Lucene search
+L
AttackerkbMost viewed

75103 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/13 6:14 p.m.14 views

CVE-2026-0235

A race condition vulnerability in Palo Alto Networks Prisma® Browser enables a locally authenticated non-admin user to bypass certain access and data control policies...

5.8AI score0.0011EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 4:26 a.m.14 views

CVE-2026-7051

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...

5.4CVSS5.9AI score0.00409EPSS
Exploits0References15
ATTACKERKB
ATTACKERKB
added 2026/05/12 10:30 p.m.14 views

CVE-2026-44547

ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php by an unrelated PR before any 7.2.x tag was cut. Every shipped 7.2.x release...

9.6CVSS5.8AI score0.00209EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/12 9:37 p.m.14 views

CVE-2026-44301

Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...

8.6CVSS5.8AI score0.00274EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/12 4:59 p.m.14 views

CVE-2026-40401

Windows TCP/IP Denial of Service Vulnerability...

7.1CVSS5.8AI score0.00331EPSS
Exploits0References2Affected Software20
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:18 p.m.14 views

CVE-2026-7431

An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section...

7.8CVSS5.8AI score0.00284EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 11:2 a.m.14 views

CVE-2026-45214

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects Xpro Elementor Addons: from n/a through = 1.5.1...

8.5CVSS5.8AI score0.00223EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 8:21 a.m.14 views

CVE-2026-41125

A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M10 All versions, blueplanet 125 TL3 All versions, blueplanet...

6CVSS7.2AI score0.00155EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 5:46 a.m.14 views

CVE-2026-0804

An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker...

6.7CVSS5.8AI score0.00128EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/12 5:39 a.m.14 views

CVE-2026-1681

Issuing an ICMP ping via the net ping shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are...

6.1CVSS5.9AI score0.00144EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 5:15 a.m.14 views

CVE-2026-8276

A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysqlserver/mysqlserver.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires...

6.3CVSS5AI score0.00389EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/10 8:15 p.m.14 views

CVE-2026-45191

Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. Mask forms like "/00" and "/01" pass validation and parse to the same prefix as their unpadded value. See also CVE-2026-45190...

5.8AI score0.00311EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/09 7:38 p.m.14 views

CVE-2026-42256

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational...

6CVSS5.7AI score0.00299EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/08 11:1 p.m.14 views

CVE-2026-42456

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to-speech audio for another user's chat response within the same workspace...

4.3CVSS5.7AI score0.00301EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/08 12:0 a.m.14 views

CVE-2025-67886

Bitrix24 through 25.100.300 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privileged...

6AI score0.01028EPSS
Exploits3References6
ATTACKERKB
ATTACKERKB
added 2026/05/07 11:45 p.m.14 views

CVE-2026-8117

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects some unknown processing of the file /admin/index.php. Such manipulation of the argument page leads to cross site scripting. The attack may be launched remotely. The exploit has been...

5.3CVSS4.2AI score0.00269EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/07 7:41 p.m.14 views

CVE-2026-39820

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

5.8AI score0.00784EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/07 1:53 p.m.14 views

CVE-2026-41689

Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the webhook notification feature reuses an administrator-configured local-target allowlist for every logged-in user. Any normal user can fully control a webhook URL, headers, and body, then use...

6CVSS5.9AI score0.00176EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/07 1:51 p.m.14 views

CVE-2026-42011

A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities CAs only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate...

7.4CVSS5.8AI score0.00475EPSS
Exploits0References16
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:32 p.m.14 views

CVE-2026-40076

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST /openmrs/ws/rest/v1/module is vulnerable to a Zip Slip path traversal attack. During automatic extraction of uploaded .omod...

9.4CVSS6.5AI score0.00853EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/06 6:12 p.m.14 views

CVE-2026-7978

Inappropriate implementation in Companion in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. Chromium security severity: Medium...

5.8AI score0.00237EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/06 11:32 a.m.14 views

CVE-2025-71287

In the Linux kernel, the following vulnerability has been resolved: memory: mtk-smi: fix device leak on larb probe Make sure to drop the reference taken when looking up the SMI device during larb probe on late probe failure e.g. probe deferral and on driver unbind...

5.7AI score0.00128EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/06 11:28 a.m.14 views

CVE-2026-43225

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix memory leak on failure path cfg80211informbssframe may return NULL on failure. In that case, the allocated buffer 'buf' is not freed and the function returns early, leading to potential memory leak. Fix th...

5.9AI score0.00128EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/06 11:27 a.m.14 views

CVE-2026-43147

In the Linux kernel, the following vulnerability has been resolved: Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" This reverts commit 05703271c3cd "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV", which causes a deadlock by recursively takin...

5.5CVSS5.7AI score0.00095EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:40 a.m.14 views

CVE-2026-43097

In the Linux kernel, the following vulnerability has been resolved: PCI: hv: Fix double idafree in hvpciprobe error path If hvpciprobe fails after storing the domain number in hbus-bridge-domainnr, there is a call to free this domainnr via pcibusreleaseemuldomainnr, however, during cleanup, the...

5.7AI score0.0012EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:28 p.m.14 views

CVE-2026-34461

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGIDSBIEINIRUNSBIECTRL message is handled before normal sandbox and impersonation checks, and for non-sandbox...

7.3CVSS6.5AI score0.00172EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/05 4:45 a.m.14 views

CVE-2026-7823

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be launched remotely. The exploit has been released to the...

10CVSS7AI score0.01788EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/03 3:45 p.m.14 views

CVE-2026-7702

A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview Endpoint. The manipulation results in authorization bypass. It is possible to launch the attack...

6.9CVSS5.5AI score0.00314EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/23 11:12 a.m.14 views

CVE-2026-31531

In the Linux kernel, the following vulnerability has been resolved: ipv4: nexthop: allocate skb dynamically in rtmgetnexthop When querying a nexthop object via RTMGETNEXTHOP, the kernel currently allocates a fixed-size skb using NLMSGGOODSIZE. While sufficient for single nexthops and small...

5.6AI score0.00164EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/21 8:35 p.m.14 views

CVE-2026-34303

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQ...

6.5CVSS5.7AI score0.00303EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/17 8:56 p.m.14 views

CVE-2026-40302

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the proxyUi template engine uses Go's text/template which performs no HTML escaping instead of html/template. The GitHub OAuth callback handlers in both publicProxy and dynamicProxy embed the...

6.1CVSS5.8AI score0.00209EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/14 4:58 p.m.14 views

CVE-2026-32164

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows User Interface Core allows an authorized attacker to elevate privileges locally...

7.8CVSS5.9AI score0.00164EPSS
Exploits0References2Affected Software17
ATTACKERKB
ATTACKERKB
added 2026/04/13 9:52 p.m.14 views

CVE-2026-4786

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7CVSS5.8AI score0.00308EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/08 7:11 p.m.14 views

CVE-2026-23869

A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. The vulnerability is triggered ...

7.5CVSS7.3AI score0.01551EPSS
Exploits4References2Affected Software3
ATTACKERKB
ATTACKERKB
added 2026/04/08 12:43 p.m.14 views

CVE-2026-28261

Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading...

7.8CVSS5.8AI score0.00107EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.14 views

CVE-2026-39487

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ameliabooking Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through = 2.1.1...

5.9AI score0.00271EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/07 11:17 p.m.14 views

CVE-2026-5747

An out-of-bounds write issue in the virtio PCI transport in Firecracker 1.13.0 through 1.14.3 and 1.15.0 on x8664 and aarch64 might allow a local guest user with root privileges to crash the Firecracker VMM process or potentially execute arbitrary code on the host via modification of virtio queue...

8.7CVSS6.5AI score0.00208EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/07 7:58 p.m.14 views

CVE-2026-39356

Drizzle is a modern TypeScript ORM. Prior to 0.45.2 and 1.0.0-beta.20, Drizzle ORM improperly escaped quoted SQL identifiers in its dialect-specific escapeName implementations. In affected versions, embedded identifier delimiters were not escaped before the identifier was wrapped in quotes or...

7.5CVSS5.8AI score0.00392EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/03 9:18 p.m.14 views

CVE-2026-34980

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server...

6.1CVSS6AI score0.00502EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/02 4:57 p.m.14 views

CVE-2026-35388

OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions...

2.5CVSS5.8AI score0.0013EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/02 3:3 p.m.14 views

CVE-2026-33691

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

6.8CVSS5.7AI score0.02172EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/01 4:41 a.m.14 views

CVE-2026-5291

Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.9AI score0.00193EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:32 p.m.14 views

CVE-2026-33545

MobSF is a mobile application security testing tool used. Prior to version 4.4.6, MobSF's readsqlite function in mobsf/MobSF/utils.py lines 542-566 uses Python string formatting % to construct SQL queries with table names read from a SQLite database's sqlitemaster table. When a security analyst...

5.3CVSS5.9AI score0.00276EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 4:48 p.m.14 views

CVE-2026-33416

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In versions 1.2.1 through 1.6.55, pngsettRNS and pngsetPLTE each alias a heap-allocated buffer between pngstruct and pnginfo, sharing a single allocation acros...

7.5CVSS5.9AI score0.01052EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 10:22 a.m.14 views

CVE-2026-23398

In the Linux kernel, the following vulnerability has been resolved: icmp: fix NULL pointer dereference in icmptagvalidation icmptagvalidation unconditionally dereferences the result of rcudereferenceinetprotosproto without checking for NULL. The inetprotos array is sparse -- only about 15 of 256...

5.6AI score0.0012EPSS
Exploits2References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/25 11:49 p.m.14 views

CVE-2026-34055

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in library/pnotes.inc.php perform updates and deletes using WHERE id = ? without verifying that the note belongs to a patient the...

8.1CVSS5.9AI score0.00274EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/24 7:35 p.m.14 views

CVE-2026-33349

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a...

5.9CVSS5.7AI score0.00449EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/24 6:56 p.m.14 views

CVE-2026-33511

pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the localcheck decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...

8.8CVSS6AI score0.00422EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/23 4:26 a.m.14 views

CVE-2025-10736

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to unauthorized access of data due to improper authorization checks on the userAccessibility function in all versions up to, and including, 2.2.10. This...

6.5CVSS5.8AI score0.00171EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/20 7:59 p.m.14 views

CVE-2026-4437

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the...

5.8AI score0.00325EPSS
Exploits1References2Affected Software1
Total number of security vulnerabilities5000