Lucene search
K
AttackerkbMost viewed

74584 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/28 4:31 p.m.11 views

CVE-2026-9098

In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnRequest previously issued by Casdoor. Additionally, if an administrator disables or deletes an IdP...

5.8AI score0.0023EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:27 p.m.11 views

CVE-2026-9096

Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.WarningInfo field. However, ParseSamlResponse never reads this field, meaning that time bounds are...

5.8AI score0.0033EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:13 p.m.11 views

CVE-2026-44462

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining $var@P, allowing arbitrary command execution under an allowlisted command prefix. This vulnerability is fixed in 0.229.0...

6.4CVSS6.1AI score0.00438EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:8 p.m.11 views

CVE-2026-44461

Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable keys are inserted without shell quoting or validation. If an attacker can control an environment variable key for example via project termin...

8.6CVSS6.2AI score0.00257EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:29 p.m.11 views

CVE-2026-47673

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the jwt and jwk middlewares do not verify that the Authorization header value uses theBearer scheme. Any two-part header value — regardless of the scheme name in the first position — proceeds t...

4.8CVSS5.8AI score0.00199EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:29 p.m.11 views

CVE-2026-47674

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the ip-restriction middleware hono/ip-restriction compares incoming IP addresses against configured deny and allow rules using string equality after partial normalization. Non-canonical IPv6...

5.3CVSS5.8AI score0.00244EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 2:45 p.m.11 views

CVE-2026-44594

esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, a Local File Inclusion LFI vulnerability exists in the esbuild plugin's handling of the browser field in package.json. An attacker can publish an npm package that causes the server to read and return...

7.5CVSS6AI score0.00321EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:40 a.m.11 views

CVE-2026-46228

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

5.8AI score0.00117EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:40 a.m.11 views

CVE-2026-46225

In the Linux kernel, the following vulnerability has been resolved: spi: rspi: fix controller deregistration Make sure to deregister the controller before releasing underlying resources like DMA during driver unbind...

5.8AI score0.00119EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:40 a.m.11 views

CVE-2026-46222

In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: Add missing MUSTCONNECT flag to pads The pads missed checks for connected devices which may a null dereference when the stream is enabled. Unable to handle kernel NULL pointer dereference at virtual addres...

5.8AI score0.00105EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:40 a.m.11 views

CVE-2026-46212

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: prevent use-after-free when deleting claims When batadvbladelbackboneclaims removes all claims for a backbone, it does this by dropping the link entry in the hash list. This list entry itself was one of the...

8.8CVSS5.7AI score0.00274EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:40 a.m.11 views

CVE-2026-46209

In the Linux kernel, the following vulnerability has been resolved: drm/gem: Fix inconsistent plane dimension calculation in drmgemfbinitwithfuncs drmgemfbinitwithfuncs computes sub-sampled plane dimensions using plain integer division: unsigned int width = modecmd-width / i ? info-hsub : 1;...

7.8CVSS5.8AI score0.00139EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:40 a.m.11 views

CVE-2026-46197

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: validate SVM ioctl nattr against buffer size Validate nattr field against the buffer size, preventing out-of-bounds buffer access via user-controlled attribute count. cherry picked from commit...

7.8CVSS5.9AI score0.00139EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:36 a.m.11 views

CVE-2026-46185

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in symlinkdata Since smb2checkmessage returns success without length validation for the symlink error response, in symlinkdata it is possible for iov-iovlen to be smaller than sizeofstruct...

9.1CVSS5.8AI score0.00513EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:36 a.m.11 views

CVE-2026-46180

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task Watchdog task might end between sendsig and kthreadstop calls, what results in the use-after-free issue. Fix this by increasing watchdog task referenc...

7.8CVSS5.8AI score0.00135EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:36 a.m.11 views

CVE-2026-46170

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADDADDR rtx: free sk if last When an ADDADDR is retransmitted, the sk is held in skresettimer, and released at the end. If at that moment, it was the last reference being held, the sk would not be freed. sockput should...

5.7AI score0.00127EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:36 a.m.11 views

CVE-2026-46160

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix missing lastunlinktrans update when removing a directory When removing a directory we are not updating its lastunlinktrans field, which can result in incorrect fsync behaviour in case some one fsyncs the directory afte...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:36 a.m.11 views

CVE-2026-46149

In the Linux kernel, the following vulnerability has been resolved: scsi: target: configfs: Bound snprintf return in tgptgpmembersshow targettgptgpmembersshow formats LUN paths with snprintf into a 256-byte stack buffer, then will memcpy curlen bytes from that buffer. snprintf returns the length...

7.1CVSS5.7AI score0.00139EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:35 a.m.11 views

CVE-2026-46140

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: validate WMT event SKB length before struct access btmtkusbhciwmtsync casts the WMT event response SKB data to struct btmtkhciwmtevt 7 bytes and struct btmtkhciwmtevtfuncc 9 bytes without first checking that the...

7.1CVSS5.8AI score0.00131EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 7:43 a.m.11 views

CVE-2026-8689

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.11.14. This is due to a missing capability check on the renderChartPages and uploadData functions, where the wpajaxvisualizer-create-chart an...

4.3CVSS5.9AI score0.00242EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/05/28 6:45 a.m.11 views

CVE-2026-7052

The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fileupload' parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS6AI score0.00292EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 2026/05/28 6:45 a.m.11 views

CVE-2026-7797

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'appendwheresql' parameter in all versions up to, and including, 1.6.11.8 due to insufficient escaping on the user supplied parameter and lac...

7.5CVSS5.8AI score0.00554EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2026/05/28 6:45 a.m.11 views

CVE-2026-9227

The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbeefileandextjson function. This is due to a flawed strpos substring check that only verifies whether the filename contains the string '.json' rath...

8.8CVSS6.4AI score0.00659EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/05/28 6:45 a.m.11 views

CVE-2026-7634

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

7.2CVSS6AI score0.00436EPSS
Exploits0References15
ATTACKERKB
ATTACKERKB
added 2026/05/28 5:0 a.m.11 views

CVE-2026-9673

Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV files, which execute when the files are opened in spreadsheet applications...

7CVSS5.9AI score0.00166EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:27 a.m.11 views

CVE-2026-9796

A flaw was found in Keycloak. An authenticated administrator with the manage-clients role can exploit a Time-of-check to time-of-use TOCTOU vulnerability in the name-based admin role checks. This allows the attacker to escalate their privileges to realm-admin for all users within the realm,...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:44 a.m.11 views

CVE-2026-9792

A flaw was found in Keycloak's Client Policies, specifically within the org.keycloak.protocol.oidc component. When certain condition providers client-type, client-roles, client-attributes, client-scopes are used to enforce security restrictions, the reject-ropc-grant executor is silently bypassed...

6.5CVSS5.8AI score0.00267EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:44 a.m.11 views

CVE-2026-9793

A flaw was found in Keycloak. When a JSON Web Encryption JWE encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leadin...

5.9CVSS5.8AI score0.0012EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:27 a.m.11 views

CVE-2026-9241

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the getvalue function in classes/fixed/fixeduserrole.php trusting the attacker-controlled...

4.3CVSS5.7AI score0.00213EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/28 12:0 a.m.11 views

CVE-2026-38704

A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target...

5.8AI score0.01269EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:56 p.m.11 views

CVE-2026-46416

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO creates one shared UFOWebSocketHandler instance and reuses it for multiple authenticated WebSocket connections. The handler stores per-connection protocol objects in...

6.3CVSS5.8AI score0.00276EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:54 p.m.11 views

CVE-2026-46402

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO uses the user-controlled taskname value directly when constructing session log paths. An authenticated client can supply path traversal sequences in taskname and cause...

8.1CVSS5.8AI score0.00674EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:38 p.m.11 views

CVE-2026-9739

Vulnerable to DNS rebinding attacks when using SSE http://b/499408790. During the beta phase, we implemented allowed-origins and allowed-hosts flags to align with MCP security guidelines. However, the hardcoded Access-Control-Allow-Origin: header in the SSE initialization handler was inadvertentl...

9.4CVSS5.8AI score0.00279EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:0 p.m.11 views

CVE-2026-45083

The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and forwarded it to th...

9.8CVSS5.9AI score0.0041EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:56 p.m.11 views

CVE-2026-44247

Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially...

6.8CVSS5.8AI score0.00173EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:15 p.m.11 views

CVE-2026-21785

A misconfigured Content Security Policy CSP in HCL BigFix Remote Control Server WebUI versions 10.1.0.0442 and earlier fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources...

4CVSS5.8AI score0.00148EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:10 p.m.11 views

CVE-2026-47270

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb is a PAM module loaded into the host process sudo, login, GDM, GNOME Shell. Display managers such as GDM run multiple concurrent authentication threads. Three functions used by the denyremote...

6.3CVSS5.9AI score0.00108EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:3 p.m.11 views

CVE-2026-47273

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb builds XPath expressions from user-supplied identifiers PAM username, service name and device-supplied identifiers USB device serial, model, vendor to query /etc/pamusb.conf. These identifiers...

6.5CVSS5.9AI score0.00273EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:35 p.m.11 views

CVE-2026-45134

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...

7.1CVSS5.8AI score0.00199EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:26 p.m.11 views

CVE-2026-44724

systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...

7.8CVSS5.8AI score0.0062EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:16 p.m.11 views

CVE-2026-44886

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devices.php route accepts requests from unauthenticated users when the action URL parameter is set to...

8.7CVSS5.9AI score0.00248EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 6:37 p.m.11 views

CVE-2026-42877

FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales Core/Lib/AjaxForms/SalesModalHTML.php and purchases documents Core/Lib/AjaxForms/PurchasesModalHTML.php. An...

5.4CVSS5.9AI score0.00165EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 6:29 p.m.11 views

CVE-2026-42879

FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...

6.3CVSS5.8AI score0.00229EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 6:28 p.m.11 views

CVE-2026-42878

FacturaScripts is an open source accounting and invoicing software. Prior to v2026, an unauthenticated information disclosure vulnerability in the Installer controller allows any remote attacker to trigger phpinfo on a fresh FacturaScripts deployment by requesting /?phpinfo=TRUE, exposing full PH...

5.3CVSS5.9AI score0.0024EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 6:21 p.m.11 views

CVE-2026-44635

Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, DefaultQueryCompiler.visitJSONPathLeg does not escape JSON-path metacharacters ., , , , , ?. When attacker-controlled input flows into eb.refcol, '-$'.keyinput or .atinput — including type-safe code where the JSON column ...

7.5CVSS5.9AI score0.00362EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:55 p.m.11 views

CVE-2026-4868

GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authenticated user to cause specific Duo AI workflows to run under another user's identity due to imprope...

8.2CVSS5.8AI score0.00341EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:34 p.m.11 views

CVE-2026-45087

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options...

10CVSS6AI score0.01051EPSS
Exploits2References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:24 p.m.11 views

CVE-2026-44345

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/internal/container/frontend/dockerfile/templates/basev2.j2 interpolates docker.baseimage raw with no escaping, newline filtering, or validation. A malicious...

8.8CVSS5.9AI score0.00317EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:14 p.m.11 views

CVE-2026-48147

Budibase is an open-source low-code platform. Prior to 3.35.4, the buildMatcherRegex / matches functions in packages/backend-core/src/middleware/matchers.ts route patterns are compiled into unanchored regular expressions and tested against ctx.request.url, which includes the full query string. Th...

6.5CVSS5.8AI score0.00115EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:0 p.m.11 views

CVE-2026-48146

Budibase is an open-source low-code platform. Prior to 3.39.0, the OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts uses raw fetchconfig.url with no SSRF protection. The safe wrapper fetchWithBlacklist exists in the same codebase and is used in every other outbound...

7.7CVSS5.8AI score0.00217EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000