Lucene search
+L
AttackerkbMost viewed

75301 matches found

attackerkb
attackerkb
added 2026/06/01 4:57 p.m.15 views

CVE-2026-45284

Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user OIDC after they where deleted. This issue has been patched in version 8.4.0...

4.6CVSS5.7AI score0.00193EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/06/01 7:22 a.m.15 views

CVE-2026-45505

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

8.8CVSS7.2AI score0.96666EPSS
Exploits13References3Affected Software3
attackerkb
attackerkb
added 2026/06/01 7:17 a.m.15 views

CVE-2026-27788

Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege...

8.5CVSS7.1AI score0.00097EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/05/31 11:45 p.m.15 views

CVE-2026-10204

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/05/31 9:11 p.m.15 views

CVE-2026-48210

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend This issue...

5.7CVSS5.8AI score0.00248EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/05/31 2:30 a.m.15 views

CVE-2026-10164

A vulnerability was found in Edimax BR-6478AC 1.23. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. The manipulation of the argument ShareName/SelectName results in buffer overflow. The attack can be executed remotely. The exploit ha...

9CVSS7.7AI score0.00463EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/05/31 2:15 a.m.15 views

CVE-2026-10163

A vulnerability has been found in Edimax BR-6478AC 1.23. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. The manipulation of the argument UserName/Password leads to buffer overflow. Remote exploitation of the attack is...

9CVSS7.5AI score0.00463EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/05/30 2:55 p.m.15 views

CVE-2018-25419

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers can send GET requests to genre.php with crafted SQL payloads in the genre parameter to extract...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/05/30 2:55 p.m.15 views

CVE-2018-25414

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers can send GET requests to actor.php with crafted SQL payloads in the actor parameter to extract...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/05/29 7:51 p.m.15 views

CVE-2026-47123

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent user replies based on In-Reply-To / References headers. The notification reply path...

7.5CVSS5.9AI score0.00145EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/05/29 7:49 p.m.15 views

CVE-2026-48557

Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer. The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo preserving inner .php...

8.8CVSS5.8AI score0.0044EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/05/29 6:7 p.m.15 views

CVE-2026-44518

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a signature...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/05/29 5:6 p.m.15 views

CVE-2026-47179

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because...

7.7CVSS6AI score0.00307EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/05/29 4:41 p.m.15 views

CVE-2026-6824

A stored cross-site scripting XSS vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend. When administrators o...

8.4CVSS5.7AI score0.00373EPSS
Exploits0References4Affected Software3
attackerkb
attackerkb
added 2026/05/29 4:13 p.m.15 views

CVE-2026-45631

Dokploy is a free, self-hostable Platform as a Service PaaS. From 0.27.0 to before 0.29.3, a hardcoded BETTERAUTHSECRET fallback "better-auth-secret-123456789" lets an unauthenticated attacker forge email verification JWTs, trigger auto-sign-in as admin, and execute commands on the host via the...

10CVSS5.9AI score0.00351EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/05/29 1:30 p.m.15 views

CVE-2026-10061

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor...

6.5CVSS6.3AI score0.0501EPSS
Exploits1References4Affected Software1
attackerkb
attackerkb
added 2026/05/29 1:24 p.m.15 views

CVE-2026-45615

mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c specifically INTEGERoer.c. When parsing a maliciously crafted, zero-length OER payload for a variable-length, non-negative INTEGER type, th...

8.2CVSS5.9AI score0.00197EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/05/29 8:15 a.m.15 views

CVE-2026-49196

The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands...

8.6CVSS6AI score0.0037EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/28 8:59 p.m.15 views

CVE-2026-44883

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens passed...

5.8AI score0.00316EPSS
Exploits1References2Affected Software1
attackerkb
attackerkb
added 2026/05/28 8:17 p.m.15 views

CVE-2026-46822

Vulnerability in the Oracle iAssets product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iAssets. While the...

9.9CVSS5.8AI score0.00283EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/05/28 8:17 p.m.15 views

CVE-2026-34311

Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications component: Opera. Supported versions that are affected are 5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6 and 5.6.28. Easily exploitable vulnerability allows unauthenticated attacker with network...

9.8CVSS5.8AI score0.00461EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/05/28 2:50 p.m.15 views

CVE-2026-48156

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W 0 0 0 values and large /Size values. This vulnerability is fixed in 6.12.0...

5.1CVSS5.8AI score0.00124EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/05/28 9:36 a.m.15 views

CVE-2026-46190

In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: debugfs: fix out-of-bounds read in spinorparamsshow Sashiko noticed an out-of-bounds read 1. In spinorparamsshow, the snorfnames array is passed to spinorprintflags using sizeofsnorfnames. Since snorfnames is an arr...

7.1CVSS5.8AI score0.00131EPSS
Exploits0References7Affected Software1
attackerkb
attackerkb
added 2026/05/28 9:36 a.m.15 views

CVE-2026-46168

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix scheduling with atomic in timestamp sockopt Using locksockfast atomic context around socksettimestamp and socksettimestamping is unsafe, as both helpers can sleep. Replace locksockfast with sleepable locksock/releaseso...

5.8AI score0.00128EPSS
Exploits0References8Affected Software1
attackerkb
attackerkb
added 2026/05/28 9:36 a.m.15 views

CVE-2026-46166

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use safe list iteration in radar detect work The call to ieee80211dfscaccancel can cause the iterated chanctx to be freed and removed from the list. Guard against this to avoid a slab-use-after-free error...

5.8AI score0.00203EPSS
Exploits0References5Affected Software1
attackerkb
attackerkb
added 2026/05/28 8:27 a.m.15 views

CVE-2026-4334

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headline' parameter in the shariff shortcode in all versions up to, and including, 4.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS6AI score0.00222EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/05/28 8:15 a.m.15 views

CVE-2026-9804

A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link symlink within an exported filesystem Persistent Volume Claim PVC that points...

7.7CVSS5.8AI score0.00516EPSS
Exploits0References8
attackerkb
attackerkb
added 2026/05/28 7:25 a.m.15 views

CVE-2026-4408

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

9.8CVSS5.9AI score0.02501EPSS
Exploits0References18
attackerkb
attackerkb
added 2026/05/28 4:42 a.m.15 views

CVE-2026-9801

A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password...

4.9CVSS5.8AI score0.00476EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/05/28 12:2 a.m.15 views

CVE-2026-8915

Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31...

8.8CVSS5.8AI score0.00324EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/28 12:0 a.m.15 views

CVE-2026-38707

A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target device...

5.8AI score0.01243EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/27 4:45 p.m.15 views

CVE-2026-4391

A security vulnerability has been detected in TeamSpeak 3 Server up to 3.13.7. This vulnerability affects unknown code of the component ECC Key Parser. Such manipulation leads to heap-based buffer overflow. The attack may be launched remotely. Upgrading to version 3.13.8 is able to resolve this...

6.9CVSS6.2AI score0.0042EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/05/27 3:47 p.m.15 views

CVE-2026-44321

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly into...

7.5CVSS5.8AI score0.00364EPSS
Exploits1References5Affected Software1
attackerkb
attackerkb
added 2026/05/27 3:46 p.m.15 views

CVE-2026-44322

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF PATCH /3gpp-pfd-management/v1/afId/transactions/transId/applications/appId handler panics with a nil-pointer dereference when the upstream UDR call fails AND the consumer wrapper returns err != nil...

7.5CVSS5.8AI score0.0039EPSS
Exploits1References5Affected Software1
attackerkb
attackerkb
added 2026/05/27 3:36 p.m.15 views

CVE-2026-44330

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can use a forged or arbitrary bearer token e.g. Authorization...

10CVSS5.9AI score0.00287EPSS
Exploits1References2Affected Software1
attackerkb
attackerkb
added 2026/05/27 3:10 p.m.15 views

CVE-2026-44353

Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file...

6.5CVSS5.8AI score0.00345EPSS
Exploits1References2Affected Software1
attackerkb
attackerkb
added 2026/05/27 2:59 p.m.15 views

CVE-2026-45570

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. A repository path containin...

2.3CVSS5.8AI score0.00365EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/05/27 12:58 p.m.15 views

CVE-2026-46094

In the Linux kernel, the following vulnerability has been resolved: ext4: fix bounds check in checkxattrs to prevent out-of-bounds access The bounds check for the next xattr entry in checkxattrs uses void next = end, which allows next to point within sizeofu32 bytes of end. On the next loop...

5.7AI score0.00125EPSS
Exploits0References6Affected Software1
attackerkb
attackerkb
added 2026/05/27 12:58 p.m.15 views

CVE-2026-46092

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: check for PCI upstream bridge existence pciupstreambridge returns NULL if the device is on a root bus. If 8821CE is installed in the system with such a PCI topology, the probing routine will crash. This has probably...

5.8AI score0.00118EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/05/27 12:58 p.m.15 views

CVE-2026-46086

In the Linux kernel, the following vulnerability has been resolved: net: bridge: use a stable FDB dst snapshot in RCU readers Local FDB entries can be rewritten in place by fdbdeletelocal, which updates f-dst to another port or to NULL while keeping the entry alive. Several bridge RCU readers...

5.7AI score0.00123EPSS
Exploits0References9Affected Software1
attackerkb
attackerkb
added 2026/05/27 8:43 a.m.15 views

CVE-2025-66592

An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...

6.1CVSS5.9AI score0.00086EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/27 8:25 a.m.15 views

CVE-2023-52945

Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors...

7.8CVSS6.2AI score0.00139EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/27 5:31 a.m.15 views

CVE-2026-8707

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6AI score0.00211EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/05/26 9:29 p.m.15 views

CVE-2026-42015

A flaw was found in gnutls. An off-by-one error exists in the PKCS12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of...

5.3CVSS5.8AI score0.00727EPSS
Exploits0References15
attackerkb
attackerkb
added 2026/05/26 7:47 p.m.15 views

CVE-2026-44843

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths may call load with...

8.2CVSS6AI score0.00406EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/05/26 7:40 p.m.15 views

CVE-2026-44837

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

5.9CVSS5.8AI score0.00412EPSS
Exploits1References2Affected Software1
attackerkb
attackerkb
added 2026/05/26 5:48 p.m.15 views

CVE-2026-44728

Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. This vulnerability is fixed in 7.29.4 and...

8.2CVSS6AI score0.00125EPSS
Exploits0References2Affected Software2
attackerkb
attackerkb
added 2026/05/26 5:45 p.m.15 views

CVE-2026-9567

A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isomintern.c of the component MP4Box. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been released to the publ...

4.8CVSS5.3AI score0.00115EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/05/26 5:31 p.m.15 views

CVE-2026-9170

IBM HTTP Server 8.5, and 9.0...

7.5CVSS5.8AI score0.00488EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/05/26 5:16 p.m.15 views

CVE-2026-24182

NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could leak held driver locks. A successful exploit of this vulnerability might lead to denial of service...

6.5CVSS5.8AI score0.00125EPSS
Exploits0References4Affected Software3
Total number of security vulnerabilities5000