Lucene search
K
AttackerkbRecent

74287 matches found

ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-41876

R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction function. The document converter executes shell commands using unsanitized file paths and format parameters. This allows an authenticated attacker to execute arbitrary system commands with the privileges of the web server user...

8.7CVSS6.3AI score0.01228EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-41877

R-SOFT DMS is vulnerable to Stored XSS in file upload functionality. Authenticated attacker can inject arbitrary HTML and JS into the name of the file being uploaded, which will be executed when visiting file list or upload status by other users. This issue was fixed in version v3.19-2832 and...

8.7CVSS6.2AI score0.01228EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-9838

The ICS Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'htmltagtitle' parameter in all versions up to, and including, 12.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS6.2AI score0.00296EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-15026

The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.0 via the emailtemplateselected. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the...

4.3CVSS6.2AI score0.00223EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-11992

The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level...

4.3CVSS6.1AI score0.0028EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2025-11977

The Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.26.12 via the happyformsgetformpartial function. This makes it possible for authenticat...

6.6CVSS6.5AI score0.00516EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 4 days ago8 views

CVE-2026-6440

The GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1.8. This is due to a missing nonce verification in the resetcredential function, which handles the...

4.3CVSS6AI score0.00168EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 4 days ago8 views

CVE-2026-12955

The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the gdprcookieconsentajaxsaveschedulescan function the wpajaxgccsaveschedulescan AJAX action in versions up to, and including, 4.3.6...

4.3CVSS6.1AI score0.00196EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-12400

The FlowForms – Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.1 via the updateform due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS6.1AI score0.00226EPSS
Exploits1References9
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-1946

The GW AI Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gwaiwebugravitywritedisconnecthandler function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with...

4.3CVSS6.1AI score0.00222EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-6802

The Easy Upload Files During Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.0.1. This is due to missing authorization checks in the ufdccustominit function, which processes the 'eufdc-delete' parameter without any nonce verification,...

5.3CVSS6.2AI score0.00243EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-14475

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

4.9CVSS6.1AI score0.00294EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-12924

The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'etnfaqcontent' parameter in all versions up to, and including, 4.1.15 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-3907

The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wphostel-book' shortcode in all versions up to and including 1.1.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the second shortcode...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-12108

The Highlighting Code Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS6.2AI score0.00208EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-15104

The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for WordPress is vulnerable to generic SQL Injection via the 'lang' parameter in all versions up to, and including, 4.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS6.1AI score0.0026EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-40454

Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server data. This issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users...

7.5CVSS6.1AI score0.00278EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-40452

Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users. This issue affects Apache IoTDB: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users are recommended to...

7.5CVSS6.1AI score0.00256EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago8 views

CVE-2026-40009

Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to internalauditor. This issue affects Apache IoTDB: from 2.0.8 before 2.0.10. Users are recommended to upgrade to version 2.0.10,...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-40008

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name and instantiates it using Class.forName.newInstance without any validation or allowlisting. This issue affects Apache IoTDB:...

9.8CVSS6.1AI score0.00332EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-40007

Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pipeairgapreceiverenabled=true, the IoTDB AirGap receiver's readLength method calls itself recursively each time it recognises the E-language prefix in socket data, with no depth limit. An unauthenticate...

7.5CVSS6.1AI score0.00278EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-40006

Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB. When pipeairgapreceiverenabled=true, the IoTDB AirGap pipe receiver accepts raw TCP connections on port 9780 with no...

7.5CVSS6.1AI score0.00323EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago10 views

CVE-2026-40005

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to...

9.1CVSS6.2AI score0.00349EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-28564

Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue...

9.8CVSS6.1AI score0.00367EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago8 views

CVE-2026-13347

The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the hewrapperjs and hewrappercss query parameters processed by the elementorassetsfilter function. This is due to the function concatenating user-supplied input directly onto...

7.5CVSS6.1AI score0.00512EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-12685

The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator emai...

7.5CVSS6AI score0.00222EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-12276

The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has...

5.3CVSS6AI score0.00182EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago9 views

CVE-2026-12123

The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locatio...

6.4CVSS6.2AI score0.00246EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 4 days ago8 views

CVE-2026-21057

Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory...

6.8CVSS5.9AI score0.00116EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago8 views

CVE-2026-21056

Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information...

4.8CVSS5.9AI score0.00099EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-21055

Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege...

8.5CVSS6.2AI score0.00121EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-21054

Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data...

6.9CVSS5.9AI score0.00115EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago8 views

CVE-2026-21053

Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox...

5.1CVSS6AI score0.00111EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-21052

Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege...

6.8CVSS5.9AI score0.00131EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-21051

Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings...

5.1CVSS5.9AI score0.00105EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-21050

Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information...

5.1CVSS5.9AI score0.00105EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago8 views

CVE-2026-21049

Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code...

8.4CVSS6.2AI score0.00127EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-21048

Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory...

8.3CVSS6AI score0.00379EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-21046

Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code...

8.4CVSS6.2AI score0.00096EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-21045

Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory...

8.3CVSS6AI score0.00379EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-21044

Improper authorization in KnoxGuardManager prior to SMR Jul-2026 Release 1 allows local attackers to bypass the persistence configuration of the application...

5.8CVSS5.9AI score0.00096EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-21043

Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege...

6.7CVSS5.9AI score0.00129EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-21042

Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code...

8.4CVSS6.2AI score0.00116EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-21041

Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information...

6.9CVSS5.9AI score0.00105EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-21040

Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs...

6.9CVSS5.9AI score0.00099EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-21039

Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to configure Theft protection settings...

6.9CVSS5.9AI score0.00105EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-15332

A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an unknown function of the file channel/channel.py of the component Message Endpoint. The manipulation results in missing authorization. The attack may be launched remotely. The exploit has been released...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-15301

The BuddyHolis TableSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6.1AI score0.00156EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-15300

The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', 'lat', and 'lng' parameters in versions up to, and including, 4.5.4. The values were read from $SERVER'QUERYSTRING' via parsestr bypassing wpmagicquotes, which does not cover $SERVER, then passed through bare...

9.1CVSS6AI score0.00349EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-15299

The Animation Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'weatherstyle' and 'movedirection' parameters of the Weather widget in all versions up to, and including, 2.6.3. This is due to insufficient output escaping in the Weather widget's render...

6.4CVSS6AI score0.00193EPSS
Exploits0References5
Total number of security vulnerabilities74287