Lucene search
K
AttackerkbMost viewed

75075 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/26 8:33 p.m.13 views

CVE-2026-8453

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 6:30 p.m.13 views

CVE-2026-9572

A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function MediaGetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of the argument cat leads to memory leak. The attack can only be performed from a local environment. Th...

4.8CVSS5.3AI score0.00161EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/05/26 6:23 p.m.13 views

CVE-2026-3660

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application...

9.8CVSS5.8AI score0.0058EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:10 p.m.13 views

CVE-2026-44707

Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...

6.8CVSS5.8AI score0.00344EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:44 p.m.13 views

CVE-2026-48899

An improper access check allows privilege escalation through the comusers batch task...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:31 p.m.13 views

CVE-2026-43981

Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, in engine/luahandler.go, the sync.RWMutex protecting LoadCommonFunctions is released before L.Push and L.PCall execute. Since gopher-lua's LState is explicitly not goroutine-safe, concurrent requests race on the shared state...

8.2CVSS5.8AI score0.00182EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 2:15 p.m.13 views

CVE-2026-45247

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

9.8CVSS6.7AI score0.27546EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/26 12:57 p.m.13 views

CVE-2026-48136

When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permission...

4.1CVSS5.8AI score0.04102EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 9:39 a.m.13 views

CVE-2026-44410

This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks...

3.8CVSS5.8AI score0.00131EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 6:39 a.m.13 views

CVE-2026-44469

The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before...

8.5CVSS5.8AI score0.00105EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 1:6 a.m.13 views

CVE-2025-71310

The GDPR cookies module for Backdrop CMS before 1.x-1.3.5 doesn't sufficiently protect visitors from Cross Site Scripting XSS if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with...

1.8CVSS5.7AI score0.00264EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/25 10:45 p.m.13 views

CVE-2026-9514

A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. Impacted is the function setNetworkDiag of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument NetDiagHost/NetDiagPingNum/NetDiagPingSize/NetDiagPingTimeOut/NetDiagTracertHop is...

6.5CVSS6.4AI score0.01803EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 10:37 p.m.13 views

CVE-2026-42763

Missing Authorization vulnerability in SePay team SePay Gateway allows Retrieve Embedded Sensitive Data. This issue affects SePay Gateway: from n/a through 1.1.20...

6.5CVSS5.8AI score0.00264EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/25 9:40 p.m.13 views

CVE-2026-24527

Missing Authorization vulnerability in Patterns in the cloud Autoship Cloud for WooCommerce Subscription Products allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through 2.14.0...

4.3CVSS5.8AI score0.002EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/25 9:15 p.m.13 views

CVE-2026-9504

A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bitconvertTU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public...

4.8CVSS5.3AI score0.00176EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 8:45 p.m.13 views

CVE-2026-9502

A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompressR2004section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available an...

5.3CVSS6AI score0.00154EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 7:6 p.m.13 views

CVE-2026-48842

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...

8.1CVSS5.8AI score0.00764EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 5:30 p.m.13 views

CVE-2026-9478

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setParentalRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack may be performe...

10CVSS5.5AI score0.01909EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:15 p.m.13 views

CVE-2018-25381

Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can inject malicious SQL code via the filtertypeid, filterpidid, and filtersearch parameters in POST reques...

7.1CVSS6.1AI score0.00284EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:15 p.m.13 views

CVE-2018-25380

Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filtertypeid, filterpidid, and filtersearch parameters. Attackers can submit POST requests to the extroformfield view with malicious SQL...

7.1CVSS6.1AI score0.00284EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:15 p.m.13 views

CVE-2018-25377

Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload and paste it into the Name and Code fields of the...

8.6CVSS6.5AI score0.00182EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 11:30 a.m.13 views

CVE-2026-9454

A flaw has been found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setOpenVpnCertGenerationCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument servername can lead to os command injection. The...

10CVSS7AI score0.01909EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 9:45 a.m.13 views

CVE-2026-9447

A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. The attack is possible to be carried out remotely. The exploit has be...

7.5CVSS6.9AI score0.00319EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 6:15 a.m.13 views

CVE-2026-9433

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument enable causes os command injection. The attack may be initiated...

10CVSS7AI score0.01732EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 5:30 a.m.13 views

CVE-2026-9430

A vulnerability was determined in Tenda F1202 1.2.0.20408. Affected by this issue is the function formGstDhcpSetSer of the file /goform/GstDhcpSetSerof. Executing a manipulation of the argument dips can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit...

9CVSS7.9AI score0.00438EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:22 a.m.13 views

CVE-2026-6059

A cross-site scripting vulnerability exists in Aterm. Arbitrary scripts may be executed in the web browser of a user accessing the web management interface via adjacent network...

4.8CVSS5.6AI score0.00179EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:0 a.m.13 views

CVE-2026-9416

A security vulnerability has been detected in code-projects Employee Management System 1.0. This impacts an unknown function of the file /myprofile.php. Such manipulation of the argument ID leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly...

5.3CVSS4.2AI score0.00263EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/24 11:30 p.m.13 views

CVE-2026-9406

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. Affected is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed...

10CVSS7AI score0.01732EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/24 8:52 p.m.13 views

CVE-2026-48831

Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping Flatpak and Snap...

7.3CVSS5.8AI score0.00179EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/24 2:15 p.m.13 views

CVE-2026-9387

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument resetFlags results in os command injection. It is...

10CVSS7AI score0.01732EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/24 1:15 p.m.13 views

CVE-2026-9383

A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/24 10:0 a.m.13 views

CVE-2026-9372

A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of the argument baseURL causes server-side request forgery. Remote exploitation of the attack is...

7.5CVSS6.7AI score0.00278EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/24 4:15 a.m.13 views

CVE-2026-9354

A vulnerability was detected in NousResearch hermes-agent up to 2026.4.16. The affected element is an unknown function of the component Slack Agent/Mattermost Agent. The manipulation of the argument formatmessage results in escaping of output. The attack can be executed remotely. The exploit is n...

6.9CVSS6.3AI score0.00336EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/24 12:15 a.m.13 views

CVE-2026-9345

A vulnerability was detected in Edimax EW-7438RPn up to 1.31. This affects the function formWizSurvey of the file /goform/formWizSurvey of the component webs. Performing a manipulation of the argument ssid/manualssid/ip/mask/gateway results in buffer overflow. The attack is possible to be carried...

9CVSS7.7AI score0.00542EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/24 12:0 a.m.13 views

CVE-2026-9344

A security vulnerability has been detected in Edimax EW-7438RPn up to 1.31. The impacted element is an unknown function of the file /goform/formWpsStart of the component webs. Such manipulation of the argument pinCode/wlan-url leads to stack-based buffer overflow. The attack can be executed...

9CVSS7.8AI score0.00445EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/23 10:15 p.m.13 views

CVE-2026-9342

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/viewhistory.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has be...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/23 6:30 p.m.13 views

CVE-2018-25358

D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the tablename parameter in POST requests. Attackers can send requests to /mycgi.cgi with tablename values like adminuser,...

8.7CVSS5.8AI score0.00585EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/23 6:30 p.m.13 views

CVE-2018-25351

Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads ...

8.8CVSS6.2AI score0.00358EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/23 11:44 a.m.13 views

CVE-2026-43503

In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers Two frag-transfer helpers pskbcopyfclone and skbshift fail to propagate the SKBFLSHAREDFRAG bit in skbshinfo-flags when moving frags from source to...

5.7AI score0.00135EPSS
Exploits7References16Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/23 10:15 a.m.13 views

CVE-2026-9297

A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. The manipulation of the argument repeaterSSID leads to command injection. The attack may be initiated remotely. The...

6.5CVSS6.4AI score0.01398EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/23 10:0 a.m.13 views

CVE-2026-9296

A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing a manipulation of the argument...

6.5CVSS6.4AI score0.01158EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/23 7:45 a.m.13 views

CVE-2026-9295

A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. Performing a manipulation of the argument vapurl results in buffer overflow. The attack can be initiated remotely. The...

9CVSS7.8AI score0.00542EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/23 7:30 a.m.13 views

CVE-2026-9294

A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manipulation of the argument pppUserName leads to buffer overflow. It is possible to launch the attack...

9CVSS7.8AI score0.00542EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/23 4:27 a.m.13 views

CVE-2026-6898

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3Hooks::generateapikey' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/22 10:34 p.m.13 views

CVE-2026-41149

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML injection under the default configuration. Specifically, the classDef directive in Mermaid state...

5.3CVSS5.8AI score0.00401EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/22 9:17 p.m.13 views

CVE-2026-41075

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing th...

8.8CVSS5.8AI score0.00344EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/22 5:12 p.m.13 views

CVE-2026-34207

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, SSRF protection for Webhook / HTTP Request blocks validates only the URL string, blocked hostname literals, and literal IP formats. It does not resolve DNS before allowing the request. As a result, a hostname such as ssrf-repro.examp...

7.6CVSS5.8AI score0.00239EPSS
Exploits2References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/22 7:50 a.m.13 views

CVE-2026-8679

The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handleplaylistendpoint function hooked to templateredirect accepting a user-controlled playlist ID via the audioigniterplaylistid query var or the...

7.5CVSS5.8AI score0.01508EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/22 4:29 a.m.13 views

CVE-2026-4070

The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfiemanage function which handles feed deletion via the 'delete' GET parameter. This makes it possible for...

4.3CVSS5.9AI score0.00164EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/21 8:14 a.m.13 views

CVE-2026-7837

A time-of-check time-of-use TOCTOU condition in the adflush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited data modification under specific race conditions...

3.7CVSS5.8AI score0.00236EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000