Lucene search
K
AttackerkbMost viewed

74584 matches found

ATTACKERKB
ATTACKERKB
•added 2026/05/10 11:30 p.m.•11 views

CVE-2026-8253

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchasesave. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available a...

4.8CVSS4.2AI score0.00202EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/10 12:43 p.m.•11 views

CVE-2021-47941

WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpsap cookie parameter. Attackers can craft SQL payloads in the cookie to extract sensitive database...

8.8CVSS6.1AI score0.00282EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/10 9:0 a.m.•11 views

CVE-2026-8243

A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This affects an unknown function of the component JNLP Deployment Endpoint. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be performed from remote. The vendor was...

6.9CVSS5.8AI score0.00292EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/09 10:30 p.m.•11 views

CVE-2026-8212

A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be...

5.3CVSS6AI score0.00205EPSS
Exploits1References8Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/09 3:15 p.m.•11 views

CVE-2026-8188

A vulnerability has been found in Wavlink NU516U1 M16U1V240425. Affected is the function changewifipassword of the file /cgi-bin/adm.cgi. The manipulation of the argument wlchannel/wlPass/EncrypType leads to os command injection. It is possible to initiate the attack remotely. The exploit has bee...

6.5CVSS5.5AI score0.05454EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
•added 2026/05/09 3:48 a.m.•11 views

CVE-2026-42295

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Gi...

8.5CVSS5.7AI score0.00357EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/09 2:41 a.m.•11 views

CVE-2026-8207

Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.phpL145 feature. Successful exploitation requires Teacher or high...

7CVSS5.9AI score0.00226EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/05/08 10:58 p.m.•11 views

CVE-2026-42354

Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a critical vulnerability was discovered in the SAML SSO implementation of Sentry. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity...

9.1CVSS5.7AI score0.00623EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/08 10:11 p.m.•11 views

CVE-2026-42345

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith check against a hardcoded list. This check can be bypassed using at least 7 different...

7.7CVSS5.8AI score0.00213EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/08 9:18 p.m.•11 views

CVE-2026-42202

nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint POST/nova-vendor/nova-toggle/toggle/resource/resourceId was protected only by web + auth: middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes...

6.5CVSS5.9AI score0.00201EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/08 8:22 p.m.•11 views

CVE-2026-44400

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

8.7CVSS5.8AI score0.0035EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/05/08 3:5 p.m.•11 views

CVE-2026-41584

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity a "zero"...

9.2CVSS5.7AI score0.00268EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/08 2:22 p.m.•11 views

CVE-2026-43439

In the Linux kernel, the following vulnerability has been resolved: cgroup: fix race between task migration and iteration When a task is migrated out of a cssset, cgroupmigrateaddtask first moves it from cset-tasks to cset-mgtasks via: listmovetail&task-;cglist, &cset-;mgtasks; If a csstaskiter...

4.7CVSS5.6AI score0.00089EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/08 2:22 p.m.•11 views

CVE-2026-43427

In the Linux kernel, the following vulnerability has been resolved: usb: class: cdc-wdm: fix reordering issue in read code path Quoting the bug report: Due to compiler optimization or CPU out-of-order execution, the desc-length update can be reordered before the memmove. If this happens, wdmread...

5.8AI score0.00132EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/08 2:21 p.m.•11 views

CVE-2026-43424

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ftcm: Fix NULL pointer dereferences in nexus handling The tpg-tpgnexus pointer in the USB Target driver is dynamically managed and tied to userspace configuration via ConfigFS. It can be NULL if the USB host sends...

5.7AI score0.00123EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/08 1:32 p.m.•11 views

CVE-2026-44336

PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a pat...

9.4CVSS6.3AI score0.00619EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/08 1:26 p.m.•11 views

CVE-2026-43320

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dsc eDP issue why Need to add function hook check before use...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/08 11:55 a.m.•11 views

CVE-2026-8076

Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the platform allows the use of numeric PINs for user authentication. The system supports the use of PIN-based credentials, maintaining compatibility with POS software integrations deployed since 2012. This coul...

9.3CVSS5.8AI score0.00324EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/08 11:45 a.m.•11 views

CVE-2026-8153

OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS...

9.8CVSS6AI score0.01829EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/05/08 3:42 a.m.•11 views

CVE-2026-42273

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs host matching in a case-sensitive manner, while HTTP hostnames are case-insensitive. This discrepancy can result in heimdall failing to match a rule for a request host...

7.8CVSS5.7AI score0.00301EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/07 9:31 p.m.•11 views

CVE-2026-44365

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-34429. Reason: This candidate is a duplicate of CVE-2026-34429. Notes: All CVE users should reference CVE-2026-34429 instead of this candidate...

5.4CVSS5.8AI score0.00281EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 2026/05/07 1:48 p.m.•11 views

CVE-2026-41687

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php line 42 and endpoints/payments/add.php line 40 uses an inline IP validation check FILTERFLAGNOPRIVRANGE | FILTERFLAGNORESRANGE that does not block...

4.3CVSS5.7AI score0.00204EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/07 12:45 p.m.•11 views

CVE-2026-8091

Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2...

5.8AI score0.00439EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
•added 2026/05/07 12:0 p.m.•11 views

CVE-2026-42010

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

9.8CVSS5.8AI score0.0105EPSS
Exploits0References22
ATTACKERKB
ATTACKERKB
•added 2026/05/07 10:22 a.m.•11 views

CVE-2026-33587

Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code and subsequently OS commands on the docker container via Server-Side Template Injection SSTI for user-created transformations...

9.2CVSS6AI score0.0023EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/05/07 8:38 a.m.•11 views

CVE-2026-27416

Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through 2.4.1...

5.3CVSS5.8AI score0.00182EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/05/07 4:27 a.m.•11 views

CVE-2026-6692

The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the 'getmediaurl' and 'checkfilepath' function. This is due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and...

8.8CVSS6.4AI score0.00815EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/07 2:59 a.m.•11 views

CVE-2026-41660

Admidio is an open-source user management solution. Prior to version 5.0.9, a logic error in Admidio's two-factor authentication reset inverts the authorization check. Non-admin users cannot remove their own TOTP configuration, but they can remove other users' TOTP, including administrators. A...

7.1CVSS5.7AI score0.00297EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/06 7:49 p.m.•11 views

CVE-2026-44113

OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in the OpenShell filesystem bridge that allows attackers to read files outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and access...

6CVSS5.8AI score0.00208EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/05/06 6:57 p.m.•11 views

CVE-2026-0300

A buffer overflow vulnerability in the User-IDâ„¢ Authentication Portal aka Captive Portal service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. T...

9.3CVSS6.6AI score0.32074EPSS
Exploits6References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/06 6:13 p.m.•11 views

CVE-2026-8001

Use After Free in Printing in Google Chrome on Linux, Mac, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

8.3CVSS5.8AI score0.00178EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/06 6:13 p.m.•11 views

CVE-2026-7998

Insufficient validation of untrusted input in Dialog in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.4CVSS5.8AI score0.0019EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/06 6:13 p.m.•11 views

CVE-2026-7984

Use after free in ReadingMode in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.2AI score0.00267EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/06 6:12 p.m.•11 views

CVE-2026-7904

Out of bounds read in Fonts in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00193EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/06 6:12 p.m.•11 views

CVE-2026-7899

Out of bounds read and write in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00296EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/06 5:21 p.m.•11 views

CVE-2026-29090

Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.createpostgresquery. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoin...

9CVSS6.4AI score0.00301EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/06 11:28 a.m.•11 views

CVE-2026-43248

In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhostvdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpasim where a valid ASID can be assign...

5.8AI score0.00129EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/06 11:28 a.m.•11 views

CVE-2026-43246

In the Linux kernel, the following vulnerability has been resolved: media: i2c/tw9906: Fix potential memory leak in tw9906probe In one of the error paths in tw9906probe, the memory allocated in v4l2ctrlhandlerinit and v4l2ctrlnewstd is not freed. Fix that by calling v4l2ctrlhandlerfree on the...

5.8AI score0.00123EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/06 11:27 a.m.•11 views

CVE-2026-43125

In the Linux kernel, the following vulnerability has been resolved: dlm: validate length in dlmsearchrsbtree The len parameter in dlmdumprsbname is not validated and comes from network messages. When it exceeds DLMRESNAMEMAXLEN, it can cause out-of-bounds write in dlmsearchrsbtree. Add length...

6.1AI score0.00426EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/06 8:34 a.m.•11 views

CVE-2026-42509

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

5.8AI score0.00357EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/05 8:52 p.m.•11 views

CVE-2026-40068

In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Co...

7.7CVSS5.8AI score0.00281EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/05 7:22 p.m.•11 views

CVE-2026-34084

PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.2 and earlier, 2.0.0 through 2.1.14, 2.2.0 through 2.4.3, 3.3.0 through 3.10.3, and 4.0.0 through 5.5.0, when the filename argument to IOFactory::load is user-controlled, an attacker can supply a PHP stream...

9.2CVSS6.4AI score0.00712EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/05 6:46 p.m.•11 views

CVE-2026-30923

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...

8.2CVSS5.6AI score0.00435EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/05 4:30 a.m.•11 views

CVE-2026-7822

A vulnerability was identified in itsourcecode Courier Management System 1.0. This impacts an unknown function of the file /printpdets.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/04 6:13 p.m.•11 views

CVE-2026-42154

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint /api/v1/read does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a sma...

7.5CVSS5.8AI score0.00761EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/04 6:10 p.m.•11 views

CVE-2026-43964

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...

3.7CVSS6.1AI score0.00415EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/04 2:48 p.m.•11 views

CVE-2026-29169

A NULL pointer dereference in moddavlock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.moddavlock is not used internally by moddav or moddavfs. The only known use-case for moddavlock was moddavsvn from Apache Subversion earlier than...

7.5CVSS5.8AI score0.00594EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/05/04 2:30 a.m.•11 views

CVE-2026-7723

A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component WebSocket Endpoint. Executing a manipulation can lead to missing authentication. The attack may be performed from remote. The exploit has been published and may be...

7.5CVSS6.5AI score0.00421EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/04 12:39 a.m.•11 views

CVE-2026-7161

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

9.3CVSS5.8AI score0.00214EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/02 1:26 p.m.•11 views

CVE-2026-3504

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/id/reviews' REST API endpoint. This is due to the 'preparereviewsforresponse' method...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References6
Total number of security vulnerabilities5000