Lucene search
K
AttackerkbMost viewed

74760 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/02 12:15 a.m.11 views

CVE-2026-10529

A weakness has been identified in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is an unknown function of the file src/main/java/com/zhiliao/module/web/system/ScheduleJobController.java of the component Task Scheduling Management Module. Executing a manipulation can...

4.8CVSS4.1AI score0.0021EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/02 12:0 a.m.11 views

CVE-2026-10528

A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the component DCMTK Parser. Performing a manipulation results in stack-based buffer overflow. Attacking...

4.8CVSS5.8AI score0.00124EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 12:0 a.m.11 views

CVE-2026-30652

A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device...

6.4AI score0.00523EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/01 11:30 p.m.11 views

CVE-2026-10302

A flaw has been found in itsourcecode Fees Management System 1.0. The impacted element is an unknown function of the file /managefee.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

6.5CVSS5.7AI score0.002EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 11:28 p.m.11 views

CVE-2026-9048

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...

4.3CVSS5.8AI score0.00163EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 11:28 p.m.11 views

CVE-2026-9050

The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00153EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:24 p.m.11 views

CVE-2026-28511

eLabFTW is an open source electronic lab notebook. Prior to version 5.4.2, in certain cases, an authenticated user performing a numeric reference/search can return results that include resources the requesting user is not authorized to view. The exposed information is limited only the title...

4.3CVSS5.8AI score0.00186EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.11 views

CVE-2026-24092

Memory Corruption when processing fastboot commands to set display mode...

7.2CVSS5.8AI score0.00097EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.11 views

CVE-2026-24091

Memory corruption while processing fastboot commands with improperly formatted input...

7.2CVSS5.8AI score0.00097EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.11 views

CVE-2026-24089

Memory corruption while processing fastboot commands with invalid input...

7.2CVSS5.8AI score0.00097EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.11 views

CVE-2025-59612

Memory corruption in windows drivers while sending incorrect trusted application request...

6.7CVSS5.8AI score0.00078EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.11 views

CVE-2025-59609

Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length...

5.5CVSS5.8AI score0.00091EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:49 p.m.11 views

CVE-2026-24755

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permissions on resources belonging to other users due to insufficient authorization checks on resource...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:43 p.m.11 views

CVE-2026-24752

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

8.2CVSS5.9AI score0.00283EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.11 views

CVE-2026-28577

In addWindow of WindowManagerService.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00067EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.11 views

CVE-2026-0077

In resumeConfigurationDispatch of ActivityRecord.java, there is a possible background application launch bal due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00082EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.11 views

CVE-2026-0060

In updateState of GraphicsDriverEnableAngleAsSystemDriverController.java, there is a possible persistent dos issue due to an unusual root cause. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.00071EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.11 views

CVE-2026-0040

In multiple functions of ubsanthrowingruntime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

6.5CVSS6AI score0.00253EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.11 views

CVE-2026-0041

In multiple functions of ubsanthrowingruntime.cpp, there is a possible UBSan failure due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

6.5CVSS6AI score0.00253EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:59 p.m.11 views

CVE-2026-49433

The DeepAI endpoint 'https://api.deepai.org/changeuseremail' accepts POST requests without any CSRF protection. If an attacker can trick a logged-in user into clicking a malicious link, the attacker can change the user's email address and take over their account. Fixed on 2026-05-20...

5CVSS5.8AI score0.00107EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:41 p.m.11 views

CVE-2026-49138

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the webfetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL that redirects to a loopback or private address via a 3xx Location header. Attackers can exploit the...

5.3CVSS5.8AI score0.00287EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:30 p.m.11 views

CVE-2026-10286

A vulnerability was found in CodeAstro Payroll System 1.0. This affects an unknown part of the file /homeemployee.php. The manipulation of the argument empid results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

6.5CVSS5.6AI score0.00204EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:26 p.m.11 views

CVE-2026-5419

A flaw was found in gnutls. The PKCS7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of...

3.7CVSS5.8AI score0.00379EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:15 p.m.11 views

CVE-2026-10285

A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack i...

5.5CVSS5.4AI score0.0023EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:9 p.m.11 views

CVE-2026-49136

Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generateimage function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplete...

8.7CVSS5.9AI score0.00417EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:1 p.m.11 views

CVE-2021-46747

Insufficient granularity of access control in ASP AMD Secure Processor may allow an attacker with an untrusted user space application to map sensitive SMN System Management Network apertures leading to a potential escalation of privileges...

7.1CVSS5.8AI score0.00097EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/01 6:4 p.m.11 views

CVE-2026-43623

microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the rawtoheader function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a crafted TAR archive with non-null-terminated name or linkname fields. The function uses strcpy to copy...

8.8CVSS6AI score0.00318EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/01 6:1 p.m.11 views

CVE-2026-9330

IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain...

8.5CVSS6.5AI score0.00487EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 5:59 p.m.11 views

CVE-2026-9319

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security...

9CVSS6.5AI score0.00458EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 5:49 p.m.11 views

CVE-2026-40989

Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud...

5.7CVSS5.8AI score0.00211EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 5:9 p.m.11 views

CVE-2026-45691

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie created after successful password authentication but before TOTP completion could be reused as a Bearer token to authenticat...

5.9CVSS5.7AI score0.0029EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 5:0 p.m.11 views

CVE-2026-45543

Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the affected form. The scope is limited to uploaded files for forms where that user previously had resul...

5.3CVSS5.7AI score0.00269EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:1 p.m.11 views

CVE-2026-8643

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

8CVSS5.8AI score0.0032EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 2:45 p.m.11 views

CVE-2026-10267

A security flaw has been discovered in janet-lang janet up to 1.41.0. This affects the function doframe of the file src/core/debug.c. Performing a manipulation results in out-of-bounds read. Attacking locally is a requirement. The exploit has been released to the public and may be used for attack...

4.8CVSS5.4AI score0.00121EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 2:0 p.m.11 views

CVE-2026-10263

A vulnerability was found in SourceCodester Computer Repair Shop Management System up to 1.0. Affected is an unknown function of the file /admin/products/manageproduct.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 1:15 p.m.11 views

CVE-2026-48559

Lightweight Music Server LMS though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metadata tags such as GENRE, ARTIST, or ALBUM. Attackers can introduce a crafted media file into the...

5.4CVSS5.9AI score0.00171EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/06/01 1:0 p.m.11 views

CVE-2026-10259

A security vulnerability has been detected in H3C Magic B0 up to 100R002. The affected element is the function SetMobileAPInfoById of the file /goform/aspForm. Such manipulation of the argument param leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has be...

9CVSS7.7AI score0.00484EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 12:45 p.m.11 views

CVE-2026-10258

A weakness has been identified in itsourcecode Content Management System 1.0. Impacted is an unknown function of the file /admin/addsubtopic.php. This manipulation of the argument topicid causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available ...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:3 a.m.11 views

CVE-2026-40545

SOPlanning is vulnerable to Reflected XSS via the taches parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue affects SOPlanning version 1.55 and below...

8.8CVSS6AI score0.00404EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:0 a.m.11 views

CVE-2026-10243

A security vulnerability has been detected in code-projects Smart Parking System 1.0. Affected is an unknown function of the component Admin Endpoint. Such manipulation leads to missing authentication. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may b...

7.5CVSS6.7AI score0.00629EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 8:30 a.m.11 views

CVE-2026-10241

A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side request forgery. T...

6.5CVSS6.2AI score0.0027EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 8:15 a.m.11 views

CVE-2026-10240

A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly...

6.5CVSS6.3AI score0.0027EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:55 a.m.11 views

CVE-2026-40961

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...

5.8AI score0.00649EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:21 a.m.11 views

CVE-2026-46605

Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authenticated connections to remove existing destinations with proper permissions. This issue affects Apache ActiveMQ Broker: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ All: before 5.19.7, fr...

5.8AI score0.00335EPSS
Exploits0References2Affected Software3
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:12 a.m.11 views

CVE-2026-35563

It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification allows a valid...

8.8CVSS5.8AI score0.00182EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 6:30 a.m.11 views

CVE-2026-10232

A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been made...

5.3CVSS5.6AI score0.00115EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/01 4:0 a.m.11 views

CVE-2026-10222

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function sanitizeenvlines of the file hermescli/config.py. The manipulation results in injection. It is possible to launch the attack remotely. The attack requires a high level of...

6.3CVSS5.5AI score0.00266EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:33 a.m.11 views

CVE-2026-48189

An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X 8.0.X 2023.X...

5.7CVSS5.8AI score0.00198EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:32 a.m.11 views

CVE-2026-48208

An improper neutralization of active SVG content in OTRS or OTRS Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via email content, leading to browser-side resource exhaustion and denial of service when affected tickets are opened by an agent o...

6.5CVSS5.9AI score0.00333EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:15 a.m.11 views

CVE-2026-10219

A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component writefile Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. T...

7.5CVSS6.7AI score0.01336EPSS
Exploits0References7Affected Software1
Total number of security vulnerabilities5000