Lucene search
K
AttackerkbMost viewed

74667 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/25 9:30 a.m.11 views

CVE-2026-9446

A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/editcustomer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed t...

5.8CVSS5.7AI score0.00258EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 7:45 a.m.11 views

CVE-2026-9439

A vulnerability was determined in Edimax BR-6675nD 1.12. Affected is the function stainfo of the file /goform/stainfo. This manipulation of the argument interface causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized...

6.5CVSS6.4AI score0.01158EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 7:38 a.m.11 views

CVE-2026-45249

A cross-site scripting XSS vulnerability exists in Apache ECharts in the Lines series tooltip rendering logic. This issue affects Apache ECharts: from before 6.1.0. In versions prior to 6.1.0, if both Lines series and tooltip are used, and no user-specified tooltip.formatter is provided, and...

5.8AI score0.00759EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/25 7:10 a.m.11 views

CVE-2026-4915

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to filter nil elements from outgoing webhook attachment payloads before processing, which allows an authenticated user to cause a denial of service server process termination via a crafted webhook...

6.5CVSS5.8AI score0.00277EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 6:0 a.m.11 views

CVE-2026-9432

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setWiFiAdvancedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument bgProtection results in os command injection. The...

10CVSS7AI score0.01732EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 5:45 a.m.11 views

CVE-2026-41863

Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories. Affected versions: Spring AI: 1.1.0...

6.5CVSS5.8AI score0.00398EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 5:45 a.m.11 views

CVE-2026-9431

A vulnerability was identified in Tenda F1202 1.2.0.20408. This affects the function fromPptpUserAdd of the file /goform/PptpUserAdd. The manipulation of the argument opttype leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be...

9CVSS8AI score0.00438EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 5:0 a.m.11 views

CVE-2026-9428

A vulnerability has been found in Tenda F1202 1.2.0.20408. Affected is the function fromPPTPUserSetting of the file /goform/PPTPUserSetting. Such manipulation of the argument delno leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the...

9CVSS7.7AI score0.00579EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 4:30 a.m.11 views

CVE-2026-9426

A vulnerability was detected in Edimax EW-7438RPn 1.31. This affects the function formHwSet of the file /goform/formHwSet. The manipulation of the argument Anntena/Mcs/regDomain/nic0Addr/nic1Addr/wlanAddr/wanAddr/wlanSSID/wlanChan/initgain/txcck/txofdm/submit-url results in stack-based buffer...

9CVSS6.3AI score0.00445EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 3:45 a.m.11 views

CVE-2026-9423

A security flaw has been discovered in Edimax BR-6675nD 1.12. Impacted is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. The exploit has been releas...

5.8CVSS5.6AI score0.02077EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 1:50 a.m.11 views

CVE-2026-9489

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation LPE vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with ...

8.5CVSS6.3AI score0.0012EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 12:0 a.m.11 views

CVE-2026-9408

A vulnerability was detected in Totolink A8000RU 7.1cu.643b20200521. Affected by this issue is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enable results in os command injection. The attack may be...

10CVSS7AI score0.01732EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/24 11:45 p.m.11 views

CVE-2026-9407

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643b20200521. Affected by this vulnerability is the function setFirewallType of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument firewallType leads to os command injection...

10CVSS6.9AI score0.01732EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/24 9:0 p.m.11 views

CVE-2026-9399

A vulnerability was detected in Edimax BR-6675nD 1.12. This vulnerability affects the function formsetPPPoE of the file /goform/formsetPPPoE of the component POST Request Handler. Performing a manipulation of the argument pppUserName results in buffer overflow. It is possible to initiate the atta...

9CVSS7.8AI score0.00445EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/24 12:30 p.m.11 views

CVE-2026-9381

A vulnerability was detected in Edimax BR-6675nD 1.12. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. Performing a manipulation of the argument pppUserName results in buffer overflow. The attack may be...

9CVSS7.8AI score0.00445EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/24 8:30 a.m.11 views

CVE-2026-9367

A vulnerability was determined in NousResearch hermes-agent up to 5157f5427f19488b31c6fdebbacd15d798ce7f63. This affects the function detectdangerouscommand of the file tools/approval.py of the component terminaltool. This manipulation causes os command injection. It is possible to initiate the...

7.5CVSS6.8AI score0.01657EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/24 3:32 a.m.11 views

CVE-2026-3515

A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...

8.5CVSS7.9AI score0.00298EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/24 2:30 a.m.11 views

CVE-2026-9349

A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the function getServerSideProps of the file apps/web/modules/bookings/views/bookings-single-view.getServerSideProps.tsx of the component Generic React API. This manipulation of the argument...

6.9CVSS5.7AI score0.0041EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/24 1:30 a.m.11 views

CVE-2026-9347

A vulnerability has been found in Edimax EW-7438RPn up to 1.31. Affected is the function formWizSurvey of the file /goform/formWizSurvey of the component webs. The manipulation of the argument ip/mask/gateway leads to os command injection. It is possible to initiate the attack remotely. The explo...

6.5CVSS6.2AI score0.01519EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/24 12:30 a.m.11 views

CVE-2026-9346

A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function formWirelessTbl of the file /goform/formWirelessTbl of the component webs. Executing a manipulation of the argument submit-url can lead to buffer overflow. The attack may be performed from remote. The exploit has bee...

9CVSS7.5AI score0.00445EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/23 11:0 a.m.11 views

CVE-2026-9299

A flaw has been found in omec-project amf up to 2.1.1. Affected by this issue is the function PDUSessionResourceModifyIndication of the file /go/src/amf/ngap/handler.go. This manipulation causes memory corruption. Remote exploitation of the attack is possible. The exploit has been published and m...

6.5CVSS6.1AI score0.00228EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/23 10:30 a.m.11 views

CVE-2026-9298

A vulnerability was detected in omec-project amf up to 2.1.1. Affected by this vulnerability is an unknown functionality of the component PathSwitchRequest Handler. The manipulation results in memory corruption. The attack may be launched remotely. The exploit is now public and may be used. It is...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/23 4:27 a.m.11 views

CVE-2026-6419

The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check in the ajaxgetscreen function. This makes it possible for authenticated attackers, with...

8.8CVSS5.9AI score0.00258EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/22 9:12 p.m.11 views

CVE-2026-41074

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery CSRF vulnerability. An attacker who can induce a logged-in RT user to visit a malicious web page can trigger arbitrary state-changing actions in RT on that...

7.1CVSS5.9AI score0.00117EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/22 8:13 p.m.11 views

CVE-2026-40864

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

5.4CVSS5.8AI score0.00159EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/22 5:21 p.m.11 views

CVE-2026-39964

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer packages/embeds/js renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. A bot author can set a link URL to javascript:PAYLOAD, which executes in the visitor's browser...

5.4CVSS5.8AI score0.00241EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/22 3:1 p.m.11 views

CVE-2026-25681

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00178EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/22 10:25 a.m.11 views

CVE-2026-4646

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to crash the plugin process via a crafted HTTP request to the PR details endpoint.. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.0025EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/22 10:23 a.m.11 views

CVE-2026-3636

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to sanitize team member data when returned via API to users without elevated permissions which allows a user without permissions to get data about team members roles via invoking various team API...

4.3CVSS5.8AI score0.00184EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/22 7:50 a.m.11 views

CVE-2026-7798

The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.9.87 via the 'SubscribeURL' parameter. This makes it possible for...

5.4CVSS5.8AI score0.00645EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/05/22 4:29 a.m.11 views

CVE-2026-3481

The WP Blockade plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode' parameter in all versions up to and including 0.9.14. This is due to insufficient input sanitization and output escaping in the rendershortcodepreview function. The function receives user inpu...

6.1CVSS6AI score0.00249EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/22 2:31 a.m.11 views

CVE-2026-42508

Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked...

5.8AI score0.00487EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/22 12:43 a.m.11 views

CVE-2026-34910

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection...

10CVSS5.8AI score0.78555EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:22 p.m.11 views

CVE-2026-8435

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file approveVersion. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

2.3CVSS5.8AI score0.00115EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:18 p.m.11 views

CVE-2026-7886

Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...

2.3CVSS5.7AI score0.00288EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/21 8:55 p.m.11 views

CVE-2026-6826

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated file usage disclosure via missing permission check in the usage controller. Any unauthenticated visitor can request /ccm/system/dialogs/file/usage/fID with any file ID and receive a list of every page that references that file,...

6.9CVSS5.8AI score0.0025EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/21 5:11 p.m.11 views

CVE-2026-48249

Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobilelogin.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests issued during the mobile RouteMate login flow. An attacker positioned on the...

8.2CVSS5.9AI score0.00173EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/21 5:10 p.m.11 views

CVE-2026-48226

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in oswatch.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ref and modeorig POST parameters directly into HTML form hidden input value...

5.4CVSS5.8AI score0.00169EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/21 1:2 p.m.11 views

CVE-2025-71216

A time-of-check time-of-use vulnerability in the Trend Micro Apex One mac agent cache mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...

7.8CVSS7.3AI score0.00323EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/21 11:32 a.m.11 views

CVE-2026-5118

The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's configured...

9.8CVSS5.8AI score0.00487EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:4 a.m.11 views

CVE-2026-45251

A file descriptor can be closed while a thread is blocked in a poll2 or select2 call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed while the thread remains blocked. In this situation, t...

7.8CVSS5.7AI score0.0017EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/21 8:14 a.m.11 views

CVE-2026-44057

A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, which may allow a remote authenticated attacker to obtain limited information via crafted Spotlight RPC requests...

3.1CVSS5.9AI score0.00186EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/21 7:34 a.m.11 views

CVE-2026-44068

Incomplete sanitization of extended attribute EA path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names...

7.6CVSS5.8AI score0.00322EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/21 7:34 a.m.11 views

CVE-2026-44062

A missing output length bounds check in pullcharsetflags in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character set data...

7.5CVSS6.2AI score0.00357EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/21 12:38 a.m.11 views

CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

10CVSS5.8AI score0.18914EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/20 7:38 p.m.11 views

CVE-2026-9133

Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme arn:aws-debug:file accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the...

8.3CVSS6AI score0.00344EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/20 7:27 p.m.11 views

CVE-2026-39352

Frappe is a full-stack web application framework. Versions prior to 15.105.0 and 16.15.0 contain a possible Arbitrary File Read vulnerability via Path Traversal. The issue is resolved in versions 16.15.0, 15.105.0 and above...

8.7CVSS5.8AI score0.01279EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/20 7:12 p.m.11 views

CVE-2026-9115

Insufficient policy enforcement in Service Worker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.8AI score0.00224EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/20 6:20 p.m.11 views

CVE-2026-9082

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0...

6.5CVSS5.8AI score0.84631EPSS
Exploits14References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/20 5:47 p.m.11 views

CVE-2026-24217

NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...

8.8CVSS5.8AI score0.00764EPSS
Exploits0References4
Total number of security vulnerabilities5000