Lucene search
K
AttackerkbRecent

74667 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/19 6:51 a.m.16 views

CVE-2026-3640

The STRABL – A checkout solution plugin for WordPress is vulnerable to Missing Authentication in all versions up to and including 4.5. The plugin registers a REST API webhook endpoint at /wp-json/strabl/webhook/order with a permissioncallback of returntrue, which allows all incoming requests...

5.3CVSS5.8AI score0.00382EPSS
Exploits0References15
ATTACKERKB
ATTACKERKB
added 2026/06/19 6:0 a.m.6 views

CVE-2026-9822

The WP Hotel Booking WordPress plugin before 2.3.1 does not enforce capability checks in several of its AJAX handlers, allowing authenticated users with Subscriber-level access to read other users' booking line items, enumerate active coupons, and read pricing data...

5.8AI score0.00201EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 5:41 a.m.8 views

CVE-2026-54414

FileRise before 3.16.0 is vulnerable to path traversal in the shared-folder upload endpoint /api/folder/uploadToSharedFolder.php, leading to arbitrary file write and administrator account takeover. The upload filename is validated by FolderController with basename and REGEXFILENAME, which permit...

9.8CVSS6.3AI score0.0072EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 5:33 a.m.8 views

CVE-2026-7515

The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the docstyle parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code ...

9.8CVSS6.5AI score0.00886EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 5:13 a.m.8 views

CVE-2025-7737

DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E990, E1090, E1090H: before DKCMAIN Ver.93-07-21-80/00-05, CHBiSCSI Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-80/00-07, CHBiSCSI Ver.88-01-02-04, before DKCMAIN...

8.6CVSS5.8AI score0.00268EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 5:0 a.m.8 views

CVE-2026-12644

Versions of the package ts-deepmerge before 8.0.0 are vulnerable to Uncaught Exception due to the improper handling of built-in Object.prototype methods such as toString, valueOf. When user-controlled input contains these keys with non-function values, the resulting merged object becomes broken —...

6.9CVSS5.9AI score0.00308EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:57 a.m.7 views

CVE-2026-10720

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...

5CVSS5.9AI score0.00208EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.9 views

CVE-2026-12430

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and...

4.4CVSS5.9AI score0.00208EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.7 views

CVE-2026-8118

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wprgetcsvhandle helper introduced in version 1.7.1058 as part of the patch for CVE-2026-6229 falling back to...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.8 views

CVE-2026-8713

The Avada Fusion Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the maybedeletefiles function in all versions up to, and including, 3.15.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the...

9.1CVSS6.7AI score0.01193EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.6 views

CVE-2026-10034

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.39. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to supply an...

5.3CVSS6AI score0.00385EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.5 views

CVE-2026-11989

The Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.7 via the uploadattachment. This makes it possible for unauthenticated attackers to make web...

6.5CVSS6AI score0.00312EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.7 views

CVE-2026-9013

The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.1 via the bogorestcreateposttranslation. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the raw title, content, excerpt,...

4.3CVSS5.8AI score0.00254EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.6 views

CVE-2026-4328

The Advanced Import plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.6. This is due to the plugin using wpremoteget to fetch a user-supplied URL without validating that the URL does not point to internal or private network resources in th...

6.4CVSS6AI score0.00208EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.5 views

CVE-2026-12157

The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient...

6.4CVSS6AI score0.00212EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.6 views

CVE-2026-7547

The Woosa – Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in versions up to and including 2.0.4. This is due to insufficient path sanitization in the renderlogsui function, which accepts a base64-encoded file name from the 'logfile' GET...

4.9CVSS6AI score0.00397EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.7 views

CVE-2026-1856

The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6AI score0.00193EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:29 a.m.5 views

CVE-2026-11752

A vulnerability has been identified in armeria-xds versions 1.38.0 through 1.39.0, where DataSourceStream in the xDS module can resolve control-plane-supplied filenames and environment variables without restriction, allowing a compromised or semi-trusted xDS control plane to read arbitrary local...

5.9CVSS5.9AI score0.00198EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/19 3:41 a.m.7 views

CVE-2026-10779

The Classified Listing – Classified ads & Business Directory plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.4.2. This is due to a missing capability/ownership check on the galleryimageupdateasfeature AJAX handler action:...

4.3CVSS5.4AI score0.00213EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/19 3:0 a.m.7 views

CVE-2026-56132

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...

6.9CVSS5.5AI score0.00107EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 2:56 a.m.7 views

CVE-2026-56131

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...

4.9CVSS5.3AI score0.00135EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 2:31 a.m.10 views

CVE-2026-8806

Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service DoS condition in the affected product by continuously sending a large number of communication packets to t...

8.7CVSS5.3AI score0.00367EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 2:29 a.m.9 views

CVE-2026-11775

The User Admin Simplifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the useradminsimplifieroptionspage function. This makes it possible for unauthenticated attackers to rese...

4.3CVSS5.3AI score0.00128EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/19 2:26 a.m.9 views

CVE-2026-8805

Integer Overflow or Wraparound vulnerability in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service DoS condition in the affected product by rapidly establishing a larg...

8.7CVSS5.3AI score0.00379EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/19 12:0 a.m.8 views

CVE-2026-51844

Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the cloneType parameter...

6.2AI score0.00384EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 12:0 a.m.5 views

CVE-2026-51845

Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the mac parameter...

6.2AI score0.00384EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 12:0 a.m.5 views

CVE-2026-51846

In Tenda AC7 v15.03.06.44, the wanSpeed parameter of the route /goform/AdvSetMacMtuWan has a stack buffer overflow vulnerability that can lead to remote arbitrary code execution...

6.5AI score0.00584EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 12:0 a.m.5 views

CVE-2026-51843

Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the wanMTU parameter...

6.2AI score0.00384EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 12:0 a.m.10 views

CVE-2025-62821

Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntryGetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copysize = stride absroiheight but does not check the...

6AI score0.00823EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 11:54 p.m.7 views

CVE-2026-40624

Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request...

9.8CVSS5.8AI score0.00616EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/18 11:47 p.m.7 views

CVE-2026-50034

An attacker within BLE communication range can passively intercept wireless traffic and obtain sensitive health-related information, including glucose measurement values...

7.1CVSS5.2AI score0.00145EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/18 11:45 p.m.5 views

CVE-2026-52866

An attacker within BLE communication range can monopolize the device's only available BLE connection slot, preventing legitimate users or applications from establishing a connection...

7.1CVSS5.2AI score0.00222EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/18 11:37 p.m.6 views

CVE-2026-12049

Open redirect in pgAdmin 4's multi-factor authentication flow. The MFA validate and register endpoints honoured the user-supplied 'next' query/form parameter without confirming the target pointed back inside pgAdmin, so an authenticated victim who clicked /mfa/validate?next= -- a link typically...

5.3CVSS5.3AI score0.00218EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/18 11:37 p.m.9 views

CVE-2026-12048

Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Recheck Cond / Exact Heap Blocks fields was passed...

9.3CVSS5.3AI score0.0021EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/18 11:37 p.m.6 views

CVE-2026-12047

HTML injection in pgAdmin 4's cloud deployment module. The verifycredentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /google/, and the top-level /cloud/ blueprint propagated AWS / Azure / Google SDK exception text — and the related file-resolution and database-commit...

4.8CVSS5.2AI score0.00137EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/18 11:37 p.m.7 views

CVE-2026-12046

Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/ and POST /sqleditor/initialize/sqleditor/updateconnection/// -- were the only routes in the module missing the @pgaloginrequired decorator. Both reach a pickle.loads sink on session'gridData''commandobj':...

9.5CVSS6.7AI score0.0071EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/18 11:37 p.m.8 views

CVE-2026-12045

Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database content that the assistant reads to execute arbitrary SQL with the privileges of the pgAdmin user's database role. The AI Assistant's executesqlquery tool runs LLM-generated SQL inside a BEGIN...

9.4CVSS6.9AI score0.00482EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/18 11:37 p.m.8 views

CVE-2026-12050

SQL injection in pgAdmin 4's named restore point endpoint POST /browser/server/restorepoint/gid/sid. The user-supplied 'value' field was interpolated directly into the SQL string with str.format instead of being passed as a bound parameter, allowing an authenticated pgAdmin user with a connected...

5.3CVSS5.4AI score0.00245EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/18 11:37 p.m.5 views

CVE-2026-12044

SQL injection in pgAdmin 4 across every dialog template that renders COMMENT ON ... IS '' for a user-supplied description field. The Jinja templates for Domains and their constraints, Foreign Tables, Languages, and Event Triggers, plus the Views OID-lookup query, interpolated the description...

8.8CVSS5.9AI score0.00489EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/18 11:30 p.m.12 views

CVE-2026-6716

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.2AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/18 11:30 p.m.14 views

CVE-2026-10746

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.2AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/18 10:12 p.m.9 views

CVE-2026-56078

PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. Attackers can include traversal sequences like ../ in agent IDs to read, write, or overwrite arbitrary files, enabling sensitive disclosure, denial of...

8.8CVSS5.7AI score0.00687EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/18 10:12 p.m.8 views

CVE-2026-56076

PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitrary agent execution. The POST /agui endpoint lacks authentication and hardcodes Access-Control-Allow-Origin: headers, combined with Starlette's...

8.6CVSS5.9AI score0.00504EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/18 10:12 p.m.8 views

CVE-2026-56077

PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expo...

7.1CVSS5.3AI score0.00256EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/18 10:12 p.m.8 views

CVE-2026-56075

PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approvalmode to auto, overriding administrator configuration from PRAISONAPPROVALMODE environment variable. Authenticated attackers can instruct the LLM agent to execute arbitrary...

8.8CVSS6AI score0.00476EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/18 10:12 p.m.8 views

CVE-2026-56074

PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent executecommand calls to bypass approval prompts. Attackers can exploit this by obtaining initial approval for a benign command, then silently exfiltrate API keys and...

6.8CVSS5.3AI score0.00116EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/18 9:42 p.m.10 views

CVE-2026-47647

Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network...

9.9CVSS5.2AI score0.00426EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 9:42 p.m.10 views

CVE-2026-54130

Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network...

9.8CVSS5.3AI score0.00578EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 9:39 p.m.7 views

CVE-2026-32174

Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network...

7.7CVSS5.3AI score0.00411EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 9:37 p.m.10 views

CVE-2026-47633

Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.2AI score0.0057EPSS
Exploits0References2
Total number of security vulnerabilities74667