Lucene search
+L
AttackerkbMost viewed

75301 matches found

attackerkb
attackerkb
added 2026/04/16 11:21 a.m.16 views

CVE-2026-3489

The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions up to, and including, 3.6.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...

7.5CVSS5.9AI score0.00387EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/04/06 8:8 p.m.16 views

CVE-2026-35213

@hapi/content provided HTTP Content- headers parsing. All versions of @hapi/content through 6.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via crafted HTTP header values. Three regular expressions used to parse Content-Type and Content-Disposition headers contain patterns...

8.7CVSS5.9AI score0.00413EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/04/03 8:20 p.m.16 views

CVE-2026-28766

A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication...

9.3CVSS5.9AI score0.00436EPSS
Exploits1References4
attackerkb
attackerkb
added 2026/04/02 2:34 p.m.16 views

CVE-2026-35002

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the fieldtype parameter passed to eval. Attackers can influence the fieldtype value in a FunctionCall to achieve...

9.3CVSS6.7AI score0.00852EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/03/31 1:43 p.m.16 views

CVE-2026-34162

FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint /api/core/app/httpTools/runTool is exposed without any authentication. This endpoint acts as a full HTTP proxy — it accepts a user-supplied baseUrl, toolPath, HTTP method, custom headers,...

10CVSS5.8AI score0.00416EPSS
Exploits1References5Affected Software1
attackerkb
attackerkb
added 2026/03/31 8:51 a.m.16 views

CVE-2026-3106

Blind Cross-Site Scripting XSS in Teampass, versions prior to 3.1.5.16, within the password manager login functionality in the 'contraseña' parameter of the login form 'redacted/index.php'. During failed authentication attempts, the application does not properly clean or encode the information...

9.3CVSS6AI score0.00153EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/03/30 2:6 p.m.16 views

CVE-2026-28526

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller LISTPLAYERAPPLICATIONSETTINGATTRIBUTES and LISTPLAYERAPPLICATIONSETTINGVALUES handlers that allows attackers to read beyond buffer boundaries. A nearby attacker with a paired Bluetooth...

3.5CVSS6AI score0.00143EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/03/20 3:7 a.m.16 views

CVE-2026-31805

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass in the poll plugin allowed authenticated users to vote on, remove votes from, or toggle the open/closed status of polls they did not have access to. By passing...

5.3CVSS5.8AI score0.00215EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/03/07 12:20 a.m.16 views

CVE-2026-25072

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cook...

8.6CVSS5.8AI score0.00495EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/03/06 7:33 p.m.16 views

CVE-2026-30844

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery SSRF via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or...

9.3CVSS5.8AI score0.00235EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/03/05 5:54 a.m.16 views

CVE-2026-27439

Deserialization of Untrusted Data vulnerability in ThemeREX Dentario dentario allows Object Injection.This issue affects Dentario: from n/a through = 1.5...

5.9AI score0.00375EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/02/26 10:31 p.m.16 views

CVE-2026-28213

EverShop is a TypeScript-first eCommerce platform. Versions prior to 2.1.1 have a vulnerability in the "Forgot Password" functionality. When specifying a target email address, the API response returns the password reset token. This allows an attacker to take over the associated account. Version...

9.8CVSS5.8AI score0.00446EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/02/19 8:35 p.m.16 views

CVE-2026-27368

Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a...

5.5AI score0.00242EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/02/17 8:46 p.m.16 views

CVE-2026-23597

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well...

6.5CVSS5.5AI score0.00247EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/02/07 9:2 a.m.16 views

CVE-2026-2080

A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public an...

8.6CVSS6.7AI score0.09369EPSS
Exploits1References5Affected Software1
attackerkb
attackerkb
added 2026/02/06 2:2 a.m.16 views

CVE-2026-1974

A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit is publicly available and...

6.9CVSS5.2AI score0.00499EPSS
Exploits1References7
attackerkb
attackerkb
added 2026/01/29 9:33 p.m.16 views

CVE-2026-25040

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or Ap...

7.1CVSS5.9AI score0.00523EPSS
Exploits1References4Affected Software1
attackerkb
attackerkb
added 2026/01/20 4:14 a.m.16 views

CVE-2026-0901

Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

5.4CVSS5.5AI score0.00187EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2025/11/05 3:15 p.m.16 views

CVE-2025-3125

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-controlled location on the server, potentially...

7.2CVSS6.6AI score0.00836EPSS
Exploits0References2Affected Software9
attackerkb
attackerkb
added 2025/06/30 12:0 a.m.16 views

CVE-2025-6554

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.1CVSS6.7AI score0.06564EPSS
Exploits5References3
attackerkb
attackerkb
added 2025/06/24 12:28 p.m.16 views

CVE-2025-6434

The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability was fixed in Firefox 140 and Thunderbird 1...

4.3CVSS5.8AI score0.00227EPSS
Exploits0References4
attackerkb
attackerkb
added 2025/05/02 4:15 p.m.16 views

CVE-2023-53061

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix possible refcount leak in smb2open Reference count of acls will leak when memory allocation fails. Fix this by adding the missing posixaclrelease...

5.5CVSS5.7AI score0.00165EPSS
Exploits0References5Affected Software1
attackerkb
attackerkb
added 2025/03/19 12:0 a.m.16 views

CVE-2025-30154

reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use reviewdog/action-setup@v...

8.6CVSS7.4AI score0.02296EPSS
Exploits2References6
attackerkb
attackerkb
added 2025/03/11 12:0 a.m.16 views

CVE-2025-24984

Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

4.6CVSS6AI score0.01831EPSS
Exploits0References2
attackerkb
attackerkb
added 2025/02/26 10:15 p.m.16 views

CVE-2024-57040

TP-Link TL-WR845N devices with firmware TL-WR845NUNV4200909 and TL-WR845NUNV4190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the router. NOTE: The supplier has...

9.8CVSS5.7AI score0.01116EPSS
Exploits1References2
attackerkb
attackerkb
added 2024/08/22 12:0 a.m.16 views

CVE-2024-39717

The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. Tenant level users do not have this privilege. The “Change Favicon” Favorite Icon...

7.2CVSS7AI score0.04006EPSS
Exploits1References6
attackerkb
attackerkb
added 2024/07/10 12:0 a.m.16 views

CVE-2024-5217

ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addresse...

9.8CVSS10AI score0.99976EPSS
Exploits8References4
attackerkb
attackerkb
added 2024/05/22 7:15 a.m.16 views

CVE-2021-47454

In the Linux kernel, the following vulnerability has been resolved: powerpc/smp: do not decrement idle task preempt count in CPU offline With PREEMPTCOUNT=y, when a CPU is offlined and then onlined again, we get: BUG: scheduling while atomic: swapper/1/0/0x00000000 no locks held by swapper/1/0...

5.5CVSS6.1AI score0.00225EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2023/12/06 12:0 a.m.16 views

CVE-2023-49897

An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product. Recent assessments: Assessed Attacke...

8.8CVSS7.6AI score0.50729EPSS
Exploits1References5
attackerkb
attackerkb
added 2023/11/07 8:15 a.m.16 views

CVE-2023-42283

Blind SQL injection in apiid parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query...

9.8CVSS5.9AI score0.01257EPSS
Exploits2References2
attackerkb
attackerkb
added 2022/11/21 10:15 a.m.16 views

CVE-2022-45146

An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module,...

5.5CVSS6.5AI score0.00434EPSS
Exploits1References4
attackerkb
attackerkb
added 2022/09/09 9:15 p.m.16 views

CVE-2022-40320

cfgtildeexpand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read...

8.8CVSS7.5AI score0.0112EPSS
Exploits1References8
attackerkb
attackerkb
added 2022/07/26 10:15 p.m.16 views

CVE-2022-30275

The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cleartext password. It utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes. Access to these communications is protected by a password stored in cleartext in the wmdlcdrv.ini driver configuration...

7.5CVSS7.1AI score0.0048EPSS
Exploits0References3
attackerkb
attackerkb
added 2022/07/17 11:15 a.m.16 views

CVE-2022-2133

The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address...

5.3CVSS5.8AI score0.01128EPSS
Exploits2References2
attackerkb
attackerkb
added 2022/07/13 7:15 p.m.16 views

CVE-2022-20228

In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12...

6.5CVSS6.7AI score0.00555EPSS
Exploits0References2
attackerkb
attackerkb
added 2022/06/10 8:0 p.m.16 views

CVE-2022-25845

The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not...

9.8CVSS7.3AI score0.17767EPSS
Exploits5References8
attackerkb
attackerkb
added 2022/05/10 9:15 p.m.16 views

CVE-2022-22019

Remote Procedure Call Runtime Remote Code Execution Vulnerability...

8.8CVSS7.5AI score0.02493EPSS
Exploits0References3Affected Software26
attackerkb
attackerkb
added 2022/05/04 2:0 p.m.16 views

CVE-2022-29263

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, the BIG-IP Edge Client Component...

7.8CVSS5.9AI score0.002EPSS
Exploits0References2Affected Software2
attackerkb
attackerkb
added 2022/04/15 7:15 p.m.16 views

CVE-2022-26901

Microsoft Excel Remote Code Execution Vulnerability...

7.8CVSS5.9AI score0.02583EPSS
Exploits0References3Affected Software10
attackerkb
attackerkb
added 2022/04/01 11:15 p.m.16 views

CVE-2022-25159

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5UC CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series...

8.1CVSS6.9AI score0.02068EPSS
Exploits0References4
attackerkb
attackerkb
added 2022/03/24 10:15 p.m.16 views

CVE-2022-25575

Multiple cross-site scripting XSS vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, password, and verification code text boxes...

6.1CVSS5.6AI score0.00631EPSS
Exploits1References2
attackerkb
attackerkb
added 2022/03/15 10:15 p.m.16 views

CVE-2022-26212

Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceM...

9.8CVSS6.1AI score0.02806EPSS
Exploits1References2
attackerkb
attackerkb
added 2022/03/09 8:15 p.m.16 views

CVE-2022-22805

A CWE-120: Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series SMT Series ID=1015: UPS 04.5 and prior, SMC Series SM...

9.8CVSS8AI score0.11664EPSS
Exploits0References3
attackerkb
attackerkb
added 2022/03/09 5:15 p.m.16 views

CVE-2022-24455

Windows CD-ROM Driver Elevation of Privilege Vulnerability...

7.8CVSS7.1AI score0.00895EPSS
Exploits0References3Affected Software13
attackerkb
attackerkb
added 2022/03/07 1:15 p.m.16 views

CVE-2022-0756

Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5...

6.5CVSS5.4AI score0.00609EPSS
Exploits1References3
attackerkb
attackerkb
added 2022/02/21 11:15 a.m.16 views

CVE-2022-0252

The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.3AI score0.00866EPSS
Exploits2References3
attackerkb
attackerkb
added 2022/02/14 10:15 p.m.16 views

CVE-2021-46462

njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njsobjectsetprototype in /src/njsobject.c...

7.5CVSS7.2AI score0.01677EPSS
Exploits1References4
attackerkb
attackerkb
added 2022/02/04 2:15 a.m.16 views

CVE-2021-45998

D-Link device DIR882 DIR882FW1.30B06Hotfix02 was discovered to contain a command injection vulnerability in the LocalIPAddress parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request...

9.8CVSS8.2AI score0.03715EPSS
Exploits0References4
attackerkb
attackerkb
added 2021/12/28 2:15 p.m.16 views

CVE-2021-45903

A persistent cross-site scripting XSS issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268...

6.1CVSS5.4AI score0.01121EPSS
Exploits0References4
attackerkb
attackerkb
added 2021/06/11 12:0 a.m.16 views

CVE-2021-25395

A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

6.4CVSS6.6AI score0.00366EPSS
Exploits0References2
Total number of security vulnerabilities5000