Lucene search
K
AttackerkbMost viewed

74794 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/03 9:55 p.m.12 views

CVE-2026-22055

Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/03 7:56 p.m.12 views

CVE-2026-43924

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs before storing or issuing redirects. This allows arbitrary external URLs to be configured as redirect...

4.8CVSS5.9AI score0.00259EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/03 5:53 p.m.12 views

CVE-2026-45614

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By...

4.7CVSS5.8AI score0.00096EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/03 1:16 p.m.12 views

CVE-2026-7666

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

3.1CVSS5.8AI score0.0015EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/03 12:0 a.m.12 views

CVE-2026-36576

An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request...

9.8CVSS6AI score0.01491EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:31 p.m.12 views

CVE-2026-28299

SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when exploited, could cause the Web Help Desk server to crash due to insufficient memory...

8.2CVSS5.8AI score0.00417EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:25 p.m.12 views

CVE-2026-45681

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can...

5.9CVSS5.8AI score0.00287EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:1 p.m.12 views

CVE-2026-27351

Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...

5.4CVSS5.8AI score0.00165EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 1:48 p.m.12 views

CVE-2025-58707

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: from n/a through 1.8...

8.1CVSS5.8AI score0.00337EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 1:23 p.m.12 views

CVE-2026-9844

Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology RabbitMQ Management interface modules allows Default Usernames and Passwords. This issue affects navify Digital Pathology: from 2.0.0 before 2.4.1...

8.8CVSS5.8AI score0.00239EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 10:43 a.m.12 views

CVE-2026-42685

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 9:43 a.m.12 views

CVE-2025-53209

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...

9.8CVSS5.8AI score0.00275EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 9:11 a.m.12 views

CVE-2026-5422

A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within jupyterserver/services/contents/fileio.py. The check uses startswithroot without appending a trailing path separator, allowing sibling...

6.8CVSS6.7AI score0.00437EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:48 a.m.12 views

CVE-2026-8422

The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation on the 'remove-meta-boxes-per-user-role' page. This makes it possible for unauthenticated attackers...

4.3CVSS5.7AI score0.00132EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/02 1:54 a.m.12 views

CVE-2026-3870

A buffer overflow vulnerability in the UPnP AddPortMapping command in Zyxel VMG4005-B50B firmware versions through 5.13ABRL.5.4C0 could allow an adjacent attacker to trigger a temporary denial-of-service DoS condition affecting the UPnP function of the affected device...

6.5CVSS6AI score0.00168EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 1:30 a.m.12 views

CVE-2026-10565

A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmmstatesecuritymode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack...

3.1CVSS5AI score0.00224EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/02 1:0 a.m.12 views

CVE-2026-10558

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is an unknown function of the file /admin/index.php. Performing a manipulation of the argument page results in file inclusion. The attack is possible to be carried out remotely. The exploit is now public and may...

6.5CVSS6.4AI score0.00227EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 12:30 a.m.12 views

CVE-2026-10548

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function syncanthropicentryfromcredentialsfile of the file agent/credentialpool.py of the component Credential Pool Synchronization. The manipulation results in improper authentication. The attack...

5.3CVSS5.6AI score0.0014EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.12 views

CVE-2026-25277

Memory corruption while using Strongbox due to buffer overflow...

8.8CVSS6.2AI score0.00074EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.12 views

CVE-2026-24087

Memory corruption while processing fastboot OEM commands...

7.2CVSS5.8AI score0.00097EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.12 views

CVE-2026-24085

Memory Corruption when processing display command line information due to improper initialization of a variable...

7.2CVSS5.8AI score0.00097EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.12 views

CVE-2025-59606

Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization...

7.8CVSS5.8AI score0.00075EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.12 views

CVE-2025-59604

Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer...

7.8CVSS5.8AI score0.00075EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:43 p.m.12 views

CVE-2026-24752

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

8.2CVSS5.9AI score0.00283EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.12 views

CVE-2026-0100

In Load of LoadedArsc.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6.2AI score0.00075EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.12 views

CVE-2026-0067

In multiple functions of ubsanthrowingruntime.cpp, there is a possible way to cause a permanent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.00071EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.12 views

CVE-2026-0075

In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6AI score0.00094EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.12 views

CVE-2026-0059

In multiple functions of sdpdiscovery.cc, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead to remote proximal/adjacent code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8CVSS6.5AI score0.00114EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.12 views

CVE-2026-0018

In multiple functions of AccessibilityManagerService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.00071EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.12 views

CVE-2026-0039

In multiple functions of ubsanthrowingruntime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

6.5CVSS6AI score0.00253EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:1 p.m.12 views

CVE-2021-46747

Insufficient granularity of access control in ASP AMD Secure Processor may allow an attacker with an untrusted user space application to map sensitive SMN System Management Network apertures leading to a potential escalation of privileges...

7.1CVSS5.8AI score0.00097EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/01 6:53 p.m.12 views

CVE-2026-49134

CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell...

7.5CVSS6.1AI score0.0027EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/01 6:50 p.m.12 views

CVE-2026-24751

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

8.2CVSS5.9AI score0.00289EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 6:16 p.m.12 views

CVE-2026-43624

F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join without validating the resulting path stays within the...

8.8CVSS5.9AI score0.00393EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/01 6:11 p.m.12 views

CVE-2026-23638

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated attacker to tamper with the internal approval flow configurations of forms belonging to other users due to insufficient...

6.5CVSS5.8AI score0.00184EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 5:49 p.m.12 views

CVE-2026-40990

OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6...

5.7CVSS5.8AI score0.00211EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 5:34 p.m.12 views

CVE-2026-43958

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

7.8CVSS6.3AI score0.00132EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 4:57 p.m.12 views

CVE-2026-45285

Nextcloud is an open source content collaboration platform. From versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a user shares a folder or file with a Nextcloud Team that includes an external member a person added via email address who does not have a Nextcloud account, the...

6.4CVSS5.7AI score0.00293EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 4:52 p.m.12 views

CVE-2026-45279

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.14, and 32.0.0 to before 32.0.4, if lang is used in the template directory config value, non-admin users can in some cases copy arbitrary files depending on unix permissions into...

4.4CVSS5.9AI score0.00392EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 2:52 p.m.12 views

CVE-2026-42681

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in E2Pdf.Com e2pdf allows Reflected XSS. This issue affects e2pdf: from n/a through 1.32.14...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 2:44 p.m.12 views

CVE-2026-42683

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.8...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 11:15 a.m.12 views

CVE-2026-10252

A security vulnerability has been detected in itsourcecode Online House Rental System 1.0. This affects an unknown function of the file /managetenant.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:37 a.m.12 views

CVE-2026-25600

The PDBM application relies on a static, hard‑coded secret embedded in the PDBM.exe executable. This secret is used by the application’s encryption routines, including the function responsible for decrypting credentials stored in the product’s configuration file. Because the secret is constant...

6.4CVSS5.8AI score0.00065EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:17 a.m.12 views

CVE-2026-25599

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

6.3CVSS5.9AI score0.00114EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 8:21 a.m.12 views

CVE-2026-9024

A Stored Cross-site Scripting XSS vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x could allow an attacker to execute arbitrary script code in user's browser session...

8.7CVSS6.1AI score0.00199EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:56 a.m.12 views

CVE-2026-10517

A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...

5.8CVSS5.7AI score0.00292EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:35 a.m.12 views

CVE-2026-48726

A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for FabAuthManager and KeycloakAuthManager did not actually reach the underlying revoketoken call, so the JWT remained accepted by the API server...

9.1CVSS5.9AI score0.00667EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:23 a.m.12 views

CVE-2026-42253

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...

5.8AI score0.01107EPSS
Exploits1References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:23 a.m.12 views

CVE-2026-42588

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...

6.4AI score0.00546EPSS
Exploits2References2Affected Software3
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:20 a.m.12 views

CVE-2026-49157

Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin low-privilege web-login accounts access to Jolokia operations which allowed executing broker...

5.8AI score0.00424EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000