Lucene search
K
AttackerkbMost viewed

74584 matches found

ATTACKERKB
ATTACKERKB
•added 2026/05/13 8:44 a.m.•11 views

CVE-2026-25710

The new upstream added a privileged D-Bus helper called plasmaloginauthhelper, which suffers from multiple issues, e.g.aA compromised plasmalogin service account can chown arbitrary files in the system...

7CVSS5.8AI score0.00134EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/05/13 8:37 a.m.•11 views

CVE-2026-41051

csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories...

5.1CVSS5.8AI score0.00075EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/05/13 12:5 a.m.•11 views

CVE-2026-8199

An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure and may lead to availability loss by OOM. This issue impacts MongoDB Server v7.0 versions prior to...

7.1CVSS5.8AI score0.00258EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/13 12:0 a.m.•11 views

CVE-2024-51394

Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the APMSP::loop, APMSP, APMSP.cpp components...

5.8AI score0.00102EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/05/12 9:56 p.m.•11 views

CVE-2026-42854

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a Variable Length Array VLA on the stack whose size is derived from an attacker-controlled HTTP head...

9.8CVSS6.2AI score0.00571EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/12 9:51 p.m.•11 views

CVE-2026-42545

Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap on both the header name and header value constructors, so malform...

5.9CVSS5.8AI score0.00222EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/12 7:50 p.m.•11 views

CVE-2026-34658

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may...

4.8CVSS5.8AI score0.00274EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/05/12 7:50 p.m.•11 views

CVE-2026-34685

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier NEEDS REVIEW: impact mismatch — ticket says 'Arbitrary file system write', CIA triad derives 'Security Feature Bypass'. Verify CVSS vector before publishing. are affected by an Improper Input...

3.4CVSS5.8AI score0.00373EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/05/12 7:6 p.m.•11 views

CVE-2026-44861

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

7.2CVSS6.2AI score0.00315EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/12 6:58 p.m.•11 views

CVE-2026-44854

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a...

7.2CVSS6.5AI score0.01014EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/12 4:59 p.m.•11 views

CVE-2026-42833

Improper control of generation of code 'code injection' in Microsoft Dynamics 365 on-premises allows an authorized attacker to execute code over a network...

9.1CVSS6.2AI score0.00748EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/12 4:59 p.m.•11 views

CVE-2026-41086

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network...

8.8CVSS5.8AI score0.00427EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/12 4:59 p.m.•11 views

CVE-2026-41097

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

6.7CVSS5.8AI score0.01421EPSS
Exploits0References2Affected Software13
ATTACKERKB
ATTACKERKB
•added 2026/05/12 4:59 p.m.•11 views

CVE-2026-40369

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally...

7.8CVSS5.9AI score0.04725EPSS
Exploits4References2Affected Software5
ATTACKERKB
ATTACKERKB
•added 2026/05/12 4:59 p.m.•11 views

CVE-2026-40362

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

7.8CVSS6AI score0.00321EPSS
Exploits0References2Affected Software8
ATTACKERKB
ATTACKERKB
•added 2026/05/12 4:59 p.m.•11 views

CVE-2026-40358

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...

8.4CVSS6AI score0.00369EPSS
Exploits0References2Affected Software7
ATTACKERKB
ATTACKERKB
•added 2026/05/12 4:59 p.m.•11 views

CVE-2026-40357

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

8.8CVSS6AI score0.01698EPSS
Exploits0References2Affected Software3
ATTACKERKB
ATTACKERKB
•added 2026/05/12 4:59 p.m.•11 views

CVE-2026-32175

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the...

4.3CVSS5.9AI score0.00711EPSS
Exploits0References2Affected Software6
ATTACKERKB
ATTACKERKB
•added 2026/05/12 4:58 p.m.•11 views

CVE-2026-40414

Windows TCP/IP Denial of Service Vulnerability...

7.4CVSS5.8AI score0.00528EPSS
Exploits0References2Affected Software20
ATTACKERKB
ATTACKERKB
•added 2026/05/12 4:58 p.m.•11 views

CVE-2026-40368

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

8CVSS6AI score0.01977EPSS
Exploits0References2Affected Software3
ATTACKERKB
ATTACKERKB
•added 2026/05/12 4:58 p.m.•11 views

CVE-2026-40366

Access of resource using incompatible type 'type confusion' in Microsoft Office Word allows an unauthorized attacker to execute code locally...

8.4CVSS6AI score0.00383EPSS
Exploits0References2Affected Software7
ATTACKERKB
ATTACKERKB
•added 2026/05/12 4:56 p.m.•11 views

CVE-2026-43891

changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application...

7.5CVSS5.8AI score0.00354EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/12 2:33 p.m.•11 views

CVE-2026-8111

SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution...

8.8CVSS6.2AI score0.00883EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/05/12 8:50 a.m.•11 views

CVE-2026-8161

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as proto, constructor, or toString, the parser invokes .push on the inherited...

7.5CVSS5.8AI score0.00473EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
•added 2026/05/12 8:20 a.m.•11 views

CVE-2025-40948

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

6.8CVSS5.9AI score0.00286EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/05/12 7:48 a.m.•11 views

CVE-2026-6932

The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due to missing nonce verification on the settings update handler in edit-weight.php. This makes it possible for unauthenticated attackers to modify t...

4.3CVSS5.7AI score0.00132EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
•added 2026/05/12 7:48 a.m.•11 views

CVE-2026-7626

The Slek Gateway for WooCommerce plugin for WordPress is vulnerable to Information Exposure in version 1.0. This is due to the wsbhandleslekpaymentredirect function placing the merchant's slekkey and sleksecret API credentials directly into a client-side HTML form, and additionally embedding the...

5.3CVSS5.8AI score0.00251EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
•added 2026/05/12 5:44 a.m.•11 views

CVE-2026-0802

An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker...

6CVSS5.8AI score0.00396EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/12 2:21 a.m.•11 views

CVE-2026-40136

SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromised resulting in a low impact on availability. There is no impact on confidentiality and integrity ...

4.3CVSS5.8AI score0.0029EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/05/12 12:0 a.m.•11 views

CVE-2026-31243

The mem0 1.0.0 server lacks authentication and authorization controls for its memory reset and table re-creation functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE request that triggers a reset operation, leading to the execution of a CREATE...

6AI score0.00374EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/05/11 11:30 p.m.•11 views

CVE-2026-8349

A flaw has been found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGAP Message Handler. Executing a manipulation can lead to memory corruption. The attack can be launched remotely. The exploit has been published and may be used. This patch is called...

5.3CVSS5.3AI score0.00309EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/11 8:8 p.m.•11 views

CVE-2026-28917

The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash...

4.3CVSS5.8AI score0.00296EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
•added 2026/05/11 8:8 p.m.•11 views

CVE-2026-28971

The issue was addressed with improved UI handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. A malicious iframe may use another website’s download settings...

4.3CVSS5.8AI score0.00296EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/05/11 5:36 p.m.•11 views

CVE-2026-42859

Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 RSA-AES or security type 129 RSA-AES-25...

9.3CVSS6AI score0.0055EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/11 5:14 p.m.•11 views

CVE-2026-43639

Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via POST /providers/providerId/clients/existing, resulting in takeover of the target organization; self-hosted installations ar...

8.9CVSS5.9AI score0.00596EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
•added 2026/05/11 5:13 p.m.•11 views

CVE-2026-43638

Bitwarden Server prior to v2026.4.1 contains a missing authorization vulnerability that allows any authenticated user to write ciphers into an arbitrary organization via POST /ciphers/import-organization by submitting an empty collections array, which causes the server-side permission check to be...

5.4CVSS5.9AI score0.00188EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
•added 2026/05/11 4:53 p.m.•11 views

CVE-2026-34095

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/ActionEntryPoint.Php, includes/Request/FauxResponse.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

5.8AI score0.00199EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/05/11 4:46 p.m.•11 views

CVE-2026-45004

OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd during provider setup metadata resolution. Attackers can execute arbitrary JavaScript under the current user account by placing a malicious...

8.4CVSS6.4AI score0.00144EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/05/11 4:46 p.m.•11 views

CVE-2026-45003

OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace access can redirect runtime traffic to malicious endpoints by setting endpoint variables in dotenv files...

5CVSS5.8AI score0.00105EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/05/11 4:46 p.m.•11 views

CVE-2026-44996

OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence agent or tool-produced ReplyPayload.mediaUrl parameters to resolve absolute local paths or file URLs...

6.3CVSS5.9AI score0.00305EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/05/11 4:35 p.m.•11 views

CVE-2026-42315

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the setpackagedata API function call inside the data object with key "folder", there is no sanitization at all, allowing a user with Perms.MODIFY to specify arbitrary...

8.1CVSS5.9AI score0.00395EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/11 2:35 p.m.•11 views

CVE-2026-7817

Local file inclusion LFI and server-side request forgery SSRF vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied apikeyfile and apiurl preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by...

7.1CVSS6AI score0.00217EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/11 1:0 p.m.•11 views

CVE-2026-8290

A security flaw has been discovered in Open5GS up to 2.7.7. This issue affects the function smfnsmfhandleupdatedatainvsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipulation results in denial of service. The attack can be executed remotely. The exploit has been released to...

5.3CVSS5.5AI score0.00372EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
•added 2026/05/11 5:0 a.m.•11 views

CVE-2026-8275

A vulnerability was detected in bettercap up to 2.41.5. Affected by this vulnerability is the function ippReadChunkedBody of the file modules/zerogod/zerogodippprimitives.go of the component zerogod IPP Service. Performing a manipulation results in integer coercion error. The attack can be...

6.3CVSS5.2AI score0.00523EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
•added 2026/05/11 2:45 a.m.•11 views

CVE-2026-8266

A vulnerability was detected in Open5GS up to 2.7.7. This affects the function gsmbuildpdusessionestablishmentaccept of the file /src/smf/gsm-build.c of the component SMF. The manipulation results in denial of service. The attack can be launched remotely. The exploit is now public and may be used...

5.3CVSS5.5AI score0.00461EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
•added 2026/05/11 2:30 a.m.•11 views

CVE-2026-8265

A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function getlogfile of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit...

5.8CVSS5.6AI score0.04412EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/11 2:0 a.m.•11 views

CVE-2026-8263

A security flaw has been discovered in Tenda AC6 15.03.06.49multiTDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack...

5.8CVSS5.6AI score0.04554EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/11 12:15 a.m.•11 views

CVE-2026-8256

A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. This vulnerability affects unknown code of the file /accounts/mr-save. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. T...

4.8CVSS4.1AI score0.00202EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/11 12:0 a.m.•11 views

CVE-2026-38568

HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/ and /interview/ endpoints. The route handlers retrieve records by the user-supplied ID without verifying that the requesting user is the owner or has an authoriz...

5.8AI score0.00231EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
•added 2026/05/10 11:45 p.m.•11 views

CVE-2026-8254

A security flaw has been discovered in Devs Palace ERP Online up to 4.0.0. Affected by this issue is some unknown functionality of the file /inventory/salessave. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the...

4.8CVSS4.2AI score0.00253EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities5000