Lucene search
K
AttackerkbMost viewed

74967 matches found

ATTACKERKB
ATTACKERKB
•added 2026/03/23 4:26 a.m.•13 views

CVE-2025-10736

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to unauthorized access of data due to improper authorization checks on the userAccessibility function in all versions up to, and including, 2.2.10. This...

6.5CVSS5.8AI score0.00171EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/03/22 12:11 a.m.•13 views

CVE-2019-25589

ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a crafted payload into the Shell configuration field and trigger a crash when...

6.9CVSS6.1AI score0.00183EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/20 10:23 p.m.•13 views

CVE-2026-33186

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/20 7:59 p.m.•13 views

CVE-2026-33139

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a security validation bypass in the plugin system. The validateplugincode function in pluginsystem.py, performs static AST analysis...

8.3CVSS5.9AI score0.00169EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/20 7:59 p.m.•13 views

CVE-2026-4438

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification...

5.8AI score0.00189EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/20 6:31 p.m.•13 views

CVE-2026-32710

MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSONSCHEMAVALID function. Under certain conditions it might be possible to turn the crash into a remote code execution. These...

8.5CVSS6.1AI score0.00856EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/19 10:1 p.m.•13 views

CVE-2026-33355

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the /private-posts endpoint did not apply post-type visibility filtering, allowing regular PM participants to see whisper posts in PM topics they had access to. Versions 2026.3.0-latest.1...

6.5CVSS5.8AI score0.00414EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/13 11:45 a.m.•13 views

CVE-2026-4111

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This...

7.5CVSS5.8AI score0.00693EPSS
Exploits0References29
ATTACKERKB
ATTACKERKB
•added 2026/03/04 2:36 p.m.•13 views

CVE-2025-71238

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsgdone causing double free Kernel panic observed on system, 5353358.825191 BUG: unable to handle page fault for address: ff5f5e897b024000 5353358.825194 PF: supervisor write access in kernel mode 5353358.82519...

5.8AI score0.00194EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/02 2:49 p.m.•13 views

CVE-2025-50189

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resourcedocumentSQLINJECTIONHERE and POST login parameters found in /main/coursecopy/copycoursesessionselected.php, which allows an attack...

8.8CVSS5.9AI score0.00733EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/02/27 10:6 p.m.•13 views

CVE-2026-28421

Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault SEGV exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issu...

7.8CVSS6AI score0.00177EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/02/26 2:3 a.m.•13 views

CVE-2026-27970

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Versions prior to 21.2.0, 21.1.16, 20.3.17, and 19.2.19 have a cross-Site scripting vulnerability in the Angular internationalization i18n pipeline. In ICU messages...

7.6CVSS6AI score0.00466EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/02/24 1:33 p.m.•13 views

CVE-2026-2775

Mitigation bypass in the DOM: HTML Parser component. This vulnerability affects Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS5.9AI score0.00552EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
•added 2026/02/24 1:33 p.m.•13 views

CVE-2026-2761

Sandbox escape in the Graphics: WebRender component. This vulnerability affects Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

10CVSS5.9AI score0.00395EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
•added 2026/02/12 5:41 p.m.•13 views

CVE-2024-36319

Debug code left active in AMD's Video Decoder Engine Firmware VCN FW could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system...

6.3CVSS5.7AI score0.00129EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/02/11 10:58 p.m.•13 views

CVE-2026-20676

This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions...

5.3CVSS5.8AI score0.00222EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/02/09 9:15 p.m.•13 views

CVE-2026-25885

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without logging in. An unauthenticated client can subscribe to any group chat by providing a group UUID, and can also send messages to any...

10CVSS5.5AI score0.00286EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/02/09 6:36 p.m.•13 views

CVE-2026-1529

A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token JWT payload. This lack of cryptographic signature verification allows the attacker to successfully self-register into an...

8.1CVSS5.5AI score0.00453EPSS
Exploits2References7
ATTACKERKB
ATTACKERKB
•added 2026/02/08 4:2 a.m.•13 views

CVE-2026-2134

A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affected element is an unknown function of the file /hms/admin/manage-doctors.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has bee...

5.8CVSS5.1AI score0.00306EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/02/04 5:58 p.m.•13 views

CVE-2026-25532

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists in the WPS Wi-Fi Protected Setup Enrollee implementation where malformed EAP-WSC packets with truncated payloads can cause integer underflow during...

6.3CVSS5.5AI score0.00213EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
•added 2026/02/04 4:47 p.m.•13 views

CVE-2026-25056

n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remo...

9.4CVSS6.2AI score0.00664EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/02/03 4:52 p.m.•13 views

CVE-2020-37115

GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access...

7.1CVSS5.3AI score0.00263EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
•added 2026/01/21 8:42 p.m.•13 views

CVE-2026-21852

Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository could include a settings file that sets...

7.5CVSS5.5AI score0.2297EPSS
Exploits2References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/01/19 3:52 p.m.•13 views

CVE-2025-11043

An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges...

9.1CVSS5.5AI score0.00206EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2025/12/07 11:2 a.m.•13 views

CVE-2025-14188

A security vulnerability has been detected in UGREEN DH2100+ up to 5.3.0.251125. This impacts the function handlerfilebackupcreate of the file /v1/file/backup/create of the component nassvr. The manipulation of the argument path leads to command injection. The attack is possible to be carried out...

8.6CVSS6.7AI score0.02512EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2025/10/31 9:2 a.m.•13 views

CVE-2025-30189

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

7.4CVSS5.9AI score0.00548EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2025/09/25 2:45 p.m.•13 views

CVE-2020-36851

Rob--W cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services,...

9.5CVSS6.5AI score0.01005EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
•added 2025/07/13 10:2 p.m.•13 views

CVE-2025-7546

A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfdelfsetgroupcontents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has bee...

7.8CVSS5.2AI score0.00172EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
•added 2025/06/30 4:15 p.m.•13 views

CVE-2024-12915

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Devinim Software Library Software allows Reflected XSS. This issue affects Library Software: before 24.11.02...

4.6CVSS5.8AI score0.0017EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2024/12/13 3:15 p.m.•13 views

CVE-2023-32601

Missing Authorization vulnerability in Deetronix Booking Ultra Pro booking-ultra-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Ultra Pro: from n/a through = 1.1.12...

5.4CVSS5.8AI score0.00457EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2024/08/12 12:0 a.m.•13 views

CVE-2024-41710

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 R6.4.0.136 could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter...

7.2CVSS7.8AI score0.4161EPSS
Exploits3References4
ATTACKERKB
ATTACKERKB
•added 2024/05/30 4:15 p.m.•13 views

CVE-2024-36903

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix potential uninit-value access in ip6makeskb As it was done in commit fc1092f51567 "ipv4: Fix uninit-value access in ipmakeskb" for IPv4, check FLOWIFLAGKNOWNNH on fl6-flowi6flags instead of testing HDRINCL on the socket...

5.5CVSS6.9AI score0.0023EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2024/05/03 2:15 a.m.•13 views

CVE-2023-34276

D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this...

8CVSS6.2AI score0.0176EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2024/02/27 4:15 p.m.•13 views

CVE-2024-25399

Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting XSS via adminer.php...

6.1CVSS6.4AI score0.00345EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2024/02/20 12:15 a.m.•13 views

CVE-2022-48625

Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary...

7.5CVSS5.2AI score0.00444EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2024/02/04 8:15 p.m.•13 views

CVE-2021-4435

An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways...

7.8CVSS7.2AI score0.00301EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2024/01/18 9:15 p.m.•13 views

CVE-2023-51258

A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service via the newToken function in the modules/preprocs/nasm/nasm-pp:1512...

5.5CVSS5.8AI score0.00259EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
•added 2023/12/14 6:15 a.m.•13 views

CVE-2023-44709

PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before was discovered to contain an integer overflow via the component plutosvgloadfrommemory...

9.8CVSS5.8AI score0.00825EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
•added 2023/11/22 6:15 p.m.•13 views

CVE-2023-47250

In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, broken Access Control on X11 server sockets allows authenticated attackers with access to a VNC session to access the X11 desktops of other users by specifying their DISPLAY ID. This allows complete control of their desktop,...

8.8CVSS5.8AI score0.01395EPSS
Exploits2References6
ATTACKERKB
ATTACKERKB
•added 2023/11/22 3:15 p.m.•13 views

CVE-2023-47380

Admidio v4.2.12 and below is vulnerable to Cross Site Scripting XSS...

6.1CVSS6.4AI score0.007EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
•added 2023/11/04 11:15 p.m.•13 views

CVE-2023-46963

An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login function...

5.3CVSS5.8AI score0.00525EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
•added 2023/11/02 12:15 p.m.•13 views

CVE-2023-3164

A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file...

7.1CVSS5.7AI score0.00428EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
•added 2023/10/22 7:15 p.m.•13 views

CVE-2021-46898

views/switch.py in django-grappelli aka Django Grappelli before 2.15.2 attempts to prevent external redirection with startswith"/" but this does not consider a protocol-relative URL e.g., //example.com attack...

6.1CVSS6.3AI score0.0047EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
•added 2023/10/16 8:15 p.m.•13 views

CVE-2023-43118

Cross Site Request Forgery CSRF vulnerability in Chalet application in Extreme Networks Switch Engine EXOS before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API...

8.8CVSS7.5AI score0.00276EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2023/10/14 5:15 a.m.•13 views

CVE-2023-45855

qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI...

7.5CVSS7.1AI score0.0333EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
•added 2023/08/03 11:15 p.m.•13 views

CVE-2023-38950

A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 of ZKBioTime...

7.5CVSS7.4AI score0.8488EPSS
Exploits3References4
ATTACKERKB
ATTACKERKB
•added 2023/07/20 7:15 p.m.•13 views

CVE-2023-37602

An arbitrary file upload vulnerability in the component /workplace!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

6.1CVSS6.7AI score0.00586EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
•added 2023/07/18 7:15 p.m.•13 views

CVE-2023-30153

An SQL injection vulnerability in the Payplug payplug module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller...

9.8CVSS7.6AI score0.00783EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
•added 2023/07/15 2:15 a.m.•13 views

CVE-2023-38350

PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. This affects 0.6.26...

5.4CVSS6AI score0.00449EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
•added 2023/07/06 12:0 a.m.•13 views

CVE-2023-34192

Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9CVSS7.2AI score0.77266EPSS
Exploits0References4
Total number of security vulnerabilities5000