Lucene search
K
AttackerkbMost viewed

74794 matches found

ATTACKERKB
ATTACKERKB
•added 2026/04/28 10:24 a.m.•12 views

CVE-2026-3323

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes...

7.5CVSS5.3AI score0.00405EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/27 11:15 a.m.•12 views

CVE-2026-7118

A security vulnerability has been detected in code-projects Employee Management System 1.0. The affected element is an unknown function of the file 370project/cancel.php. The manipulation of the argument id/token leads to sql injection. The attack is possible to be carried out remotely. The explo...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/27 6:37 a.m.•12 views

CVE-2026-22077

OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure...

5.6CVSS5.2AI score0.00078EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/04/26 1:19 p.m.•12 views

CVE-2018-25285

Fathom 2.4 contains a buffer overflow vulnerability in the Authorization Code field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 6000-byte payload into the Authorization Code field and click Activate to trigger a denial of...

6.8CVSS5.7AI score0.0013EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/24 7:26 p.m.•12 views

CVE-2026-41433

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to before 0.8.0, a flaw in the Java agent injection path allows a local attacker controlling a Java workload to overwrite arbitrary host files when Java injection is enabled and OBI is...

8.4CVSS5.5AI score0.00194EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/23 2:54 p.m.•12 views

CVE-2026-34003

A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash,...

7.8CVSS5.7AI score0.0025EPSS
Exploits0References38
ATTACKERKB
ATTACKERKB
•added 2026/04/23 2:53 p.m.•12 views

CVE-2026-33999

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...

7.8CVSS5.9AI score0.0038EPSS
Exploits0References38
ATTACKERKB
ATTACKERKB
•added 2026/04/23 12:0 a.m.•12 views

CVE-2026-31174

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the informEnable parameter to /cgi-bin/cstecgi.cgi...

6.5CVSS6.1AI score0.00279EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
•added 2026/04/22 2:57 p.m.•12 views

CVE-2018-25270

ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system...

9.8CVSS6.8AI score0.0089EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/21 8:35 p.m.•12 views

CVE-2026-35243

Vulnerability in the Oracle Application Development Framework ADF product of Oracle Fusion Middleware component: ADF Faces. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where...

7.8CVSS5.7AI score0.00111EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/21 8:35 p.m.•12 views

CVE-2026-22014

Vulnerability in the Oracle User Management product of Oracle E-Business Suite component: Workflow and Business Events. Supported versions that are affected are 12.2.7-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User...

3.8CVSS5.7AI score0.00193EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/17 8:56 p.m.•12 views

CVE-2026-40302

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the proxyUi template engine uses Go's text/template which performs no HTML escaping instead of html/template. The GitHub OAuth callback handlers in both publicProxy and dynamicProxy embed the...

6.1CVSS5.8AI score0.00209EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/17 8:25 p.m.•12 views

CVE-2026-23500

Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAINODTASPDF configuration constant directly into a shell command passed to exec without...

9.4CVSS6.5AI score0.00922EPSS
Exploits3References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/17 1:24 a.m.•12 views

CVE-2026-5231

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utmsource' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input sanitization and output escaping. The plugin's referral parser copies the raw utmsource value into the...

7.2CVSS5.9AI score0.00476EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
•added 2026/04/16 12:8 a.m.•12 views

CVE-2026-40502

OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can...

8.8CVSS6AI score0.01687EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
•added 2026/04/13 5:15 p.m.•12 views

CVE-2026-6100

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

9.1CVSS5.8AI score0.00579EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
•added 2026/04/10 7:52 p.m.•12 views

CVE-2026-39921

GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability that allows authenticated users with document upload permissions to trigger arbitrary outbound HTTP requests by providing a malicious URL via the docurl parameter during document upload...

6.3CVSS5.9AI score0.00222EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/09 9:28 p.m.•12 views

CVE-2026-33773

An Incorrect Initialization of Resource vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks. When the same family inet or...

6.9CVSS5.9AI score0.00201EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/04/08 9:20 p.m.•12 views

CVE-2026-5864

Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00241EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/08 8:30 a.m.•12 views

CVE-2026-39484

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through 7.0.00...

5.9AI score0.00201EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/04/07 1:49 p.m.•12 views

CVE-2026-21413

A heap-based buffer overflow vulnerability exists in the losslessjpegloadraw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS6.3AI score0.00746EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
•added 2026/04/03 9:18 p.m.•12 views

CVE-2026-34980

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server...

6.1CVSS6AI score0.00502EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/03 6:15 a.m.•12 views

CVE-2026-5456

A vulnerability was identified in Align Technology My Invisalign App 3.12.4 on Android. The impacted element is an unknown function of the file com/aligntech/myinvisalign/BuildConfig.java of the component com.aligntech.myinvisalign.emea. The manipulation of the argument CDAACCESSTOKEN leads to us...

4.8CVSS5.5AI score0.00105EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/02 7:8 p.m.•12 views

CVE-2026-34832

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.66.1, Scoold contains an authenticated authorization flaw in feedback deletion that allows any logged-in, low-privilege user to delete another user's feedback post by submitting its ID to POST /feedback/id/delete. The...

6.5CVSS5.8AI score0.00303EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/02 8:59 a.m.•12 views

CVE-2026-33616

An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.5CVSS6.1AI score0.00339EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/04/02 12:0 a.m.•12 views

CVE-2026-5316

A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setupfree of the file stbvorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor...

5.3CVSS5.5AI score0.00439EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/31 9:28 p.m.•12 views

CVE-2026-34442

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

5.4CVSS5.7AI score0.00219EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/30 7:42 p.m.•12 views

CVE-2026-31799

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before version 2.17.0 for parameters "sectionid" and "userid", the /api/v2?cmd=gethomestats endpoint passe...

4.9CVSS5.9AI score0.004EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/28 12:0 p.m.•12 views

CVE-2017-20228

Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input to the application. Attackers can craft malicious assembly input exceeding 5895 bytes to overwrite the instruction pointer and execute...

8.6CVSS6.6AI score0.00219EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/27 8:10 a.m.•12 views

CVE-2026-24031

Dovecot SQL based authentication can be bypassed when authusernamechars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear authusernamechars. If this is not possible, install latest fixed version. No publicly available exploits...

7.7CVSS5.9AI score0.00395EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/03/26 9:5 p.m.•12 views

CVE-2026-33661

Pay is an open-source payment SDK extension package for various Chinese payment services. Prior to version 3.7.20, the verifywechatsign function in src/Functions.php unconditionally skips all signature verification when the PSR-7 request reports localhost as the host. An attacker can exploit this...

8.6CVSS5.8AI score0.00503EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/26 4:34 p.m.•12 views

CVE-2026-27828

EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118chargerImpl::handlesessionsetup uses v2gctx after it has been freed when ISO15118 initialization fails e.g., no IPv6 link-local address. The EVSE process can be crashed remotely by an attacker with MQTT access who issue...

6.9CVSS5.8AI score0.00286EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/25 5:47 p.m.•12 views

CVE-2026-33713

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulate...

8.7CVSS6AI score0.00423EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/24 8:26 p.m.•12 views

CVE-2025-33254

NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause internal state corruption. A successful exploit of this vulnerability may lead to a denial of service...

7.5CVSS5.8AI score0.00323EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/03/24 7:48 p.m.•12 views

CVE-2026-21783

HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this...

4.3CVSS5.8AI score0.00278EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/24 12:30 p.m.•12 views

CVE-2026-4711

Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

9.8CVSS7.2AI score0.00398EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
•added 2026/03/24 5:40 a.m.•12 views

CVE-2026-4752

Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mate: before V250329...

6.4CVSS5.8AI score0.00118EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/03/23 4:26 a.m.•12 views

CVE-2025-10736

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to unauthorized access of data due to improper authorization checks on the userAccessibility function in all versions up to, and including, 2.2.10. This...

6.5CVSS5.8AI score0.00171EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/03/20 11:25 p.m.•12 views

CVE-2026-3567

The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 4.1132. The plugin exposes two AJAX handlers that, when combined, allow any authenticated user to modify admin-level plugin settings. First, the...

5.3CVSS5.9AI score0.00236EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
•added 2026/03/20 8:8 a.m.•12 views

CVE-2026-23274

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtIDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and always call modtimer on timer-timer. If the label was created first by revision 1 with XTIDLETIMERALARM...

7.8CVSS5.6AI score0.00123EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/20 8:8 a.m.•12 views

CVE-2026-23273

In the Linux kernel, the following vulnerability has been resolved: macvlan: observe an RCU grace period in macvlancommonnewlink error path valis reported that a race condition still happens after my prior patch. macvlancommonnewlink might have made @dev visible before detecting an error, and its...

5.6AI score0.00119EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/20 8:0 a.m.•12 views

CVE-2026-33064

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can cause the UDM service to panic and crash by sending ...

8.7CVSS5.8AI score0.00486EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/20 7:11 a.m.•12 views

CVE-2026-33056

tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball...

5.1CVSS5.9AI score0.00379EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/20 1:34 a.m.•12 views

CVE-2026-4441

Use after free in Base in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

5.8AI score0.00317EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/19 9:50 p.m.•12 views

CVE-2026-4342

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

8.8CVSS6.3AI score0.01494EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
•added 2026/03/16 5:37 p.m.•12 views

CVE-2026-3644

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

6CVSS5.8AI score0.00419EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/16 4:32 a.m.•12 views

CVE-2026-21000

Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege...

7CVSS5.8AI score0.0013EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/03/13 4:53 p.m.•12 views

CVE-2026-1668

The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution. An unauthenticated attacker with netwo...

7.7CVSS6.4AI score0.00969EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
•added 2026/03/12 5:57 p.m.•12 views

CVE-2026-32139

Dataease is an open source data visualization analysis tool. In DataEase 2.10.19 and earlier, the static resource upload interface allows SVG uploads. However, backend validation only checks whether the XML is parseable and whether the root node is svg. It does not sanitize active content such as...

5.3CVSS5.9AI score0.002EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/06 9:28 p.m.•12 views

CVE-2026-27142

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

5.7AI score0.00328EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities5000