Lucene search
K
AttackerkbMost viewed

74584 matches found

ATTACKERKB
ATTACKERKB
•added 2026/05/20 4:18 p.m.•11 views

CVE-2026-9101

Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...

5.3CVSS5.8AI score0.00411EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/20 4:6 p.m.•11 views

CVE-2026-20206

A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the BrowserBot synthetics orchestration process. Cisco has addressed this vulnerability in the Cisco...

6.3CVSS6.1AI score0.00416EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/05/20 4:6 p.m.•11 views

CVE-2026-20223

A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST...

10CVSS5.8AI score0.00835EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/20 2:53 p.m.•11 views

CVE-2026-8598

An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials...

9.1CVSS5.8AI score0.00507EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/05/20 2:30 p.m.•11 views

CVE-2025-32750

Dell PowerFlex Manager, versions =4.6.2, contains an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/05/20 1:9 p.m.•11 views

CVE-2026-45584

Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network...

8.1CVSS6.1AI score0.00852EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/20 11:28 a.m.•11 views

CVE-2025-31985

HCL BigFix Service Management SM is affected by a security misconfiguration due to a missing or insecure ā€œX-Content-Type-Optionsā€ header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly...

3.7CVSS5.8AI score0.00157EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/20 9:20 a.m.•11 views

CVE-2026-42923

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS records does not take into account the limit on NSEC3 hash calculations introduced in 1.19.1. This leads to degradation of service during the...

6.9CVSS5.7AI score0.00339EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/05/20 9:18 a.m.•11 views

CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

10CVSS6.5AI score0.01272EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/20 4:27 a.m.•11 views

CVE-2026-7522

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

8.8CVSS6.4AI score0.00755EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/05/20 2:58 a.m.•11 views

CVE-2025-33255

NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure...

7.5CVSS5.8AI score0.00566EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/05/20 1:25 a.m.•11 views

CVE-2026-6394

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the importdemo function accepting a user-supplied URL in the demojsonfile POST parameter and...

5.4CVSS5.9AI score0.00316EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
•added 2026/05/20 12:0 a.m.•11 views

CVE-2026-44923

SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges...

6.5CVSS5.9AI score0.00309EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/05/19 11:54 p.m.•11 views

CVE-2026-39309

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission...

5.5CVSS6.1AI score0.00176EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/19 11:30 p.m.•11 views

CVE-2026-45585

Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be...

6.8CVSS6AI score0.01249EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
•added 2026/05/19 10:28 p.m.•11 views

CVE-2026-34600

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients to download notes that are no longer shared with them, related to but not fully fixed by the prior...

5.7CVSS5.8AI score0.00267EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/19 10:6 p.m.•11 views

CVE-2026-34579

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...

5.3CVSS5.7AI score0.00363EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/19 9:3 p.m.•11 views

CVE-2024-36343

Improper input validation in the System Management Mode SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to a limited section of the Top of Memory Segment TSEG memory region, potentially resulting in loss of confidentiality or integrity...

4.6CVSS5.9AI score0.00186EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/05/19 6:4 p.m.•11 views

CVE-2026-33642

Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handlecomposecommand function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wrapping, potentially leading to Heap Buffer...

9.9CVSS5.8AI score0.00286EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/19 3:53 p.m.•11 views

CVE-2026-47358

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates v...

9.2CVSS5.8AI score0.00479EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/05/19 2:34 p.m.•11 views

CVE-2026-6354

Voluntarily withdrawn...

5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 2026/05/19 1:19 p.m.•11 views

CVE-2025-40901

A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious identity containing HTML tags. When a victim attempts to delete the affected...

5.9CVSS5.8AI score0.00194EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/05/19 1:17 p.m.•11 views

CVE-2025-40900

An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to...

5.1CVSS5.8AI score0.00201EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/05/19 12:30 p.m.•11 views

CVE-2026-8974

Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11,...

8.8CVSS6AI score0.00332EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
•added 2026/05/19 12:30 p.m.•11 views

CVE-2026-8970

Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

7.3CVSS5.8AI score0.00307EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
•added 2026/05/19 12:30 p.m.•11 views

CVE-2026-8968

Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

7.5CVSS5.8AI score0.00413EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
•added 2026/05/19 12:29 p.m.•11 views

CVE-2026-8954

Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

7.5CVSS5.9AI score0.00425EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
•added 2026/05/19 9:25 a.m.•11 views

CVE-2026-46725

The extension passes an attacker-controlled cookie directly to PHP's unserialize without safely processing the input. A remote, unauthenticated attacker can supply a crafted serialized payload to trigger PHP Object Injection, leading to Remote Code Execution on the TYPO3 server. Exploitation...

9.2CVSS5.8AI score0.02306EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/19 9:18 a.m.•11 views

CVE-2026-29207

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in the updated version, "Data Resource" records with...

5.7AI score0.00541EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/05/19 6:34 a.m.•11 views

CVE-2026-47317

Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3...

5.5CVSS5.8AI score0.00266EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/05/19 6:27 a.m.•11 views

CVE-2026-8922

A flaw was found in Keycloak. When both realm-level and client-level notBefore revocation policies are configured, Keycloak's OpenID Connect OIDC Introspection feature fails to properly honor the realm-level policy. This allows tokens that should have been revoked to remain active, potentially...

5.4CVSS5.8AI score0.00281EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
•added 2026/05/19 6:0 a.m.•11 views

CVE-2025-15609

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc...

5.8AI score0.00404EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 2026/05/19 5:0 a.m.•11 views

CVE-2026-8814

Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data Data Amplification due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containi...

6.9CVSS5.8AI score0.00464EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/05/19 3:8 a.m.•11 views

CVE-2026-28733

in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution...

6.5CVSS6.1AI score0.00131EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/19 3:8 a.m.•11 views

CVE-2026-25781

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered...

8.4CVSS5.8AI score0.00132EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/19 12:35 a.m.•11 views

CVE-2026-33232

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of Service DoS through the server due to uncontrolled disk space consumption. The downloadagentfile...

7.5CVSS5.8AI score0.00396EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/19 12:0 a.m.•11 views

CVE-2026-36827

A command injection vulnerability exists in Panabit PAP-XM320 up to and including V7.7. The web management interface invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters to it. The helper performs unsafe argument processing using eval, which allows command injection...

5.4CVSS6AI score0.00743EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/05/18 10:28 p.m.•11 views

CVE-2026-30950

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the sessionid of another user's session,...

7.1CVSS5.9AI score0.00384EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/18 9:11 p.m.•11 views

CVE-2026-27737

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback presentation format was not sanitizing user's input in public chat. This allowed for a malicious actor to craft and carry out a targeted XSS attack, activated on anyone replaying the recording...

6.5CVSS5.7AI score0.00257EPSS
Exploits0References6Affected Software3
ATTACKERKB
ATTACKERKB
•added 2026/05/18 8:49 p.m.•11 views

CVE-2026-26978

FreePBX is an open source IP PBX. In versions below 16.0.71 and 17.0.6, the backup module does not properly sanitize data during restore operations, potentially leading to compromise if the backup contains carefully crafted hostile data. During backup restore operations, FreePBX extracts selected...

8.6CVSS5.8AI score0.00896EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/18 8:26 p.m.•11 views

CVE-2026-4137

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

7CVSS7.6AI score0.00215EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
•added 2026/05/18 8:23 p.m.•11 views

CVE-2026-22810

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the names of embedded...

8.2CVSS5.9AI score0.00206EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/18 7:46 p.m.•11 views

CVE-2026-47092

Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment variable. Attackers can set COMSPEC to an arbitrary binary path before claude-hud performs its version...

7.8CVSS6.5AI score0.0051EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/05/18 3:59 p.m.•11 views

CVE-2026-45829

A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

10CVSS6.1AI score0.12387EPSS
Exploits2References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/18 11:30 a.m.•11 views

CVE-2026-8803

A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee Login. This manipulation causes use of weak hash. Remote exploitation of the attack is possible. The attack is considered to...

6.3CVSS5.3AI score0.00182EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/18 6:0 a.m.•11 views

CVE-2026-3220

The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing ...

8.8CVSS5.9AI score0.0032EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 2026/05/18 6:0 a.m.•11 views

CVE-2026-6379

The WP Photo Album Plus WordPress plugin before 9.1.11.001 does not properly sanitize and escape a parameter before using it in a SQL query, allowing unauthenticated users to perform SQL injection attacks...

8.6CVSS5.9AI score0.00472EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
•added 2026/05/18 2:45 a.m.•11 views

CVE-2026-8785

A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file updateinfo.php of the component GET Parameter Handler. Executing a manipulation of the argument appointmentno can lead to sql injection. The...

7.5CVSS5.5AI score0.00254EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/18 2:30 a.m.•11 views

CVE-2026-8784

A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function changefilestatus of the file cramfsck.c. Performing a manipulation results in symlink following. The attack requires a local approach. The exploit is now public and may be used. The patch is named...

4.6CVSS5.4AI score0.00157EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/17 12:11 p.m.•11 views

CVE-2018-25326

Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the filename parameter. Attackers can send POST requests to gdrive-ajaxs.php with the ajaxstype parameter set to...

8.7CVSS5.9AI score0.00641EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities5000