Lucene search
K
AttackerkbMost viewed

75081 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/08 2:30 a.m.13 views

CVE-2026-11480

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. Impacted is an unknown function of the file beike/Admin/Routes/admin.php of the component Admin Design Builder Endpoint. Performing a manipulation of the argument settings.value results in sql injection. I...

6.5CVSS6.3AI score0.002EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.13 views

CVE-2026-8978

The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

4.9CVSS5.8AI score0.00259EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/05 11:31 a.m.13 views

CVE-2026-11346

A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...

5.3CVSS5.6AI score0.00226EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:6 p.m.13 views

CVE-2026-11274

Inappropriate implementation in DOM Distiller in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.5AI score0.00175EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.13 views

CVE-2026-11191

Out of bounds memory access in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00272EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.13 views

CVE-2026-11177

Use after free in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00234EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/03 3:49 p.m.13 views

CVE-2026-46248

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: clear stale link mapping of ahvif-linksmap When an arvif is initialized in non-AP STA mode but MLO connection preparation fails before the arvif is created arvif-iscreated remains false, the error path attempts to...

5.7AI score0.00121EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/03 10:40 a.m.13 views

CVE-2026-35080

The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS6AI score0.0037EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 11:27 p.m.13 views

CVE-2026-9732

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/02 11:2 p.m.13 views

CVE-2026-40108

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue has been fixed in version 11.0.7...

7.1CVSS5.7AI score0.00268EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 8:36 p.m.13 views

CVE-2026-45289

CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens Cloudburst/Protocol. This vulnerability impacts publicly accessible software...

5.3CVSS5.8AI score0.0014EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 8:34 p.m.13 views

CVE-2026-49144

BrowserStack Runner through 0.9.5 contains a path traversal vulnerability in the default HTTP handler in lib/server.js that allows unauthenticated network-adjacent attackers to read arbitrary files. Attackers can exploit the unauthenticated HTTP server bound on all interfaces to traverse outside...

7.1CVSS5.9AI score0.00208EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:0 p.m.13 views

CVE-2026-10617

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...

7.5CVSS6.5AI score0.00399EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:30 p.m.13 views

CVE-2026-5076

The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...

9.8CVSS5.9AI score0.01383EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:29 p.m.13 views

CVE-2026-44367

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service DoS and complete account...

2.7CVSS5.7AI score0.00236EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:25 p.m.13 views

CVE-2026-45681

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can...

5.9CVSS5.8AI score0.00287EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 10:41 a.m.13 views

CVE-2026-42670

Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14...

5.8AI score0.00252EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 8:31 a.m.13 views

CVE-2026-34906

Server-Side Template Injection SSTI in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution RCE. In the endpoint redirectToUrl and parameter redirectUrlParameter, insufficient input validation permits injection of arbitrary template expressions that are executed ...

9.3CVSS6AI score0.00557EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/01 11:15 p.m.13 views

CVE-2026-10301

A vulnerability was detected in itsourcecode Fees Management System 1.0. The affected element is an unknown function of the file index.php. Performing a manipulation of the argument page results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...

5.3CVSS4.3AI score0.00273EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.13 views

CVE-2026-0098

In getCallingPackageName of Shared.java, there is a possible way to bypass activity start restrictions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00068EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.13 views

CVE-2026-0070

In multiple functions of DevicePolicyManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.00071EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.13 views

CVE-2026-0045

In btajvrfcommconnect of btajvact.cc, there is a possible bypass of bonding for a secure connection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00083EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 5:8 p.m.13 views

CVE-2026-45690

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed attackers with knowledge of a user's password to circumvent two-factor authentication 2FA protections...

5.9CVSS5.7AI score0.0029EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 2:54 p.m.13 views

CVE-2026-42680

Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1...

9.8CVSS5.8AI score0.00331EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 11:45 a.m.13 views

CVE-2026-10254

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/. This manipulation causes file and directory information exposure. The attack can be initiated remotely. The exploit has been published and may be used...

6.9CVSS5.8AI score0.00329EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:4 a.m.13 views

CVE-2026-40549

SOPlanning is vulnerable to Cross‑Site Request Forgery CSRF in groupesave create, modify and delete endpoints. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged GET or POST request to the application. This issue affects SOPlanning...

5.1CVSS5.8AI score0.00182EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:52 a.m.13 views

CVE-2026-41017

Apache Airflow's JWTRefreshMiddleware set the JWT auth cookie without the Secure flag, so deployments running the Airflow API server behind an HTTPS-terminating reverse proxy e.g. nginx / Envoy / a managed load balancer that terminates TLS and forwards plaintext to the API server, the default...

5.9AI score0.00265EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:17 a.m.13 views

CVE-2026-32325

Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege...

8.5CVSS7.1AI score0.00097EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 5:15 a.m.13 views

CVE-2026-10227

A vulnerability has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file addusercheck.php of the component User Creation Handler. The manipulation of the argument role leads to sql injectio...

7.5CVSS6.7AI score0.00263EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 12:30 a.m.13 views

CVE-2026-10208

A flaw has been found in code-projects Online Hospital Management System 1.php. This impacts the function loginuser of the file login1.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 12:15 a.m.13 views

CVE-2026-10206

A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a manipulation of the argument str results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used...

9CVSS7.7AI score0.005EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 12:0 a.m.13 views

CVE-2025-70099

A NULL pointer dereference in the ext4direngetnamelen function in include/ext4dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the...

5.9AI score0.0035EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/31 10:15 p.m.13 views

CVE-2026-10198

A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit ha...

4.8CVSS5.3AI score0.00113EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/31 10:0 p.m.13 views

CVE-2026-10197

A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null pointer dereference. The attack is only possible with local...

4.8CVSS5.4AI score0.00115EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/31 3:45 p.m.13 views

CVE-2026-10191

A vulnerability was determined in Tenda W12 3.0.0.74763. Impacted is the function cgiWifiMacFilterSet of the file /bin/httpd. This manipulation of the argument wifiMacFilterSet.macList.mac causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly...

9CVSS7.9AI score0.00476EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 12:45 p.m.13 views

CVE-2026-10181

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSysCmd of the file /goform/formSysCmd. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made...

9CVSS7.8AI score0.00472EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 11:15 a.m.13 views

CVE-2026-10180

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSysCmd of the file /goform/formSysCmd. Such manipulation of the argument sysCmd leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and ma...

6.5CVSS6.3AI score0.0105EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 8:0 a.m.13 views

CVE-2026-10174

A vulnerability was identified in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-commit-verify leads to protection mechanism failure. The attack may be launched remotely. The exploit ...

6.5CVSS5.6AI score0.00228EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 4:0 a.m.13 views

CVE-2026-10168

A security vulnerability has been detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected is the function marks of the file application/controllers/Parents.php. The manipulation of the argument param1 leads to improper control...

6.5CVSS6.3AI score0.00243EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/31 3:15 a.m.13 views

CVE-2026-10166

A vulnerability was determined in Edimax BR-6478AC 1.23. The affected element is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack is possible to be carried out remotely...

6.5CVSS6.4AI score0.01072EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.13 views

CVE-2018-25418

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the year parameter. Attackers can send GET requests to year.php with crafted SQL payloads in the year parameter to extract sensiti...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.13 views

CVE-2018-25416

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extrac...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 11:0 a.m.13 views

CVE-2026-10116

A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogssbixactadd in the library /lib/core/ogs-timer.c of the component ue-authentications Endpoint. Performing a manipulation results in denial of service. The attack may be initiated remotely. The...

5.3CVSS5.4AI score0.00391EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/30 9:29 a.m.13 views

CVE-2026-7465

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server...

8.8CVSS6.1AI score0.01174EPSS
Exploits3References7
ATTACKERKB
ATTACKERKB
added 2026/05/30 1:50 a.m.13 views

CVE-2026-48840

Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client...

5.3CVSS5.8AI score0.00264EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 9:19 p.m.13 views

CVE-2026-9831

A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issu...

6.3CVSS5.8AI score0.00172EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:35 p.m.13 views

CVE-2026-46599

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...

5.8AI score0.00353EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:30 p.m.13 views

CVE-2026-45151

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quicstreamrecv can dereference a null substream pointer when a substream is in reopen state. The code finishes the AIO with error but does not return before locking c-mtx...

6.3CVSS5.9AI score0.00227EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:7 p.m.13 views

CVE-2026-45613

Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47...

3.3CVSS5.8AI score0.00111EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:15 p.m.13 views

CVE-2026-49377

In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters...

4.3CVSS5.8AI score0.00669EPSS
Exploits0References2
Total number of security vulnerabilities5000