Lucene search
K
AttackerkbMost viewed

75017 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/28 3:32 p.m.13 views

CVE-2026-24444

SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints mgmt.php, npcmd.php that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the...

9.8CVSS5.8AI score0.00535EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:36 a.m.13 views

CVE-2026-46194

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix nodecnt race between extent node destroy and writeback f2fsdestroyextentnode does not set FINOEXTENT before clearing extent nodes. When called from f2fsdropinode with ISYNC set, concurrent kworker writeback can insert n...

5.7AI score0.00093EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:36 a.m.13 views

CVE-2026-46152

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rxresult ieee80211invokefastrx is documented as safe for parallel RX, but its per-invocation rxresult is declared static. Concurrent callers then share one instance and can overwri...

5.8AI score0.00167EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:36 a.m.13 views

CVE-2026-46151

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblpctrlmsg collapses the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GETDEVICE...

5.8AI score0.00123EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 7:43 a.m.13 views

CVE-2026-9015

The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

4.3CVSS5.8AI score0.003EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:44 a.m.13 views

CVE-2026-9794

A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP Security Assertion Markup Language Enhanced Client or Proxy endpoint with varying client IDs. By observing distinct faultstrings in the...

5.3CVSS5.7AI score0.00331EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:27 a.m.13 views

CVE-2026-9228

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the actiongeteventdata due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/28 12:0 a.m.13 views

CVE-2026-38703

A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target...

5.8AI score0.01243EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:18 p.m.13 views

CVE-2026-44711

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7...

7.9CVSS5.8AI score0.00166EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:49 p.m.13 views

CVE-2026-8359

When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBinLoadHttpModule function in the dll would be called to set up a "module" object for that module. However, WOSHttpStatusModule.dll is not prese...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 6:33 p.m.13 views

CVE-2026-9759

ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service...

5.5CVSS5.8AI score0.00092EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:16 p.m.13 views

CVE-2026-44521

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.68, an authenticated SQL injection vulnerability in the elFinder MySQL volume driver elFinderVolumeMySQL allows any logged-in user, including users with read-only access to the affected volume, to...

8.8CVSS5.9AI score0.00243EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 4:31 p.m.13 views

CVE-2026-42328

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.23.0, the DAG-CBOR and DAG-JSON decoders recurse on each nested map or list...

6.2CVSS5.9AI score0.0012EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 3:52 p.m.13 views

CVE-2026-44316

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler HandleCreateSmPolicyRequest panics with a nil-pointer dereference when a downstream OpenAPI consumer call UDR lookup returns 404 Not Found and the...

7.5CVSS5.8AI score0.00404EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 3:45 p.m.13 views

CVE-2026-44323

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one...

4.3CVSS5.8AI score0.0035EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:35 p.m.13 views

CVE-2026-9712

When creating an export through the pretix API, API clients are returned an UUID value for their export job a long, random string like 35742818-c375-4d15-839f-d49aecce94d6. Using this UUID, the API client can then request the actual file for download. The same kind of UUID is used in other places...

7CVSS5.8AI score0.00219EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:31 p.m.13 views

CVE-2026-49102

Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:19 p.m.13 views

CVE-2026-44830

Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when APITOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS alloworigins="",...

8.7CVSS5.9AI score0.00215EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 1:7 p.m.13 views

CVE-2026-6051

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap...

5.5CVSS5.8AI score0.00177EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:59 p.m.13 views

CVE-2026-46100

In the Linux kernel, the following vulnerability has been resolved: fs: afs: revert mmapprepare change Partially reverts commit 9d5403b1036c "fs: convert most other genericfilemmap users to .mmapprepare". This is because the .mmap invocation establishes a refcount, but .mmapprepare is called at a...

5.8AI score0.00127EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:57 p.m.13 views

CVE-2026-46050

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix deadlock with check operation and nowait requests When an array check is running it will raise the barrier at which point normal requests will become blocked and increment the nrpending value to signal there is wor...

5.7AI score0.00095EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:18 p.m.13 views

CVE-2026-45956

In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use priv-vididev for ctx lookup in vidiconnectionioctl vidiconnectionioctl retrieves the driverdata from drmdev-dev to obtain a struct vidicontext pointer. However, drmdev-dev is the exynos-drm master device, an...

5.7AI score0.00126EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 10:35 a.m.13 views

CVE-2026-9689

A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...

4.2CVSS5.8AI score0.00213EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:49 a.m.13 views

CVE-2026-42762

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows DOM-Based XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.9...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:49 a.m.13 views

CVE-2026-42759

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Timo Affiliate Super Assistent amazonsimpleadmin allows Stored XSS.This issue affects Affiliate Super Assistent: from n/a through = 1.10.1...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:49 a.m.13 views

CVE-2026-42734

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows Reflected XSS.This issue affects Geo Mashup: from n/a through = 1.13.19...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:27 a.m.13 views

CVE-2026-3348

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings Description, Title, and other fields in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

4.4CVSS6AI score0.00237EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:6 a.m.13 views

CVE-2026-40852

A highly authenticated attacker can alter the config generator injecting a payload into future created configurations. The device is not correctly checking this configuration value before passing it to an system execute leading to code execution. This can result in a total loss of confidentiality...

7.2CVSS6AI score0.0037EPSS
Exploits0References2Affected Software4
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:49 a.m.13 views

CVE-2026-40821

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountByID function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

6.9CVSS5.9AI score0.00281EPSS
Exploits0References2Affected Software4
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:44 a.m.13 views

CVE-2026-40811

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the ssoabstractservice due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS5.9AI score0.0032EPSS
Exploits0References2Affected Software4
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:31 a.m.13 views

CVE-2026-8938

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJLcertification function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:15 a.m.13 views

CVE-2026-9608

A vulnerability was determined in QianFox FoxCMS up to 1.2.6. The impacted element is an unknown function of the file /Tag/edit of the component Administrator Backend. Executing a manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

4.8CVSS4.1AI score0.00206EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:0 a.m.13 views

CVE-2026-37713

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/class/commonobject.class.php...

6.2AI score0.00384EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:0 a.m.13 views

CVE-2026-37712

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/cron/class/cronjob.class.php, calluserfuncarray in function job type...

6.2AI score0.00384EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/26 11:59 p.m.13 views

CVE-2026-8606

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal management service and...

7CVSS5.8AI score0.00386EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 9:58 p.m.13 views

CVE-2026-44985

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: funcr http.Request bool return true , accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables...

8.7CVSS5.8AI score0.00195EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 9:32 p.m.13 views

CVE-2025-43451

A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data...

5.5CVSS5.8AI score0.00135EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 9:32 p.m.13 views

CVE-2025-46307

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data...

5.5CVSS5.8AI score0.0015EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 9:32 p.m.13 views

CVE-2025-43290

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file system...

5.5CVSS5.8AI score0.00129EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/26 9:32 p.m.13 views

CVE-2025-43306

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to gain root privileges...

7.8CVSS5.8AI score0.00135EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/26 9:0 p.m.13 views

CVE-2026-9583

A weakness has been identified in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This impacts an unknown function of the file /index.php of the component SQL Handler. Executing a manipulation can lead to information exposure through error message. The attack may be...

5.3CVSS5.5AI score0.00242EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 8:33 p.m.13 views

CVE-2026-8453

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 6:30 p.m.13 views

CVE-2026-9572

A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function MediaGetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of the argument cat leads to memory leak. The attack can only be performed from a local environment. Th...

4.8CVSS5.3AI score0.00161EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/05/26 6:23 p.m.13 views

CVE-2026-3660

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application...

9.8CVSS5.8AI score0.0058EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:10 p.m.13 views

CVE-2026-44707

Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...

6.8CVSS5.8AI score0.00344EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:44 p.m.13 views

CVE-2026-48899

An improper access check allows privilege escalation through the comusers batch task...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:31 p.m.13 views

CVE-2026-43981

Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, in engine/luahandler.go, the sync.RWMutex protecting LoadCommonFunctions is released before L.Push and L.PCall execute. Since gopher-lua's LState is explicitly not goroutine-safe, concurrent requests race on the shared state...

8.2CVSS5.8AI score0.00182EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 2:15 p.m.13 views

CVE-2026-45247

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

9.8CVSS6.7AI score0.27546EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/26 12:57 p.m.13 views

CVE-2026-48136

When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permission...

4.1CVSS5.8AI score0.04102EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 9:39 a.m.13 views

CVE-2026-44410

This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks...

3.8CVSS5.8AI score0.00131EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000