Lucene search
K
AttackerkbMost viewed

74584 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/26 5:14 p.m.11 views

CVE-2026-24192

NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause an incorrect conversion between numeric types, leading to a heap buffer overflow. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, da...

7.8CVSS6.2AI score0.00206EPSS
Exploits0References4Affected Software3
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:11 p.m.11 views

CVE-2026-8835

IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service...

7.3CVSS5.8AI score0.00252EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:5 p.m.11 views

CVE-2026-7451

A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...

7.8CVSS6.2AI score0.00166EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:3 p.m.11 views

CVE-2026-44730

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL o...

7.2CVSS5.8AI score0.00316EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:54 p.m.11 views

CVE-2026-8850

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module modibmupload...

7.5CVSS5.8AI score0.0038EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:46 p.m.11 views

CVE-2026-35221

Improperly built filter clauses lead to a SQL injection vulnerability in the search query for comfinder...

6.9CVSS5.9AI score0.0031EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:42 p.m.11 views

CVE-2026-30894

Lack of output escaping leads to a XSS vector in the content history component...

6.9CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:31 p.m.11 views

CVE-2026-43981

Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, in engine/luahandler.go, the sync.RWMutex protecting LoadCommonFunctions is released before L.Push and L.PCall execute. Since gopher-lua's LState is explicitly not goroutine-safe, concurrent requests race on the shared state...

8.2CVSS5.8AI score0.00182EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:13 p.m.11 views

CVE-2026-44502

Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink’s webhook URL validation could be partially bypassed because of a mismatch in URL parsing. The original validation logic parsed webhook URLs with Python’s urllib.parse.urlparse, then sent the request with requests.post. For...

4.3CVSS5.8AI score0.00286EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:2 p.m.11 views

CVE-2026-44314

Traccar is an open source GPS tracking system. Prior to 6.13.0, DeviceResource.uploadImage authorizes the target device only through Condition.PermissionUser.class, getUserId, Device.class and then immediately streams the uploaded body into mediaManager.createFileStream.... Unlike the generic...

5.3CVSS5.8AI score0.00185EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 3:4 p.m.11 views

CVE-2026-46620

e107 is a content management system CMS. Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how sessionhandler::check handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates...

6.5CVSS5.8AI score0.00133EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 2:52 p.m.11 views

CVE-2026-25112

A high-severity vulnerability in the deployment of Genetec RabbitMQ that allows a privilege escalation attack...

7.8CVSS5.8AI score0.00145EPSS
Exploits1References3Affected Software7
ATTACKERKB
ATTACKERKB
added 2026/05/26 2:34 p.m.11 views

CVE-2026-43919

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-43918. Reason: This candidate is a duplicate of CVE-2026-43918. Notes: All CVE users should reference CVE-2026-43918 instead of this candidate...

5.8AI score0.00235EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 2:8 p.m.11 views

CVE-2026-42425

OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated administrative users to execute arbitrary SQL statements against the application database via the DatabaseQuery interface. Attackers can submit malicious SQL queries through the qs parameter to the...

8.6CVSS6.2AI score0.00641EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/26 2:0 p.m.11 views

CVE-2026-9552

A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Value results in sql injection. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS6.8AI score0.00318EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 12:56 p.m.11 views

CVE-2026-48131

The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service temporary disruption of VPN-related functionality...

8.1CVSS5.8AI score0.02658EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 11:4 a.m.11 views

CVE-2026-8174

Zohocorp Zoho Mail wordpress plugin is vulnerable to Cross-Site request forgery CSRF. This issue affects Zoho Mail wordpress plugin versions before 1.6.2...

5.7CVSS5.8AI score0.00371EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 6:49 a.m.11 views

CVE-2026-8047

The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device...

8.7CVSS5.9AI score0.00445EPSS
Exploits0References2Affected Software15
ATTACKERKB
ATTACKERKB
added 2026/05/26 6:45 a.m.11 views

CVE-2026-8046

The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges...

8.1CVSS5.8AI score0.00348EPSS
Exploits0References2Affected Software16
ATTACKERKB
ATTACKERKB
added 2026/05/26 12:17 a.m.11 views

CVE-2026-42496

Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular...

5.8AI score0.0043EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/26 12:0 a.m.11 views

CVE-2026-48685

FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgpprotocol.hpp, the parserawbgpattribute function correctly identifies when extendedlengthbit is set and sets lengthoflengthfield...

5.8AI score0.00295EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/26 12:0 a.m.11 views

CVE-2026-48695

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The log function in src/mikrotikplugin/fastnetmonmikrotik.php lines 107-108 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

5.9AI score0.0107EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/26 12:0 a.m.11 views

CVE-2026-48683

FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read vulnerability in the NetFlow v9 data flowset processor. In src/netflowplugin/netflowv9collector.cpp, the Data template branch lines 1695-1702 iterates over flow records without performing a per-iteration bounds check agains...

5.9AI score0.00331EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/26 12:0 a.m.11 views

CVE-2026-48686

FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI Network Layer Reachability Information decoder. The function decodebgpsubnetencodingipv4raw in src/bgpprotocol.cpp reads prefixbitlength directly from the BGP packet line 99 without validating it is ...

6.4AI score0.00565EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/26 12:0 a.m.11 views

CVE-2026-48690

FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packetstorage.hpp, the allocatebuffer function computes memorysizeinbytes as 'buffersizeinpackets maxcapturedpacketsize + sizeoffastnetmonpcappkthdrt +...

6AI score0.00116EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/26 12:0 a.m.11 views

CVE-2026-48693

FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...

5.9AI score0.00127EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/26 12:0 a.m.11 views

CVE-2026-48697

FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The executewebrequestsecure function in src/fastlibrary.cpp creates a boost::asio::ssl::context with tlsclient mode and calls setdefaultverifypaths to load CA certificates, but never calls...

5.8AI score0.00164EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/25 11:53 p.m.11 views

CVE-2026-8376

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perlstudychunk in regcompstudy.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a lar...

6AI score0.00398EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/25 9:5 p.m.11 views

CVE-2026-24597

Cross-Site Request Forgery CSRF vulnerability in WpDevArt Organization chart allows Cross Site Request Forgery. This issue affects Organization chart: from n/a through 1.7.5...

4.3CVSS5.8AI score0.00122EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/25 7:30 p.m.11 views

CVE-2026-48849

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored value could lead to stored XSS/HTML/CSS injection on shared mailboxes...

4.4CVSS5.8AI score0.00239EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 7:23 p.m.11 views

CVE-2026-48847

Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass...

3.7CVSS5.9AI score0.00433EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 6:0 p.m.11 views

CVE-2026-9480

A vulnerability was detected in Edimax EW-7438RPn 1.31. The impacted element is the function formrefresh of the file /goform/formrefresh. The manipulation of the argument submit-url results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and...

9CVSS7.9AI score0.00647EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 3:15 p.m.11 views

CVE-2026-9469

A weakness has been identified in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. The impacted element is an unknown function of the file /success.php. This manipulation of the argument User causes sql injection. It is possible to initiate the attack remotely. T...

7.5CVSS5.7AI score0.00319EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:15 p.m.11 views

CVE-2018-25379

Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive informati...

8.8CVSS5.9AI score0.0039EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:15 p.m.11 views

CVE-2018-25378

Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the notebook name field. Attackers can create a malicious text file containing 500 or more characters, paste the content into the New Noteboo...

6.9CVSS5.8AI score0.00136EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:15 p.m.11 views

CVE-2018-25373

SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer overflow vulnerability in the registration name field that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious text file with carefully constructe...

8.6CVSS6.5AI score0.00182EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:15 p.m.11 views

CVE-2018-25371

mooSocial Store Plugin 2.6 contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries through the product parameter in URL rewrite functionality. Attackers can inject SQL code using boolean-based blind, time-based blind, or stacked query...

8.8CVSS5.9AI score0.00348EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:15 p.m.11 views

CVE-2018-25362

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:15 p.m.11 views

CVE-2018-25361

Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption key. Attackers can inject malicious database records into the application's database files to unloc...

7CVSS5.8AI score0.00122EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:0 p.m.11 views

CVE-2026-47067

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The URL parser in src/hackneyurl.erl converts every unrecognized URL scheme to a permanent BEAM atom via binarytoatom/2. BEAM atoms are never garbage-collected and the atom table defaults to a...

8.7CVSS5.8AI score0.00703EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 12:30 p.m.11 views

CVE-2026-9458

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument enabled leads to os command injection. The attack may be performed fr...

10CVSS7.1AI score0.02094EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 10:30 a.m.11 views

CVE-2026-9450

A security flaw has been discovered in code-projects Employee Management System 1.0. Affected is an unknown function of the file /psubmit.php. The manipulation of the argument pid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public a...

6.5CVSS6.5AI score0.00246EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 10:15 a.m.11 views

CVE-2026-9449

A vulnerability was identified in code-projects Employee Management System 1.0. This impacts an unknown function of the file /changepassemp.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

6.5CVSS6.4AI score0.00246EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 9:34 a.m.11 views

CVE-2026-45361

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...

5.8AI score0.0059EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/25 9:30 a.m.11 views

CVE-2026-9446

A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/editcustomer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed t...

5.8CVSS5.7AI score0.00258EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 7:45 a.m.11 views

CVE-2026-9439

A vulnerability was determined in Edimax BR-6675nD 1.12. Affected is the function stainfo of the file /goform/stainfo. This manipulation of the argument interface causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized...

6.5CVSS6.4AI score0.01158EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 7:38 a.m.11 views

CVE-2026-45249

A cross-site scripting XSS vulnerability exists in Apache ECharts in the Lines series tooltip rendering logic. This issue affects Apache ECharts: from before 6.1.0. In versions prior to 6.1.0, if both Lines series and tooltip are used, and no user-specified tooltip.formatter is provided, and...

5.8AI score0.00759EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/25 7:10 a.m.11 views

CVE-2026-4915

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to filter nil elements from outgoing webhook attachment payloads before processing, which allows an authenticated user to cause a denial of service server process termination via a crafted webhook...

6.5CVSS5.8AI score0.00277EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 6:0 a.m.11 views

CVE-2026-9432

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setWiFiAdvancedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument bgProtection results in os command injection. The...

10CVSS7AI score0.01732EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 5:45 a.m.11 views

CVE-2026-41863

Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories. Affected versions: Spring AI: 1.1.0...

6.5CVSS5.8AI score0.00398EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000