Lucene search
K
AttackerkbRecent

74784 matches found

ATTACKERKB
ATTACKERKB
•added 2026/06/09 3:0 a.m.•29 views

CVE-2026-11621

A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...

5.8CVSS5.1AI score0.00218EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/06/09 2:45 a.m.•15 views

CVE-2026-11620

A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the publi...

6.9CVSS5.1AI score0.00285EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/09 2:30 a.m.•13 views

CVE-2026-11619

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. The manipulation leads to improper authorization. It is possible to initiate the...

6.5CVSS5AI score0.00209EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/09 2:28 a.m.•11 views

CVE-2026-7556

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS5.7AI score0.00241EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
•added 2026/06/09 2:28 a.m.•14 views

CVE-2026-5714

The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘locationdir’ parameter in all versions up to, and including, 4.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

6.4CVSS5.7AI score0.00181EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/06/09 2:15 a.m.•9 views

CVE-2026-11618

A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead ...

7.5CVSS5AI score0.00401EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/09 1:27 a.m.•7 views

CVE-2026-10862

The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and...

6.4CVSS5.7AI score0.00155EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/06/09 1:4 a.m.•7 views

CVE-2026-8795

A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in clientinfo.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted...

7.8CVSS5.6AI score0.00148EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/06/09 12:21 a.m.•8 views

CVE-2026-44757

SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected script could execute in the user�s browser within the context of the application. This issue has a low impact on the...

4.7CVSS5.6AI score0.00154EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/06/09 12:21 a.m.•7 views

CVE-2026-44755

SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerability has a low impact on integrity and does not affect the confidentiality and availability of th...

4.3CVSS5.5AI score0.00109EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/09 12:21 a.m.•8 views

CVE-2026-44754

The Remote Function Call RFC modules of the Operational Data Provisioning Data Replication API ODP-RFC are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which...

6.6CVSS5.5AI score0.00219EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/09 12:21 a.m.•11 views

CVE-2026-44751

Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with...

7.1CVSS5.6AI score0.00207EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/06/09 12:21 a.m.•8 views

CVE-2026-44750

SAP MDG Review Match Groups Application does not perform the necessary authorization checks for authenticated users. This could allow a low-privileged user to perform actions that would otherwise be restricted, resulting in escalation of privileges. This has a low impact on integrity, while...

4.3CVSS5.5AI score0.00161EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/06/09 12:20 a.m.•17 views

CVE-2026-44748

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to...

9.9CVSS5.5AI score0.00231EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/06/09 12:20 a.m.•7 views

CVE-2026-44746

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...

6.1CVSS5.4AI score0.00199EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/06/09 12:20 a.m.•10 views

CVE-2026-44744

SAP S/4HANAOn-Premise contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database queries.This flaw exposes sensitive information to which they should not otherwise have access...

6.5CVSS5.7AI score0.00224EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/09 12:20 a.m.•10 views

CVE-2026-44743

Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the data. There is no impact on integrity and availability of the application...

3.7CVSS5.5AI score0.00188EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/09 12:20 a.m.•8 views

CVE-2026-40128

SAP NetWeaver Application Server Java Web Container allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or...

9CVSS5.5AI score0.00454EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/06/09 12:20 a.m.•8 views

CVE-2026-27671

Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high...

9.8CVSS5.5AI score0.00437EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/09 12:19 a.m.•7 views

CVE-2026-24315

SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires adversaries to possess advanced knowledge of the system...

4.2CVSS5.6AI score0.00174EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:28 p.m.•9 views

CVE-2026-11701

Inappropriate implementation in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.5AI score0.00178EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:28 p.m.•7 views

CVE-2026-11699

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.6AI score0.00203EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:28 p.m.•9 views

CVE-2026-11700

Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

8.3CVSS5.5AI score0.00179EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:28 p.m.•7 views

CVE-2026-11698

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.6AI score0.00203EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:28 p.m.•6 views

CVE-2026-11697

Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.5AI score0.00203EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:27 p.m.•6 views

CVE-2026-11695

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.5AI score0.00177EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:27 p.m.•8 views

CVE-2026-11696

Uninitialized Use in Video in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.3CVSS5.5AI score0.00193EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:27 p.m.•10 views

CVE-2026-11694

Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

7.5CVSS6AI score0.00214EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:27 p.m.•7 views

CVE-2026-11693

Inappropriate implementation in Plugins in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

5.4AI score0.00184EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:27 p.m.•8 views

CVE-2026-11692

Use after free in Read Anything in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.5AI score0.00179EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:27 p.m.•8 views

CVE-2026-11691

Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.5AI score0.00169EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:27 p.m.•8 views

CVE-2026-11689

Insufficient policy enforcement in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

5.4AI score0.00218EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:27 p.m.•9 views

CVE-2026-11690

Out of bounds read and write in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

7.5CVSS6AI score0.00214EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:27 p.m.•9 views

CVE-2026-11688

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00256EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:27 p.m.•7 views

CVE-2026-11687

Use after free in Dawn in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.6AI score0.00203EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:27 p.m.•8 views

CVE-2026-11686

Insufficient validation of untrusted input in Dawn in Google Chrome on macOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.5AI score0.00171EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:27 p.m.•11 views

CVE-2026-11684

Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.5AI score0.00171EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:27 p.m.•12 views

CVE-2026-11685

Inappropriate implementation in MediaCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.5AI score0.00177EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:27 p.m.•6 views

CVE-2026-11683

Use after free in WebCodecs in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00307EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:27 p.m.•8 views

CVE-2026-11682

Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.5AI score0.00192EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:27 p.m.•9 views

CVE-2026-11680

Use after free in Media in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00243EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:27 p.m.•8 views

CVE-2026-11681

Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

5.6AI score0.00203EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:27 p.m.•8 views

CVE-2026-11679

Use after free in Codecs in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.5AI score0.00179EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:27 p.m.•8 views

CVE-2026-11677

Race in Network in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the network process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.5AI score0.00148EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:27 p.m.•10 views

CVE-2026-11678

Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.3CVSS5.5AI score0.00177EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:27 p.m.•9 views

CVE-2026-11675

Out of bounds read in Skia in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.5AI score0.002EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:27 p.m.•10 views

CVE-2026-11676

Insufficient validation of untrusted input in Dawn in Google Chrome on Linux and ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.5AI score0.0023EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:27 p.m.•12 views

CVE-2026-11674

Use after free in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00243EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:27 p.m.•9 views

CVE-2026-11672

Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00238EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/08 11:27 p.m.•8 views

CVE-2026-11673

Use after free in InterestGroups in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00243EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities74784