Lucene search
K
AttackerkbMost viewed

74784 matches found

ATTACKERKB
ATTACKERKB
•added 2026/04/09 9:28 p.m.•12 views

CVE-2026-33773

An Incorrect Initialization of Resource vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks. When the same family inet or...

6.9CVSS5.9AI score0.00201EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/04/08 9:20 p.m.•12 views

CVE-2026-5864

Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00241EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/08 8:30 a.m.•12 views

CVE-2026-39484

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through 7.0.00...

5.9AI score0.00201EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/04/07 1:49 p.m.•12 views

CVE-2026-21413

A heap-based buffer overflow vulnerability exists in the losslessjpegloadraw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS6.3AI score0.00746EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
•added 2026/04/03 6:15 a.m.•12 views

CVE-2026-5456

A vulnerability was identified in Align Technology My Invisalign App 3.12.4 on Android. The impacted element is an unknown function of the file com/aligntech/myinvisalign/BuildConfig.java of the component com.aligntech.myinvisalign.emea. The manipulation of the argument CDAACCESSTOKEN leads to us...

4.8CVSS5.5AI score0.00105EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/02 7:8 p.m.•12 views

CVE-2026-34832

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.66.1, Scoold contains an authenticated authorization flaw in feedback deletion that allows any logged-in, low-privilege user to delete another user's feedback post by submitting its ID to POST /feedback/id/delete. The...

6.5CVSS5.8AI score0.00303EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/04/02 8:59 a.m.•12 views

CVE-2026-33616

An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.5CVSS6.1AI score0.00339EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/04/02 12:0 a.m.•12 views

CVE-2026-5316

A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setupfree of the file stbvorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor...

5.3CVSS5.5AI score0.00439EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/31 9:28 p.m.•12 views

CVE-2026-34442

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

5.4CVSS5.7AI score0.00219EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/30 7:42 p.m.•12 views

CVE-2026-31799

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before version 2.17.0 for parameters "sectionid" and "userid", the /api/v2?cmd=gethomestats endpoint passe...

4.9CVSS5.9AI score0.004EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/28 12:0 p.m.•12 views

CVE-2017-20228

Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input to the application. Attackers can craft malicious assembly input exceeding 5895 bytes to overwrite the instruction pointer and execute...

8.6CVSS6.6AI score0.00219EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/27 8:10 a.m.•12 views

CVE-2026-24031

Dovecot SQL based authentication can be bypassed when authusernamechars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear authusernamechars. If this is not possible, install latest fixed version. No publicly available exploits...

7.7CVSS5.9AI score0.00395EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/03/26 9:5 p.m.•12 views

CVE-2026-33661

Pay is an open-source payment SDK extension package for various Chinese payment services. Prior to version 3.7.20, the verifywechatsign function in src/Functions.php unconditionally skips all signature verification when the PSR-7 request reports localhost as the host. An attacker can exploit this...

8.6CVSS5.8AI score0.00503EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/26 4:34 p.m.•12 views

CVE-2026-27828

EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118chargerImpl::handlesessionsetup uses v2gctx after it has been freed when ISO15118 initialization fails e.g., no IPv6 link-local address. The EVSE process can be crashed remotely by an attacker with MQTT access who issue...

6.9CVSS5.8AI score0.00286EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/25 5:47 p.m.•12 views

CVE-2026-33713

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulate...

8.7CVSS6AI score0.00423EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/24 8:26 p.m.•12 views

CVE-2025-33254

NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause internal state corruption. A successful exploit of this vulnerability may lead to a denial of service...

7.5CVSS5.8AI score0.00323EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/03/24 7:48 p.m.•12 views

CVE-2026-21783

HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this...

4.3CVSS5.8AI score0.00278EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/24 12:30 p.m.•12 views

CVE-2026-4711

Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

9.8CVSS7.2AI score0.00398EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
•added 2026/03/24 5:40 a.m.•12 views

CVE-2026-4752

Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mate: before V250329...

6.4CVSS5.8AI score0.00118EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/03/20 11:25 p.m.•12 views

CVE-2026-3567

The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 4.1132. The plugin exposes two AJAX handlers that, when combined, allow any authenticated user to modify admin-level plugin settings. First, the...

5.3CVSS5.9AI score0.00236EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
•added 2026/03/20 8:31 a.m.•12 views

CVE-2026-33072

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key defaultpleasechangethiskey is used for all cryptographic operations — HMAC token generation, AES config encryption, and session tokens — allowing any unauthenticated attacker...

8.2CVSS5.9AI score0.00225EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/20 8:8 a.m.•12 views

CVE-2026-23274

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtIDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and always call modtimer on timer-timer. If the label was created first by revision 1 with XTIDLETIMERALARM...

7.8CVSS5.6AI score0.00123EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/20 8:8 a.m.•12 views

CVE-2026-23273

In the Linux kernel, the following vulnerability has been resolved: macvlan: observe an RCU grace period in macvlancommonnewlink error path valis reported that a race condition still happens after my prior patch. macvlancommonnewlink might have made @dev visible before detecting an error, and its...

5.6AI score0.00119EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/20 8:0 a.m.•12 views

CVE-2026-33064

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can cause the UDM service to panic and crash by sending ...

8.7CVSS5.8AI score0.00486EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/20 1:34 a.m.•12 views

CVE-2026-4441

Use after free in Base in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

5.8AI score0.00317EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/19 9:50 p.m.•12 views

CVE-2026-4342

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

8.8CVSS6.3AI score0.01494EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
•added 2026/03/16 5:37 p.m.•12 views

CVE-2026-3644

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

6CVSS5.8AI score0.00419EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/16 4:32 a.m.•12 views

CVE-2026-21000

Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege...

7CVSS5.8AI score0.0013EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/03/15 1:35 p.m.•12 views

CVE-2016-20026

ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attackers to access the manager application. Attackers can authenticate with hardcoded credentials stored in tomcat-users.xml to upload malicious WAR archives containing JSP...

6.1AI score0.0078EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/13 4:53 p.m.•12 views

CVE-2026-1668

The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution. An unauthenticated attacker with netwo...

7.7CVSS6.4AI score0.00969EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
•added 2026/03/12 5:57 p.m.•12 views

CVE-2026-32139

Dataease is an open source data visualization analysis tool. In DataEase 2.10.19 and earlier, the static resource upload interface allows SVG uploads. However, backend validation only checks whether the XML is parseable and whether the root node is svg. It does not sanitize active content such as...

5.3CVSS5.9AI score0.002EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/06 9:28 p.m.•12 views

CVE-2026-27142

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

5.7AI score0.00328EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/04 12:15 p.m.•12 views

CVE-2026-21425

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

6.7CVSS5.9AI score0.00084EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/02 8:39 a.m.•12 views

CVE-2026-20426

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5538...

6.7CVSS5.9AI score0.00077EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/02/26 5:51 p.m.•12 views

CVE-2026-26937

Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...

7.5CVSS5.8AI score0.00272EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/02/25 11:45 p.m.•12 views

CVE-2026-27735

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...

6.4CVSS5.7AI score0.00287EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/02/24 6:40 p.m.•12 views

CVE-2026-26340

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of...

8.7CVSS5.9AI score0.00807EPSS
Exploits3References4
ATTACKERKB
ATTACKERKB
•added 2026/02/24 1:33 p.m.•12 views

CVE-2026-2760

Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability affects Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

10CVSS5.9AI score0.00395EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
•added 2026/02/24 1:32 p.m.•12 views

CVE-2026-2759

Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability affects Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS5.9AI score0.00395EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
•added 2026/02/23 9:32 p.m.•12 views

CVE-2026-3028

A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely...

5.3CVSS3.9AI score0.00308EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/02/19 2:54 a.m.•12 views

CVE-2025-13965

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-12500. Reason: This candidate is a reservation duplicate of CVE-2025-12500. Notes: All CVE users should reference CVE-2025-12500 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

5.6AI score0.00328EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 2026/02/18 6:42 a.m.•12 views

CVE-2026-2019

The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...

7.2CVSS6.2AI score0.00481EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/02/17 8:46 p.m.•12 views

CVE-2026-23597

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well...

6.5CVSS5.5AI score0.00247EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/02/15 1:58 p.m.•12 views

CVE-2019-25376

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted payloads through the ignoreLogACL parameter. Attackers can send POST requests to the proxy endpoint with JavaScript code in the ignoreLogAC...

6.1CVSS5.6AI score0.00363EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/02/13 1:29 p.m.•12 views

CVE-2026-23111

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix inverted genmask check in nftmapcatchallactivate nftmapcatchallactivate has an inverted element activity check compared to its non-catchall counterpart nftmapelemactivate and compared to what is logically...

5.2AI score0.00344EPSS
Exploits7References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/02/11 10:59 p.m.•12 views

CVE-2026-20648

A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to access notifications from other iCloud devices...

5.5CVSS5.4AI score0.00127EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/02/11 6:8 p.m.•12 views

CVE-2026-2319

Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. Chromium security severity: Medium...

7.5CVSS5.6AI score0.00204EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/02/11 6:8 p.m.•12 views

CVE-2026-2316

Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.6AI score0.00225EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/02/10 7:9 a.m.•12 views

CVE-2026-2099

AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

5.4CVSS5.5AI score0.00165EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/02/08 3:2 p.m.•12 views

CVE-2026-2157

A security vulnerability has been detected in D-Link DIR-823X 250416. This affects the function sub4175CC of the file /goform/setstaticroutetable. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection. The attack may be performed from remote. The...

8.6CVSS6.8AI score0.03916EPSS
Exploits1References5Affected Software1
Total number of security vulnerabilities5000