Lucene search
+L
AttackerkbMost viewed

75202 matches found

attackerkb
attackerkb
added 2026/05/06 6:13 p.m.15 views

CVE-2026-7986

Insufficient policy enforcement in Autofill in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.00157EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/05/06 11:28 a.m.15 views

CVE-2026-43201

In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ARM processor Error: don't go past allocated memory If the BIOS generates a very small ARM Processor Error, or an incomplete one, the current logic will fail to deferrence err-sectionlength and ctxinfo-size Add checks ...

5.5CVSS5.7AI score0.00127EPSS
Exploits0References5Affected Software1
attackerkb
attackerkb
added 2026/05/06 11:27 a.m.15 views

CVE-2026-43147

In the Linux kernel, the following vulnerability has been resolved: Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" This reverts commit 05703271c3cd "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV", which causes a deadlock by recursively takin...

5.5CVSS5.7AI score0.00095EPSS
Exploits0References9Affected Software1
attackerkb
attackerkb
added 2026/05/05 9:29 p.m.15 views

CVE-2026-28780

Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...

5.8AI score0.01376EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/04/29 8:22 a.m.15 views

CVE-2026-42515

This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in the API request URL to gain unauthorized access to sensitive information of patients on the targeted system...

7.1CVSS5.3AI score0.00226EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/04/28 7:0 p.m.15 views

CVE-2026-7303

A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improp...

6.3CVSS4.3AI score0.00418EPSS
Exploits0References7Affected Software1
attackerkb
attackerkb
added 2026/04/28 6:45 a.m.15 views

CVE-2026-4911

The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe function passing user-controlled $POST'amount' directly to the Stripe PaymentIntent API without validation, and the commitStripe function ignori...

5.3CVSS5.7AI score0.00308EPSS
Exploits0References11
attackerkb
attackerkb
added 2026/04/27 11:45 p.m.15 views

CVE-2026-7202

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The...

10CVSS8.1AI score0.02448EPSS
Exploits0References5Affected Software1
attackerkb
attackerkb
added 2026/04/27 11:0 a.m.15 views

CVE-2026-5938

Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service...

5.5CVSS5.2AI score0.00103EPSS
Exploits0References2Affected Software2
attackerkb
attackerkb
added 2026/04/21 11:34 p.m.15 views

CVE-2026-41129

Craft CMS is a content management system CMS. Versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14 are vulnerable to Server-Side Request Forgery. The exploitation requires a few permissions to be enabled in the used GraphQL schema: "Edit assets in the volume" and "Create...

7CVSS5.7AI score0.00275EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/04/19 10:0 p.m.15 views

CVE-2026-6579

A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the...

6.9CVSS5.4AI score0.00433EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/04/15 6:58 p.m.15 views

CVE-2026-40915

A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel...

5.5CVSS6.2AI score0.00375EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/04/07 7:13 p.m.15 views

CVE-2026-39365

Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s handling of .map requests for optimized dependencies resolves file paths and calls readFile without restricting ../ segments in the URL. As a result, it is possible to bypass the...

6.3CVSS5.9AI score0.00914EPSS
Exploits1References2Affected Software2
attackerkb
attackerkb
added 2026/04/07 3:14 p.m.15 views

CVE-2025-24819

Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application...

5.9AI score0.00211EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/04/03 10:4 p.m.15 views

CVE-2026-34052

LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send...

5.9CVSS5.8AI score0.00329EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/04/02 1:4 p.m.15 views

CVE-2026-2699

Customer Managed ShareFile Storage Zones Controller SZC allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution...

9.8CVSS6.1AI score0.49424EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/04/02 11:45 a.m.15 views

CVE-2026-5327

A security flaw has been discovered in efforthye fast-filesystem-mcp up to 3.5.1. The affected element is the function handleGetDiskUsage of the file src/index.ts. Performing a manipulation results in command injection. The attack is possible to be carried out remotely. The exploit has been...

6.5CVSS6.3AI score0.0111EPSS
Exploits0References6Affected Software1
attackerkb
attackerkb
added 2026/04/02 8:59 a.m.15 views

CVE-2026-33615

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability...

9.1CVSS6.1AI score0.00415EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/03/29 8:50 p.m.15 views

CVE-2026-4176

Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of...

9.8CVSS5.9AI score0.00676EPSS
Exploits1References7Affected Software1
attackerkb
attackerkb
added 2026/03/25 1:25 p.m.15 views

CVE-2026-1519

If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries see:...

7.5CVSS5.8AI score0.01545EPSS
Exploits0References5Affected Software1
attackerkb
attackerkb
added 2026/03/25 10:26 a.m.15 views

CVE-2026-23279

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL pointer dereference in meshrxcsaframe In meshrxcsaframe, elems-meshchanswparamsie is dereferenced at lines 1638 and 1642 without a prior NULL check: ifmsh-chswttl = elems-meshchanswparamsie-meshttl;...

5.6AI score0.00136EPSS
Exploits0References9Affected Software1
attackerkb
attackerkb
added 2026/03/24 6:40 p.m.15 views

CVE-2026-33768

Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads the x-astro-path header and xastropath query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel...

6.5CVSS5.8AI score0.00331EPSS
Exploits1References5Affected Software1
attackerkb
attackerkb
added 2026/03/24 6:38 p.m.15 views

CVE-2026-29772

Astro is a web framework. Prior to version 10.0.0, Astro's Server Islands POST handler buffers and parses the full request body as JSON without enforcing a size limit. Because JSON.parse allocates a V8 heap object for every element in the input, a crafted payload of many small JSON objects achiev...

5.9CVSS5.8AI score0.0037EPSS
Exploits1References2Affected Software1
attackerkb
attackerkb
added 2026/03/20 8:5 p.m.15 views

CVE-2026-33142

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the fix for CVE-2026-32306 ClickHouse SQL injection via aggregate query parameters added column name validation to the aggregateBy method but did not apply the same validation to three other query...

9.9CVSS5.9AI score0.00603EPSS
Exploits1References2Affected Software1
attackerkb
attackerkb
added 2026/03/20 8:31 a.m.15 views

CVE-2026-33072

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key defaultpleasechangethiskey is used for all cryptographic operations — HMAC token generation, AES config encryption, and session tokens — allowing any unauthenticated attacker...

8.2CVSS5.9AI score0.00225EPSS
Exploits1References3Affected Software1
attackerkb
attackerkb
added 2026/03/15 1:35 p.m.15 views

CVE-2016-20026

ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attackers to access the manager application. Attackers can authenticate with hardcoded credentials stored in tomcat-users.xml to upload malicious WAR archives containing JSP...

6.1AI score0.0078EPSS
Exploits1References5Affected Software1
attackerkb
attackerkb
added 2026/03/13 9:10 p.m.15 views

CVE-2026-26133

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network...

7.1CVSS5.8AI score0.00433EPSS
Exploits0References2Affected Software20
attackerkb
attackerkb
added 2026/03/07 3:3 p.m.15 views

CVE-2026-29186

Backstage is an open framework for building developer portals. Prior to version 1.14.3, this is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the...

7.7CVSS5.9AI score0.00782EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/03/06 9:28 p.m.15 views

CVE-2026-25679

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...

5.8AI score0.0052EPSS
Exploits0References5Affected Software1
attackerkb
attackerkb
added 2026/03/06 8:26 p.m.15 views

CVE-2026-30229

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.6 and 9.5.0-alpha.4, the readOnlyMasterKey can call POST /loginAs to obtain a valid session token for any user. This allows a read-only credential to impersonate arbitrary...

8.5CVSS5.8AI score0.00388EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/03/02 12:0 a.m.15 views

CVE-2025-70252

An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23multi. The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is worth noting that there is no size check,which leads to a stack overflow vulnerability...

7.5CVSS6AI score0.00447EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/02/17 8:46 p.m.15 views

CVE-2026-23597

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well...

6.5CVSS5.5AI score0.00247EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/02/16 1:2 a.m.15 views

CVE-2026-2526

A vulnerability was found in Wavlink WL-WN579A3 up to 20210219. This impacts the function multissid of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument SSID2G2 results in command injection. The attack may be initiated remotely. The exploit has been made public and could b...

6.5CVSS5.4AI score0.07918EPSS
Exploits1References4Affected Software1
attackerkb
attackerkb
added 2026/02/14 6:42 a.m.15 views

CVE-2026-0736

The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'inpostheadscriptsynthheaderscript' post meta field in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible fo...

6.4CVSS5.7AI score0.00255EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/02/06 9:49 p.m.15 views

CVE-2026-1731

BeyondTrust Remote Support RS and certain older versions of Privileged Remote Access PRA contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the...

9.9CVSS8.1AI score0.88115EPSS
Exploits22References4
attackerkb
attackerkb
added 2026/02/04 10:42 a.m.15 views

CVE-2026-0873

On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with knowledge to elevate his account to global administrator...

7CVSS5.5AI score0.00238EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/01/29 9:33 p.m.15 views

CVE-2026-25040

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or Ap...

7.1CVSS5.9AI score0.00523EPSS
Exploits1References4Affected Software1
attackerkb
attackerkb
added 2026/01/27 9:13 a.m.15 views

CVE-2026-24345

Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI...

6.8CVSS5.9AI score0.0014EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/01/23 2:28 p.m.15 views

CVE-2026-24578

Missing Authorization vulnerability in Jahid Hasan Admin login URL Change admin-login-url-change allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin login URL Change: from n/a through = 1.1.5...

4.3CVSS5.9AI score0.00185EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/01/22 3:21 p.m.15 views

CVE-2025-32056

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified o...

4CVSS5.5AI score0.00318EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/01/20 5:55 p.m.15 views

CVE-2025-33231

NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s DLL loading mechanism where an attacker could cause an uncontrolled search path element by exploiting insecure DLL search paths. A successful exploit of this vulnerability might lead to code execution, escalation of...

6.7CVSS5.6AI score0.00156EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/01/19 8:32 p.m.15 views

CVE-2026-1175

A vulnerability was identified in birkir prime up to 0.4.0.beta.0. This impacts an unknown function of the file /graphql of the component GraphQL Directive Handler. Such manipulation leads to information exposure through error message. The attack may be performed from remote. The exploit is...

7.5CVSS5AI score0.00417EPSS
Exploits1References5Affected Software1
attackerkb
attackerkb
added 2026/01/16 12:47 p.m.15 views

CVE-2026-0615

The Librarian supervisord status page can be retrieved by the webfetch tool, which can be used to retrieve running processes within TheLibrarian backend. The vendor has fixed the vulnerability in all affected versions...

7.3CVSS5.7AI score0.00249EPSS
Exploits0References3
attackerkb
attackerkb
added 2025/05/20 6:15 p.m.15 views

CVE-2025-22157

This High severity PrivEsc Privilege Escalation vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server This PrivEsc Privilege Escalation vulnerability, wi...

8.8CVSS5.8AI score0.00612EPSS
Exploits0References4Affected Software4
attackerkb
attackerkb
added 2025/05/02 4:15 p.m.15 views

CVE-2023-53120

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix config page DMA memory leak A fix for: DMA-API: pci 0000:83:00.0: device driver has pending DMA allocations while released from device count=1...

5.5CVSS6.3AI score0.00163EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2025/04/25 3:15 p.m.15 views

CVE-2025-32432

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity...

10CVSS7.6AI score0.99803EPSS
Exploits24References8Affected Software1
attackerkb
attackerkb
added 2025/04/14 7:15 p.m.15 views

CVE-2025-1782

In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an attacker to do anything as the web server user. This flaw requires the attacker to be authenticated...

9.9CVSS6AI score0.00498EPSS
Exploits0References2Affected Software2
attackerkb
attackerkb
added 2025/04/03 2:15 p.m.15 views

CVE-2025-30889

Deserialization of Untrusted Data vulnerability in PickPlugins Testimonial Slider testimonial allows Object Injection.This issue affects Testimonial Slider: from n/a through = 2.0.13...

8.8CVSS7.2AI score0.0045EPSS
Exploits0References3
attackerkb
attackerkb
added 2025/03/04 12:0 a.m.15 views

CVE-2024-48248

NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials. Recent assessments: Assessed Attacker Value: 0 Assesse...

8.6CVSS8AI score0.9408EPSS
Exploits2References3
attackerkb
attackerkb
added 2025/03/03 12:0 a.m.15 views

CVE-2025-0289

Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service. Recent assessments: Assessed...

7.8CVSS7.6AI score0.00318EPSS
Exploits0References4
Total number of security vulnerabilities5000