Lucene search
K
AttackerkbMost viewed

75103 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.14 views

CVE-2026-8991

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dragndroptext' and 'dragndropbrowsetext' Settings in all versions up to, and including, 1.3.9.7 due to insufficient input sanitization and output escaping. This makes i...

4.4CVSS5.7AI score0.00214EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/03 1:28 p.m.14 views

CVE-2026-47325

ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth e.g., 12072000 for 12 July 2000. The application does not require or prompt users to change the password upon first login. This behavior...

6.9CVSS5.8AI score0.00291EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/03 3:56 a.m.14 views

CVE-2026-50052

In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...

2.3CVSS5.8AI score0.00349EPSS
Exploits0References2Affected Software3
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:3 p.m.14 views

CVE-2026-10621

Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directo...

5.9AI score0.00402EPSS
Exploits0References3Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:15 a.m.14 views

CVE-2026-10568

A vulnerability was detected in itsourcecode Fees Management System 1.0. Affected is an unknown function of the file /managepayment.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 1:56 a.m.14 views

CVE-2026-10510

Cross-Site Scripting XSS in GeniexWebView component in Transsion AI Assistant Lifestyle application com.transsion.aiassistantlifestyle all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted webactiondata URL parameter...

6.1AI score0.00155EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:15 p.m.14 views

CVE-2026-10297

A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /managecourse.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

6.5CVSS5.7AI score0.002EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.14 views

CVE-2025-59611

Memory corruption in diagnostic services due to absence of input validation...

6.7CVSS5.8AI score0.00079EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.14 views

CVE-2026-0086

In onCreate of DisableSupervisionActivity.kt, there is a possible way to delete supervision data due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00075EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.14 views

CVE-2026-0074

In getPreferredSize of LauncherProcessImageListener.kt, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.00071EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.14 views

CVE-2026-0056

In setTo of ResourceTypes.cpp, there is a possible read out of bounds due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS5.9AI score0.00069EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 6:26 p.m.14 views

CVE-2026-47294

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

8CVSS6AI score0.00638EPSS
Exploits0References2Affected Software3
ATTACKERKB
ATTACKERKB
added 2026/06/01 4:22 p.m.14 views

CVE-2026-46243

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcalltarget that cifs.upcall treats as kernel-originating inputs. However,...

5.8AI score0.00353EPSS
Exploits4References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 1:22 p.m.14 views

CVE-2026-42251

Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a...

8.7CVSS5.8AI score0.00356EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:4 a.m.14 views

CVE-2026-40547

SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files previously added through the backup functionality. Critically, due to CVE-2026-40543 Missing...

8.8CVSS5.8AI score0.00447EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:45 a.m.14 views

CVE-2026-7858

A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution...

9.8CVSS6.2AI score0.00543EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 4:45 a.m.14 views

CVE-2026-10225

A vulnerability was detected in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file logincheck.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:33 a.m.14 views

CVE-2026-48188

An improper Input Validation vulnerability in OTRS or OTRS Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/MariaDB server is configured with the NOBACKSLASHESCAPES SQL mode...

9.1CVSS5.9AI score0.00362EPSS
Exploits1References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:32 a.m.14 views

CVE-2026-48209

An improper neutralization of user-controllable input in OTRS or OTRS Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting XSS attacks via crafted request parameters associated with ticket actions. By injecting malicious JavaScript into...

7.1CVSS6AI score0.00219EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/01 12:0 a.m.14 views

CVE-2026-37220

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2SETUPREQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert. A remote unauthenticated attacker can crash the near-RT RIC port 36421...

5.8AI score0.00347EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/31 11:0 p.m.14 views

CVE-2026-10201

A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. The attack needs to be launched locally. The exploit has be...

4.8CVSS5.3AI score0.00112EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/31 3:30 p.m.14 views

CVE-2026-10190

A vulnerability was found in Tenda W12 3.0.0.74763. This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the argument webovertime results in denial of service. It is possible to launch the attack remotely. The...

7.1CVSS6.3AI score0.00368EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 2:0 p.m.14 views

CVE-2026-10186

A security vulnerability has been detected in code-projects Online Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patient.php. Such manipulation of the argument editid leads to sql injection. The attack can be executed remotely. The exploit...

7.5CVSS6.9AI score0.00269EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 9:0 a.m.14 views

CVE-2026-10176

A weakness has been identified in Aider-AI Aider 0.86.3. Affected by this issue is some unknown functionality of the component Code Generation Workflow. Executing a manipulation can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 6:45 a.m.14 views

CVE-2026-10172

A security flaw has been discovered in Bdtask Multi-Store Inventory Management System 1.0. The affected element is the function Upload of the file application/modules/dashboard/controllers/Module.php of the component Component Module. The manipulation of the argument module results in unrestricte...

6.5CVSS5.5AI score0.00206EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 5:45 a.m.14 views

CVE-2026-10171

A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public a...

5.8CVSS5.7AI score0.00206EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 3:0 a.m.14 views

CVE-2026-10165

A vulnerability was identified in Edimax BR-6478AC 1.23. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack may be...

9CVSS7.9AI score0.00472EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.14 views

CVE-2018-25424

Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form...

8.8CVSS5.9AI score0.0032EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.14 views

CVE-2018-25411

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 12:13 p.m.14 views

CVE-2026-46242

In the Linux kernel, the following vulnerability has been resolved: eventpoll: fix epremove struct eventpoll / struct file UAF epremove via epremovefile cleared file-fep under file-flock but then kept using @file inside the critical section isfileepoll, hlistdelrcu through the head, spinunlock. A...

7.8CVSS5.7AI score0.00125EPSS
Exploits3References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:15 p.m.14 views

CVE-2026-49383

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...

3.3CVSS5.8AI score0.00109EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:15 p.m.14 views

CVE-2026-49381

In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible...

3.4CVSS5.8AI score0.00205EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:15 p.m.14 views

CVE-2026-49374

In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters...

7.6CVSS5.8AI score0.00226EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:15 p.m.14 views

CVE-2026-49366

In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion...

7.8CVSS5.8AI score0.00455EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 3:41 p.m.14 views

CVE-2026-44962

Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged user to execute arbitrary operating system commands on the...

9.9CVSS6.1AI score0.00686EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 2:46 p.m.14 views

CVE-2018-25403

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to citygraph.php with crafted SQL payloads to extract sensitive database...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 1:48 p.m.14 views

CVE-2026-45609

mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol MCP security specifications. Specifically, it processes untrusted...

7.2CVSS5.8AI score0.00198EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 1:7 p.m.14 views

CVE-2026-45620

WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...

5.3CVSS5.8AI score0.00193EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 11:0 a.m.14 views

CVE-2025-41281

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is...

7.5CVSS6AI score0.00505EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 10:59 a.m.14 views

CVE-2025-41280

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal Zip Slip in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is enabled...

7.5CVSS6AI score0.00146EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 10:53 a.m.14 views

CVE-2025-41274

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.3CVSS6.1AI score0.0138EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:54 a.m.14 views

CVE-2026-9493

Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify the parameter of a specific query function to access other users' EC order details...

7.1CVSS5.8AI score0.00259EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/29 2:0 a.m.14 views

CVE-2026-8070

Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security...

7.3CVSS5.8AI score0.0009EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 12:0 a.m.14 views

CVE-2026-39292

Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder module that allows remote attackers to upload arbitrary files and achieve remote code execution. The vulnerability exists due to insufficient validation of uploaded file types...

6.3AI score0.00472EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/28 10:25 p.m.14 views

CVE-2026-9909

Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score0.00255EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:3 p.m.14 views

CVE-2026-44850

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer offers an environment-level Disable bind mounts for...

5.8AI score0.00206EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 8:17 p.m.14 views

CVE-2026-35266

Vulnerability in Oracle REST Data Services component: Core. Supported versions that are affected are 24.2.0-26.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks require human interaction...

7.9CVSS5.8AI score0.00115EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 7:7 p.m.14 views

CVE-2026-9039

A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...

8.6CVSS5.8AI score0.00185EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 6:34 p.m.14 views

CVE-2026-45041

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, crates/appauth/src/token.rs ships a 2048-bit RSA private key as a string constant named TESTPRIVATEKEY and uses it in production via parselicense to "verify" license tokens. Because the key is embedded in every...

8.7CVSS5.9AI score0.00239EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 6:27 p.m.14 views

CVE-2026-47330

Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug can be triggered by an unprivileged local user and can result in the incorrect caching of AppArmor notification responses...

3.3CVSS5.8AI score0.00092EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000