Lucene search
K
AttackerkbMost viewed

75081 matches found

ATTACKERKB
ATTACKERKB
•added 2026/04/28 11:44 a.m.•13 views

CVE-2026-5781

An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their privileges by sending an HTTP request with a manipulated 'identifier' field. Successful exploitati...

8.5CVSS5.3AI score0.00232EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/26 1:19 p.m.•13 views

CVE-2018-25285

Fathom 2.4 contains a buffer overflow vulnerability in the Authorization Code field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 6000-byte payload into the Authorization Code field and click Activate to trigger a denial of...

6.8CVSS5.7AI score0.0013EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/23 4:12 p.m.•13 views

CVE-2026-6919

Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00285EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/23 12:0 a.m.•13 views

CVE-2026-31174

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the informEnable parameter to /cgi-bin/cstecgi.cgi...

6.5CVSS6.1AI score0.00279EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
•added 2026/04/15 11:25 p.m.•13 views

CVE-2026-4880

The Barcode Scanner +Mobile App – Inventory manager, Order fulfillment system, POS Point of Sale plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication in all versions up to, and including, 1.11.0. This is due to the plugin trusting a user-supplied...

9.8CVSS5.8AI score0.00503EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/04/15 7:4 p.m.•13 views

CVE-2026-6313

Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.8AI score0.00207EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/14 4:58 p.m.•13 views

CVE-2026-33824

Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network...

9.8CVSS5.9AI score0.5585EPSS
Exploits2References2Affected Software17
ATTACKERKB
ATTACKERKB
•added 2026/04/13 4:45 p.m.•13 views

CVE-2026-6192

A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opjpiinitialiseencode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The...

4.8CVSS5.4AI score0.00112EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/10 6:54 p.m.•13 views

CVE-2026-33708

Chamilo LMS is a learning management system. Prior to 1.11.38, the getuserinfofromusername REST API endpoint returns personal information email, first name, last name, user ID, active status of any user to any authenticated user, including students. There is no authorization check. This...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/09 3:58 p.m.•13 views

CVE-2026-40046

Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 and future 5.19.x releases but was missed for all 6.0.0+...

8.8CVSS5.8AI score0.0078EPSS
Exploits0References4Affected Software3
ATTACKERKB
ATTACKERKB
•added 2026/04/08 11:16 a.m.•13 views

CVE-2026-1673

The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the woobedeletetaxterm function. This makes it possible...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/04/08 8:30 a.m.•13 views

CVE-2026-39696

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Elfsight Elfsight WhatsApp Chat CC elfsight-whatsapp-chat allows DOM-Based XSS.This issue affects Elfsight WhatsApp Chat CC: from n/a through = 1.2.0...

6.5CVSS5.9AI score0.0013EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/04/07 12:28 p.m.•13 views

CVE-2026-28808

Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via scriptalias. When scriptalias maps a URL prefix to a directory outside DocumentRoot, modauth evaluates directory-based access controls agains...

9.8CVSS5.9AI score0.0053EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/05 4:30 p.m.•13 views

CVE-2026-5583

A security vulnerability has been detected in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /my-profile.php of the component Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotel...

6.5CVSS6.5AI score0.00246EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/02 4:30 p.m.•13 views

CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

8.1CVSS5.8AI score0.00419EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/04/01 8:9 a.m.•13 views

CVE-2026-4370

A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's database endpoint does not validate client...

10CVSS5.9AI score0.00381EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/26 4:48 p.m.•13 views

CVE-2026-33416

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In versions 1.2.1 through 1.6.55, pngsettRNS and pngsetPLTE each alias a heap-allocated buffer between pngstruct and pnginfo, sharing a single allocation acros...

7.5CVSS5.9AI score0.01052EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/24 8:26 p.m.•13 views

CVE-2025-33254

NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause internal state corruption. A successful exploit of this vulnerability may lead to a denial of service...

7.5CVSS5.8AI score0.00323EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/03/24 3:36 p.m.•13 views

CVE-2026-33677

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the GET /api/v1/projects/:project/webhooks endpoint returns webhook BasicAuth credentials basicauthuser and basicauthpassword in plaintext to any user with read access to the project. While the existing code...

6.5CVSS5.9AI score0.00297EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/24 12:24 a.m.•13 views

CVE-2026-4673

Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.1AI score0.00504EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/23 7:24 p.m.•13 views

CVE-2026-32879

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...

4.9CVSS5.8AI score0.00289EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/23 6:41 p.m.•13 views

CVE-2026-0898

An arbitrary file-write vulnerability in Pega Browser Extension PBE affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25. This vulnerability does not affect Robot Runtime users. A bad actor could create a website that includes...

9CVSS5.9AI score0.00321EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/22 12:11 a.m.•13 views

CVE-2019-25589

ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a crafted payload into the Shell configuration field and trigger a crash when...

6.9CVSS6.1AI score0.00183EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/20 10:23 p.m.•13 views

CVE-2026-33186

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

9.1CVSS5.9AI score0.00522EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/20 7:59 p.m.•13 views

CVE-2026-33139

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a security validation bypass in the plugin system. The validateplugincode function in pluginsystem.py, performs static AST analysis...

8.3CVSS5.9AI score0.00169EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/20 7:59 p.m.•13 views

CVE-2026-4438

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification...

5.8AI score0.00205EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/20 6:31 p.m.•13 views

CVE-2026-32710

MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSONSCHEMAVALID function. Under certain conditions it might be possible to turn the crash into a remote code execution. These...

8.5CVSS6.1AI score0.00856EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/19 10:1 p.m.•13 views

CVE-2026-33355

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the /private-posts endpoint did not apply post-type visibility filtering, allowing regular PM participants to see whisper posts in PM topics they had access to. Versions 2026.3.0-latest.1...

6.5CVSS5.8AI score0.00414EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/13 11:45 a.m.•13 views

CVE-2026-4111

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This...

7.5CVSS5.8AI score0.00693EPSS
Exploits0References29
ATTACKERKB
ATTACKERKB
•added 2026/03/04 2:36 p.m.•13 views

CVE-2025-71238

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsgdone causing double free Kernel panic observed on system, 5353358.825191 BUG: unable to handle page fault for address: ff5f5e897b024000 5353358.825194 PF: supervisor write access in kernel mode 5353358.82519...

5.8AI score0.00194EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/02/27 10:6 p.m.•13 views

CVE-2026-28421

Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault SEGV exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issu...

7.8CVSS6AI score0.00177EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/02/26 2:3 a.m.•13 views

CVE-2026-27970

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Versions prior to 21.2.0, 21.1.16, 20.3.17, and 19.2.19 have a cross-Site scripting vulnerability in the Angular internationalization i18n pipeline. In ICU messages...

7.6CVSS6AI score0.00466EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/02/25 11:45 p.m.•13 views

CVE-2026-27735

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...

6.4CVSS5.7AI score0.00287EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/02/24 1:33 p.m.•13 views

CVE-2026-2775

Mitigation bypass in the DOM: HTML Parser component. This vulnerability affects Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS5.9AI score0.00552EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
•added 2026/02/24 1:33 p.m.•13 views

CVE-2026-2761

Sandbox escape in the Graphics: WebRender component. This vulnerability affects Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

10CVSS5.9AI score0.00395EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
•added 2026/02/12 5:41 p.m.•13 views

CVE-2024-36319

Debug code left active in AMD's Video Decoder Engine Firmware VCN FW could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system...

6.3CVSS5.7AI score0.00129EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/02/09 9:15 p.m.•13 views

CVE-2026-25885

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without logging in. An unauthenticated client can subscribe to any group chat by providing a group UUID, and can also send messages to any...

10CVSS5.5AI score0.00286EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/02/09 6:36 p.m.•13 views

CVE-2026-1529

A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token JWT payload. This lack of cryptographic signature verification allows the attacker to successfully self-register into an...

8.1CVSS5.5AI score0.00453EPSS
Exploits2References7
ATTACKERKB
ATTACKERKB
•added 2026/02/08 4:2 a.m.•13 views

CVE-2026-2134

A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affected element is an unknown function of the file /hms/admin/manage-doctors.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has bee...

5.8CVSS5.1AI score0.00306EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/02/04 5:58 p.m.•13 views

CVE-2026-25532

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists in the WPS Wi-Fi Protected Setup Enrollee implementation where malformed EAP-WSC packets with truncated payloads can cause integer underflow during...

6.3CVSS5.5AI score0.00213EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
•added 2026/02/04 4:47 p.m.•13 views

CVE-2026-25056

n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remo...

9.4CVSS6.2AI score0.00664EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/01/21 8:42 p.m.•13 views

CVE-2026-21852

Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository could include a settings file that sets...

7.5CVSS5.5AI score0.2297EPSS
Exploits2References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/01/19 3:52 p.m.•13 views

CVE-2025-11043

An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges...

9.1CVSS5.5AI score0.00206EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2025/12/07 11:2 a.m.•13 views

CVE-2025-14188

A security vulnerability has been detected in UGREEN DH2100+ up to 5.3.0.251125. This impacts the function handlerfilebackupcreate of the file /v1/file/backup/create of the component nassvr. The manipulation of the argument path leads to command injection. The attack is possible to be carried out...

8.6CVSS6.7AI score0.02512EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2025/10/31 9:2 a.m.•13 views

CVE-2025-30189

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

7.4CVSS5.9AI score0.00548EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2025/09/25 2:45 p.m.•13 views

CVE-2020-36851

Rob--W cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services,...

9.5CVSS6.5AI score0.01005EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
•added 2025/07/16 11:28 a.m.•13 views

CVE-2025-30936

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Torod Company for Information Technology Torod torod allows SQL Injection.This issue affects Torod: from n/a through = 2.1...

9.3CVSS5.9AI score0.00371EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2025/07/13 10:2 p.m.•13 views

CVE-2025-7546

A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfdelfsetgroupcontents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has bee...

7.8CVSS5.2AI score0.00172EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
•added 2025/06/30 4:15 p.m.•13 views

CVE-2024-12915

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Devinim Software Library Software allows Reflected XSS. This issue affects Library Software: before 24.11.02...

4.6CVSS5.8AI score0.0017EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2024/12/13 3:15 p.m.•13 views

CVE-2023-32601

Missing Authorization vulnerability in Deetronix Booking Ultra Pro booking-ultra-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Ultra Pro: from n/a through = 1.1.12...

5.4CVSS5.8AI score0.00457EPSS
Exploits0References3
Total number of security vulnerabilities5000