Lucene search
K
AttackerkbMost viewed

74967 matches found

ATTACKERKB
ATTACKERKB
•added 2026/05/08 2:22 p.m.•13 views

CVE-2026-43461

In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: Fix DMA mapping error handling Fix three bugs in amlsfcdmabuffersetup error paths: 1. Unnecessary goto: When the first DMA mapping sfc-daddr fails, nothing needs cleanup. Use direct return instead of goto...

5.8AI score0.00119EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/08 2:21 p.m.•13 views

CVE-2026-43387

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: properly validate the data in rtwgetieex Just like in commit 154828bf9559 "staging: rtl8723bs: fix out-of-bounds read in rtwgetie parser", we don't trust the data in the frame so we should check the length...

5.8AI score0.00123EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/08 1:37 p.m.•13 views

CVE-2026-43342

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: frndis: Protect RNDIS options with mutex The class/subclass/protocol options are suspectible to race conditions as they can be accessed concurrently through configfs. Use existing mutex to protect these options. This...

5.8AI score0.00086EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/08 3:0 a.m.•13 views

CVE-2026-8131

A security flaw has been discovered in SourceCodester SUP Online Shopping 1.0. This impacts an unknown function of the file /admin/replymsg.php. The manipulation of the argument msgid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the publ...

7.5CVSS6.9AI score0.00318EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/07 7:41 p.m.•13 views

CVE-2026-42501

A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy GOMODPROXY or checksum database GOSUMDB. A malicious module proxy can serve altered versions o...

5.8AI score0.00231EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/07 12:45 p.m.•13 views

CVE-2026-8092

Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox...

8.1CVSS6AI score0.00384EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
•added 2026/05/07 12:7 p.m.•13 views

CVE-2026-8080

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...

6.8CVSS5.8AI score0.00139EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/05/07 3:17 a.m.•13 views

CVE-2026-44602

Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006...

3.7CVSS5.8AI score0.0033EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/05/07 2:27 a.m.•13 views

CVE-2026-4807

The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.6.10.6. This is due to a flawed authorization logic in the noncepermissionscheck method combined with the public exposure of a site-wide reusable nonce. The plugin expose...

6.5CVSS5.9AI score0.00492EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
•added 2026/05/06 6:13 p.m.•13 views

CVE-2026-8006

Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Low...

5.4CVSS5.8AI score0.00121EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/06 6:13 p.m.•13 views

CVE-2026-8005

Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to bypass same origin policy via malicious network traffic. Chromium security severity: Low...

4.3CVSS5.8AI score0.00104EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/06 6:12 p.m.•13 views

CVE-2026-7916

Insufficient data validation in InterestGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.0022EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/06 6:12 p.m.•13 views

CVE-2026-7910

Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

5.8AI score0.0022EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/06 1:46 p.m.•13 views

CVE-2025-31982

HCL BigFix Service Management SM had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality...

3.7CVSS5.8AI score0.00153EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/06 12:36 p.m.•13 views

CVE-2026-40562

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

7.5CVSS5.8AI score0.00319EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/05/06 11:32 a.m.•13 views

CVE-2025-71293

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/ras: Move ras data alloc before bad page check In the rare event if eeprom has only invalid address entries, allocation is skipped, this causes following NULL pointer issue 547.103445 BUG: kernel NULL pointer...

5.7AI score0.00126EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/06 11:27 a.m.•13 views

CVE-2026-43146

In the Linux kernel, the following vulnerability has been resolved: media: iris: Add buffer to list only after successful allocation Move listaddtail to after dmaallocattrs succeeds when creating internal buffers. Previously, the buffer was enqueued in buffers-list before the DMA allocation. If t...

5.8AI score0.00126EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/06 7:40 a.m.•13 views

CVE-2026-43087

In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Disable all pin interrupts during probe A chip being probed may have the interrupt-on-change feature enabled on some of its pins, for example after a reboot. This can cause the chip to generate interrupts for...

5.8AI score0.00107EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/05 7:39 p.m.•13 views

CVE-2026-35453

PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, 2.2.0 through 2.4.4, 3.3.0 through 3.10.4, and 4.0.0 through 5.6.0, the HTML Writer skips htmlspecialchars output escaping when a cell uses a custom number format containin...

4.8CVSS6AI score0.00202EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/05 3:23 p.m.•13 views

CVE-2026-43064

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix not releasing workqueue on .release The workqueue associated with an DSA/IAA device is not released when the object is freed...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/04 2:44 p.m.•13 views

CVE-2026-23918

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

8.8CVSS5.8AI score0.4581EPSS
Exploits16References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/04 2:42 p.m.•13 views

CVE-2026-33006

A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

5.8AI score0.00557EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
•added 2026/05/04 12:37 p.m.•13 views

CVE-2026-24072

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

5.8AI score0.00654EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
•added 2026/05/02 6:45 a.m.•13 views

CVE-2026-7606

A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function findhwid/newguiupdatefirmware of the component Firmware Update Handler. Executing a manipulation of the argument dest can lead to insufficient verification of data authenticity. The attack can be launch...

6.3CVSS5.4AI score0.00234EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/28 11:44 a.m.•13 views

CVE-2026-5781

An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their privileges by sending an HTTP request with a manipulated 'identifier' field. Successful exploitati...

8.5CVSS5.3AI score0.00232EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/23 4:12 p.m.•13 views

CVE-2026-6919

Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00285EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/23 12:0 a.m.•13 views

CVE-2026-31174

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the informEnable parameter to /cgi-bin/cstecgi.cgi...

6.5CVSS6.1AI score0.00279EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
•added 2026/04/17 8:56 p.m.•13 views

CVE-2026-40302

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the proxyUi template engine uses Go's text/template which performs no HTML escaping instead of html/template. The GitHub OAuth callback handlers in both publicProxy and dynamicProxy embed the...

6.1CVSS5.8AI score0.00209EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/15 11:25 p.m.•13 views

CVE-2026-4880

The Barcode Scanner +Mobile App – Inventory manager, Order fulfillment system, POS Point of Sale plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication in all versions up to, and including, 1.11.0. This is due to the plugin trusting a user-supplied...

9.8CVSS5.8AI score0.00503EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/04/15 7:4 p.m.•13 views

CVE-2026-6313

Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.8AI score0.00207EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/14 4:58 p.m.•13 views

CVE-2026-33824

Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network...

9.8CVSS5.9AI score0.5585EPSS
Exploits2References2Affected Software17
ATTACKERKB
ATTACKERKB
•added 2026/04/14 4:58 p.m.•13 views

CVE-2026-32164

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows User Interface Core allows an authorized attacker to elevate privileges locally...

7.8CVSS5.9AI score0.00164EPSS
Exploits0References2Affected Software17
ATTACKERKB
ATTACKERKB
•added 2026/04/13 4:45 p.m.•13 views

CVE-2026-6192

A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opjpiinitialiseencode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The...

4.8CVSS5.4AI score0.00112EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/10 6:54 p.m.•13 views

CVE-2026-33708

Chamilo LMS is a learning management system. Prior to 1.11.38, the getuserinfofromusername REST API endpoint returns personal information email, first name, last name, user ID, active status of any user to any authenticated user, including students. There is no authorization check. This...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/09 3:58 p.m.•13 views

CVE-2026-40046

Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 and future 5.19.x releases but was missed for all 6.0.0+...

8.8CVSS5.8AI score0.0078EPSS
Exploits0References4Affected Software3
ATTACKERKB
ATTACKERKB
•added 2026/04/08 11:16 a.m.•13 views

CVE-2026-1673

The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the woobedeletetaxterm function. This makes it possible...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/04/08 8:30 a.m.•13 views

CVE-2026-39696

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Elfsight Elfsight WhatsApp Chat CC elfsight-whatsapp-chat allows DOM-Based XSS.This issue affects Elfsight WhatsApp Chat CC: from n/a through = 1.2.0...

6.5CVSS5.9AI score0.0013EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/04/07 12:28 p.m.•13 views

CVE-2026-28808

Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via scriptalias. When scriptalias maps a URL prefix to a directory outside DocumentRoot, modauth evaluates directory-based access controls agains...

9.8CVSS5.9AI score0.0053EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/05 4:30 p.m.•13 views

CVE-2026-5583

A security vulnerability has been detected in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /my-profile.php of the component Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotel...

6.5CVSS6.5AI score0.00246EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/03 9:18 p.m.•13 views

CVE-2026-34980

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server...

6.1CVSS6AI score0.00502EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/02 4:30 p.m.•13 views

CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

8.1CVSS5.8AI score0.00419EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/03/26 4:48 p.m.•13 views

CVE-2026-33416

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In versions 1.2.1 through 1.6.55, pngsettRNS and pngsetPLTE each alias a heap-allocated buffer between pngstruct and pnginfo, sharing a single allocation acros...

7.5CVSS5.9AI score0.01052EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/24 3:36 p.m.•13 views

CVE-2026-33677

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the GET /api/v1/projects/:project/webhooks endpoint returns webhook BasicAuth credentials basicauthuser and basicauthpassword in plaintext to any user with read access to the project. While the existing code...

6.5CVSS5.9AI score0.00297EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/24 12:24 a.m.•13 views

CVE-2026-4673

Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.1AI score0.00504EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/23 7:24 p.m.•13 views

CVE-2026-32879

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...

4.9CVSS5.8AI score0.00289EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/23 4:26 a.m.•13 views

CVE-2025-10736

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to unauthorized access of data due to improper authorization checks on the userAccessibility function in all versions up to, and including, 2.2.10. This...

6.5CVSS5.8AI score0.00171EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/03/22 12:11 a.m.•13 views

CVE-2019-25589

ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a crafted payload into the Shell configuration field and trigger a crash when...

6.9CVSS6.1AI score0.00183EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/20 10:23 p.m.•13 views

CVE-2026-33186

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/20 7:59 p.m.•13 views

CVE-2026-33139

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a security validation bypass in the plugin system. The validateplugincode function in pluginsystem.py, performs static AST analysis...

8.3CVSS5.9AI score0.00169EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/20 7:59 p.m.•13 views

CVE-2026-4438

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification...

5.8AI score0.00189EPSS
Exploits1References2Affected Software1
Total number of security vulnerabilities5000