function rebalancechildren. If the internal btree node has one entry, the code tries to copy all btree entries from the node's child to the node itself and...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References9Affected Software1
attackerkb
attackerkb
added 2026/05/27 7:40 p.m.17 views

CVE-2026-8363

A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:...

9.8CVSS6.1AI score0.00335EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/27 5:22 p.m.17 views

CVE-2026-44346

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs.name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentom...

8.8CVSS5.9AI score0.00321EPSS
Exploits1References2Affected Software1
attackerkb
attackerkb
added 2026/05/27 1:21 p.m.17 views

CVE-2026-9035

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be ab...

6.5CVSS5.9AI score0.00325EPSS
Exploits0References2Affected Software2
attackerkb
attackerkb
added 2026/05/27 5:31 a.m.17 views

CVE-2026-8847

The Dideo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dideo' shortcode in version 1.0. This is due to insufficient input sanitization and output escaping on the 'id' shortcode attribute, which is interpolated directly into an HTML iframe 'src' attribute...

6AI score0.00198EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/05/26 9:32 p.m.17 views

CVE-2025-43289

A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to access sensitive user data...

5.5CVSS5.8AI score0.00139EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/05/26 9:29 p.m.17 views

CVE-2026-5260

A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure...

8.2CVSS5.8AI score0.00727EPSS
Exploits0References16
attackerkb
attackerkb
added 2026/05/26 8:15 p.m.17 views

CVE-2026-9580

A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and m...

7.5CVSS6.7AI score0.00291EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/05/26 3:46 p.m.17 views

CVE-2025-13755

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes DB2 Connect Server stores potentially sensitive information in log files that could be read by a local user...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/05/26 8:41 a.m.17 views

CVE-2026-25104

MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability...

7.8CVSS6AI score0.00207EPSS
Exploits1References2Affected Software1
attackerkb
attackerkb
added 2026/05/26 8:24 a.m.17 views

CVE-2026-24590

Missing Authorization vulnerability in VideoWhisper.Com Paid Videochat Turnkey Site allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Paid Videochat Turnkey Site: from n/a through 7.3.23...

5.3CVSS5.8AI score0.00246EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/26 5:0 a.m.17 views

CVE-2026-9496

Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation...

8.7CVSS7.1AI score0.00346EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/05/25 11:0 a.m.17 views

CVE-2026-9452

A security vulnerability has been detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. Affected by this issue is the function ExecTool.execute of the file /src/tools/exec.ts. Such manipulation leads to os command injection. The attack can be launched remotely. The...

7.5CVSS6.7AI score0.01385EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/05/25 7:0 a.m.17 views

CVE-2026-9436

A flaw has been found in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be...

10CVSS7AI score0.02005EPSS
Exploits0References6Affected Software1
attackerkb
attackerkb
added 2026/05/25 3:0 a.m.17 views

CVE-2026-9420

A vulnerability was found in KLiK SocialMediaWebsite 1.0. This affects an unknown part of the component HTTP GET Request Parameter Handler. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has been made public and could be used...

7.5CVSS5.6AI score0.00242EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/05/24 11:0 p.m.17 views

CVE-2026-9404

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This affects the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. Th...

10CVSS5.7AI score0.01732EPSS
Exploits0References5Affected Software1
attackerkb
attackerkb
added 2026/05/24 4:45 a.m.17 views

CVE-2026-9355

A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=savepatienthistory. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5Affected Software1
attackerkb
attackerkb
added 2026/05/22 3:27 p.m.17 views

CVE-2026-8477

Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensitive data without triggering the unseal audit notification via a crafted API request. This issue...

2.7CVSS5.8AI score0.00178EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/05/22 1:17 p.m.17 views

CVE-2026-8672

Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0...

5.1CVSS5.8AI score0.00105EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/21 9:50 p.m.17 views

CVE-2026-4093

In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A token display templates: When the Token module is enabled and token display templates are configured, attacker-controlled token output e.g., term description is rendered...

5.1CVSS5.8AI score0.00172EPSS
Exploits1References3Affected Software1
attackerkb
attackerkb
added 2026/05/21 1:56 p.m.17 views

CVE-2026-1815

Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...

5.7CVSS5.8AI score0.00178EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/05/20 10:54 p.m.17 views

CVE-2026-47782

Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor...

4.6CVSS5.8AI score0.00132EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/05/20 9:36 p.m.17 views

CVE-2026-40102

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...

6.5CVSS5.8AI score0.00295EPSS
Exploits1References3Affected Software1
attackerkb
attackerkb
added 2026/05/17 11:30 p.m.17 views

CVE-2026-8771

A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection. Remote...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/05/17 10:45 p.m.17 views

CVE-2026-8768

A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...

7.5CVSS6.7AI score0.00385EPSS
Exploits1References6Affected Software1
attackerkb
attackerkb
added 2026/05/15 9:26 p.m.17 views

CVE-2026-45315

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serve...

8.7CVSS5.8AI score0.0018EPSS
Exploits1References2Affected Software1
attackerkb
attackerkb
added 2026/05/14 7:52 p.m.17 views

CVE-2026-8578

Out of bounds read in GPU in Google Chrome on Linux prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00156EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/05/14 5:0 p.m.17 views

CVE-2026-42897

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

8.1CVSS5.8AI score0.0564EPSS
Exploits1References2Affected Software4
attackerkb
attackerkb
added 2026/05/13 8:28 a.m.17 views

CVE-2026-6429

When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...

5.8AI score0.00519EPSS
Exploits1References4Affected Software1
attackerkb
attackerkb
added 2026/05/12 4:58 p.m.17 views

CVE-2026-32177

Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally...

7.3CVSS5.9AI score0.00551EPSS
Exploits0References2Affected Software12
attackerkb
attackerkb
added 2026/05/11 5:20 p.m.17 views

CVE-2026-43894

jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INTMAX-1 2147483646 digits, the D2U macro overflows during signed-int arithmetic. The wrapped negative value bypasses the heap-allocation size check, causes the function to use a 30-by...

6.2CVSS5.8AI score0.00158EPSS
Exploits1References2Affected Software1
attackerkb
attackerkb
added 2026/05/11 3:15 a.m.17 views

CVE-2026-8268

A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function OpenAPIlistcreate of the component SMF. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The project was informed ...

5.3CVSS5.4AI score0.00372EPSS
Exploits1References5
attackerkb
attackerkb
added 2026/05/09 9:0 p.m.17 views

CVE-2026-8210

A security vulnerability has been detected in aandrew-me tgpt up to 2.11.1 on Linux/macOS. Affected by this vulnerability is the function helper.Update of the file helper.go of the component Update Handler. The manipulation leads to command injection. Local access is required to approach this...

5.3CVSS5.6AI score0.00851EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/05/08 10:21 p.m.17 views

CVE-2026-42339

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. In versions 0.11.9-alpha.1 and prior, the SSRF protection introduced in v0.9.0.5 CVE-2025-59146 and hardened in v0.9.6 CVE-2025-62155 does not block the unspecified address 0.0.0.0. A regular...

8.5CVSS5.8AI score0.00265EPSS
Exploits1References2Affected Software1
attackerkb
attackerkb
added 2026/05/08 5:17 p.m.17 views

CVE-2026-6659

Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/06 11:29 a.m.17 views

CVE-2026-43278

In the Linux kernel, the following vulnerability has been resolved: dm: clear cloned request bio pointer when last clone bio completes Stale rq-bio values have been observed to cause double-initialization of cloned bios in request-based device-mapper targets, leading to use-after-free and...

5.7AI score0.00117EPSS
Exploits0References9Affected Software1
attackerkb
attackerkb
added 2026/05/06 11:28 a.m.17 views

CVE-2026-43252

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: in-kernel: always set ID as avail when rm endp Syzkaller managed to find a combination of actions that was generating this warning: WARNING: net/mptcp/pmkernel.c:1074 at marksubflowendpavailable net/mptcp/pmkernel.c:10...

5.5CVSS5.7AI score0.00095EPSS
Exploits0References7Affected Software1
attackerkb
attackerkb
added 2026/05/03 1:30 p.m.17 views

CVE-2026-7698

A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo. Such manipulation of the argument week leads to os command injection. The attack can be executed...

7.5CVSS6.9AI score0.01655EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/05/01 1:55 p.m.17 views

CVE-2026-31699

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed When retrieving the PEK CSR, don't attempt to copy the blob to userspace if the firmware command failed. If the failure was due to an invalid length, i.e...

6AI score0.00126EPSS
Exploits0References6Affected Software1
attackerkb
attackerkb
added 2026/05/01 1:55 p.m.17 views

CVE-2026-31698

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed When retrieving the PDH cert, don't attempt to copy the blobs to userspace if the firmware command failed. If the failure was due to an invalid length...

6AI score0.00126EPSS
Exploits0References6Affected Software1
attackerkb
attackerkb
added 2026/04/22 1:11 p.m.17 views

CVE-2026-41651

PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use TOCTOU race condition on transaction flags that...

8.8CVSS6AI score0.0046EPSS
Exploits10References6Affected Software1
attackerkb
attackerkb
added 2026/04/21 4:16 p.m.17 views

CVE-2026-26274

October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a vulnerability was identified in the Twig sandbox security policy that allowed database write operations when cms.safemode is enabled. Backend users with Developer permissions could use Twig template markup ...

6.6CVSS5.9AI score0.00229EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/04/14 4:57 p.m.17 views

CVE-2026-33822

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally...

6.1CVSS5.6AI score0.0036EPSS
Exploits0References2Affected Software3
attackerkb
attackerkb
added 2026/04/13 1:40 p.m.17 views

CVE-2026-31423

In the Linux kernel, the following vulnerability has been resolved: net/sched: schhfsc: fix divide-by-zero in rtscmin m2sm converts a u32 slope to a u64 scaled value. For large inputs e.g. m1=4000000000, the result can reach 2^32. rtscmin stores the difference of two such u64 values in a u32...

6AI score0.0012EPSS
Exploits0References9Affected Software1
attackerkb
attackerkb
added 2026/03/27 3:37 a.m.17 views

CVE-2026-3098

The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on th...

6.5CVSS5.9AI score0.00484EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/03/23 11:38 p.m.17 views

CVE-2026-33250

Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player'...

7.5CVSS5.9AI score0.00821EPSS
Exploits0References5Affected Software1
attackerkb
attackerkb
added 2026/03/18 10:5 a.m.17 views

CVE-2025-71265

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop in attrloadrunsrange on inconsistent metadata We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service DoS condition. A malformed NTFS image can cause an infinite lo...

5.6AI score0.00121EPSS
Exploits0References8Affected Software1
attackerkb
attackerkb
added 2026/03/13 5:40 p.m.17 views

CVE-2026-31806

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdisurfacebits function processes SURFACEBITSCOMMAND messages sent by the RDP server. When the command is handled using NSCodec, the bmp.width and bmp.height values provided by the server are not properly...

9.3CVSS6.3AI score0.00656EPSS
Exploits1References3Affected Software1
attackerkb
attackerkb
added 2026/03/12 6:27 p.m.17 views

CVE-2026-3497

Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpktdisconnect on an error, which does not terminate the...

6.9CVSS6AI score0.0218EPSS
Exploits0References3
Total number of security vulnerabilities5000