Lucene search
K
AttackerkbMost viewed

74794 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/27 7:50 a.m.12 views

CVE-2026-40823

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can resu...

7CVSS6AI score0.00239EPSS
Exploits0References2Affected Software4
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:49 a.m.12 views

CVE-2026-40819

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the syncdata24 task due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS5.9AI score0.0032EPSS
Exploits0References2Affected Software4
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:31 a.m.12 views

CVE-2026-8708

The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the optionspage function. This makes it possible for unauthenticated attackers to update the plugin's breadcru...

5.7AI score0.00128EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/27 1:57 a.m.12 views

CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.00322EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 1:26 a.m.12 views

CVE-2026-6565

The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '/wp-json/agwp/v1/tokens/save' endpoint kit title parameter in versions up to, and including, 2.5.0 due to insufficient input...

6.4CVSS6AI score0.00156EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:0 a.m.12 views

CVE-2026-31266

Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint /actions/app/migrate...

5.8AI score0.00283EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2026/05/26 11:30 p.m.12 views

CVE-2026-8680

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.7AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 9:54 p.m.12 views

CVE-2026-48710

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

6.5CVSS5.8AI score0.01438EPSS
Exploits2References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 9:29 p.m.12 views

CVE-2026-42013

A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name SAN could cause the validation process to incorrectly fall back to checking the Common Name CN field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to...

8.2CVSS5.8AI score0.00423EPSS
Exploits0References15
ATTACKERKB
ATTACKERKB
added 2026/05/26 9:4 p.m.12 views

CVE-2026-44900

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted, the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify. The method performs certificate chain...

8.1CVSS5.8AI score0.00121EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 9:3 p.m.12 views

CVE-2026-45574

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient...

8.1CVSS5.8AI score0.00138EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 9:0 p.m.12 views

CVE-2026-9583

A weakness has been identified in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This impacts an unknown function of the file /index.php of the component SQL Handler. Executing a manipulation can lead to information exposure through error message. The attack may be...

5.3CVSS5.5AI score0.00242EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 6:12 p.m.12 views

CVE-2026-4051

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted...

7.2CVSS6.2AI score0.00369EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:19 p.m.12 views

CVE-2026-24197

NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU MIG partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this...

6.5CVSS5.8AI score0.0016EPSS
Exploits0References4Affected Software3
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:10 p.m.12 views

CVE-2026-44707

Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...

6.8CVSS5.8AI score0.00344EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:58 p.m.12 views

CVE-2026-8855

IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication client authentication...

8.1CVSS6.5AI score0.00456EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:58 p.m.12 views

CVE-2026-8854

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module modmemcache...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:43 p.m.12 views

CVE-2026-35223

An improper access check allows unauthorized access to comconfig webservice endpoints...

8.6CVSS5.8AI score0.00348EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 3:4 p.m.12 views

CVE-2026-46620

e107 is a content management system CMS. Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how sessionhandler::check handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates...

6.5CVSS5.8AI score0.00133EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 2:8 p.m.12 views

CVE-2026-41401

libyang before 5.2.6 contains a heap use-after-free write vulnerability in lydparsersetdataflags that incorrectly updates metadata list pointers when freeing non-head default metadata entries. Attackers can trigger this vulnerability by submitting crafted YANG XML documents with specific metadata...

7.1CVSS5.9AI score0.00519EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/26 2:8 p.m.12 views

CVE-2026-40033

FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...

8.8CVSS6.5AI score0.00827EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/26 12:56 p.m.12 views

CVE-2026-48132

The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used 4500/UDP. As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service temporary interruption of VPN...

8.1CVSS5.8AI score0.02139EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 8:39 a.m.12 views

CVE-2026-25713

MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerability...

7.8CVSS6AI score0.00207EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 7:51 a.m.12 views

CVE-2026-39642

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in SpabRice Nyla allows Code Injection. This issue affects Nyla: from n/a through 1.7...

5.3CVSS5.8AI score0.00255EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:15 a.m.12 views

CVE-2026-9533

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument fwUrl/magicid results in os command injection. It is possible to initiate...

6.5CVSS6.5AI score0.01803EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 1:6 a.m.12 views

CVE-2025-71310

The GDPR cookies module for Backdrop CMS before 1.x-1.3.5 doesn't sufficiently protect visitors from Cross Site Scripting XSS if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with...

1.8CVSS5.7AI score0.00264EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/25 10:35 p.m.12 views

CVE-2026-42773

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in eMagicOne eMagicOne Store Manager allows Blind SQL Injection. This issue affects eMagicOne Store Manager: from n/a through 1.3.2...

9.3CVSS5.8AI score0.00372EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/25 10:30 p.m.12 views

CVE-2026-45216

Incorrect Privilege Assignment vulnerability in StoreApps Smart Manager allows Privilege Escalation. This issue affects Smart Manager: from n/a through 8.85.0...

8.8CVSS5.8AI score0.00389EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/25 9:8 p.m.12 views

CVE-2026-24545

Missing Authorization vulnerability in Nikki Blight QR Redirector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QR Redirector: from n/a through 2.0.3...

4.3CVSS5.8AI score0.002EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/25 6:15 p.m.12 views

CVE-2026-9481

A flaw has been found in Edimax EW-7438RPn 1.31. This affects the function formStats of the file /goform/formStats. This manipulation of the argument submit-url causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was...

9CVSS7.8AI score0.00589EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 4:30 p.m.12 views

CVE-2026-9474

A vulnerability was found in yashpokharna2555 StudentManagementSystem up to cb2f558ddf8d19396de0f92abf2d224d46a0a203. Affected by this issue is the function confirmloggedin of the file /studentdel.php. The manipulation of the argument ID results in sql injection. The attack may be launched...

7.5CVSS6.8AI score0.00319EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:58 p.m.12 views

CVE-2026-42782

Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects...

6AI score0.00652EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:45 p.m.12 views

CVE-2026-9467

A vulnerability was identified in debugmcp mcp-debugger up to 0.20.0. Impacted is the function handleGetSourceContext of the file src/server.ts. The manipulation leads to path traversal. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The...

5.3CVSS5.5AI score0.00438EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:15 p.m.12 views

CVE-2026-9465

A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/GetDBDataEx.jsp. Performing a manipulation of the argument strTBName results in sql injection. Remote exploitation of the attack is possible...

7.5CVSS6.8AI score0.00319EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:0 p.m.12 views

CVE-2026-47072

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackneyws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the interna...

6.9CVSS6AI score0.00506EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:0 p.m.12 views

CVE-2026-47076

Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackneyurl:normalize/2 URL-decodes the host component after the URL has been parsed into a hackneyurl record. OTP's uristring:parse/1 and inet:parseaddress/1 do not decode percent-escapes in the host, so ...

6.9CVSS5.8AI score0.00201EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 1:23 p.m.12 views

CVE-2026-9058

Szafir SDK returns a success status code from the cryptographic digital signature verification process i.e. /VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0, "Positively verified" even when the trust status of the signer's certificate could not be established i.e...

9.3CVSS5.9AI score0.00307EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/25 11:45 a.m.12 views

CVE-2026-9455

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument FileName leads to os command injection. Remote exploitation of the...

10CVSS6.9AI score0.01909EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 11:30 a.m.12 views

CVE-2026-9454

A flaw has been found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setOpenVpnCertGenerationCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument servername can lead to os command injection. The...

10CVSS7AI score0.01909EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 10:45 a.m.12 views

CVE-2026-9451

A weakness has been identified in code-projects Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /process/applyleaveprocess.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has...

6.5CVSS6.5AI score0.00246EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 10:18 a.m.12 views

CVE-2026-40127

OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key vulnerability in ApplicationID parameter. Any authenticated user, can read the Change Log containing actions performed by other users as well as application name of any application. This issue was fixed in...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/25 9:19 a.m.12 views

CVE-2026-9274

This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information, including...

5.2CVSS5.8AI score0.00125EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/25 9:15 a.m.12 views

CVE-2026-9445

A flaw has been found in SourceCodester Simple POS and Inventory System 1.0. Impacted is an unknown function of the file /admin/addproduct.php of the component File Extension Handler. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible...

6.5CVSS6.2AI score0.00261EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 8:30 a.m.12 views

CVE-2026-9442

A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. Executing a manipulation of the argument selSSID can lead to buffer overflow. The attack can be launched remotely. Th...

9CVSS7.8AI score0.00589EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 6:30 a.m.12 views

CVE-2026-9434

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setWiFiWpsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument wscDisabled leads to os command injection. The attack may be...

10CVSS7AI score0.01732EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 4:45 a.m.12 views

CVE-2026-9427

A flaw has been found in Edimax EW-7438RPn 1.31. This impacts the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component webs. This manipulation of the argument selSSID/submit-url causes stack-based buffer overflow. The attack is possible to be carried out remotely. The...

9CVSS6.2AI score0.00445EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:23 a.m.12 views

CVE-2026-8652

An OS Command Injection vulnerability exists in Aterm. If a malicious third person gains administrator access to the product’s web console, they may be able to execute arbitrary OS commands via adjacent network...

8.5CVSS6AI score0.00722EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/24 10:15 p.m.12 views

CVE-2026-9401

A vulnerability has been found in Edimax BR-6675nD 1.12. Impacted is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to buffer overflow. The attack can be initiated remotely. The exploit...

9CVSS6.2AI score0.00445EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/24 8:30 p.m.12 views

CVE-2026-9397

A weakness has been identified in Besen BS20 EV Charging Station up to 20260426. Affected by this issue is some unknown functionality of the component OTA Update Installation Handler. This manipulation causes improper authorization. The attack is possible to be carried out remotely. A high degree...

9.2CVSS6.5AI score0.00454EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/24 8:15 p.m.12 views

CVE-2026-9396

A security flaw has been discovered in Besen BS20 EV Charging Station up to 20260426. Affected by this vulnerability is an unknown functionality of the component Firmware Version Check. The manipulation results in improper restriction of rendered ui layers. The attack can be executed remotely. A...

6.3CVSS5.1AI score0.00268EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities5000