Lucene search
K
AttackerkbRecent

74775 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.8 views

CVE-2026-11662

Type Confusion in Bindings in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00359EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.7 views

CVE-2026-11661

Use after free in Views in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.5AI score0.00242EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.10 views

CVE-2026-11660

Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.5AI score0.00258EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.10 views

CVE-2026-11658

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

5.4AI score0.00225EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.9 views

CVE-2026-11659

Integer overflow in UI in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.6AI score0.00252EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.8 views

CVE-2026-11656

Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: High...

8.3CVSS5.4AI score0.00169EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.7 views

CVE-2026-11657

Use after free in Payments in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00252EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.8 views

CVE-2026-11654

Use after free in CameraCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.5AI score0.00252EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.9 views

CVE-2026-11655

Integer overflow in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.6AI score0.00242EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.7 views

CVE-2026-11652

Use after free in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.5AI score0.00242EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.7 views

CVE-2026-11653

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

5.4AI score0.00225EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.7 views

CVE-2026-11651

Use after free in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

9.6CVSS6AI score0.00337EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.9 views

CVE-2026-11650

Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00314EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.10 views

CVE-2026-11649

Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00314EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.6 views

CVE-2026-11647

Use after free in Printing in Google Chrome on Android prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.5AI score0.00222EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.11 views

CVE-2026-11648

Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

5.6AI score0.00263EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.10 views

CVE-2026-11645

Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.01654EPSS
Exploits4References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.10 views

CVE-2026-11646

Use after free in ViewTransitions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00262EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.8 views

CVE-2026-11644

Use after free in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Critical...

7.5CVSS6AI score0.00202EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.6 views

CVE-2026-11643

Use after free in Proxy in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium security severity: Critical...

8.1CVSS6AI score0.00271EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.8 views

CVE-2026-11642

Use after free in Web Apps in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.5AI score0.00231EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.10 views

CVE-2026-11640

Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

5.5AI score0.00231EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.8 views

CVE-2026-11641

Use after free in Bluetooth in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

7.5CVSS6AI score0.00275EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.7 views

CVE-2026-11639

Use after free in Compositing in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

7.5CVSS6AI score0.00275EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.10 views

CVE-2026-11638

Use after free in Printing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.5AI score0.00252EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.6 views

CVE-2026-11636

Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

5.6AI score0.00222EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.8 views

CVE-2026-11637

Use after free in Views in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6AI score0.00262EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.9 views

CVE-2026-11635

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.5AI score0.00222EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.8 views

CVE-2026-11633

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a malicious peripheral. Chromium security severity: Critical...

8.8CVSS6AI score0.00232EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.13 views

CVE-2026-11634

Use after free in Gamepad in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.5AI score0.00252EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.8 views

CVE-2026-11632

Use after free in TabStrip in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

7.5CVSS6AI score0.00264EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.9 views

CVE-2026-11631

Use after free in Aura in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

5.5AI score0.00222EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.7 views

CVE-2026-11630

Use after free in File Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

5.6AI score0.00252EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.9 views

CVE-2026-11628

Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a local attacker to potentially exploit heap corruption via physical access to the device. Chromium security severity: Critical...

6.8CVSS5.5AI score0.00181EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.9 views

CVE-2026-11629

Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

5.6AI score0.0027EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 10:1 p.m.8 views

CVE-2026-9669

bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer...

8.2CVSS5.4AI score0.00433EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/08 8:1 p.m.9 views

CVE-2026-44541

Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fidesdescription override. This issue has been patched in version 2.84.5...

7CVSS5.3AI score0.00297EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 7:59 p.m.9 views

CVE-2026-40215

A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS session promotion...

6.1CVSS5.5AI score0.00309EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 7:45 p.m.8 views

CVE-2026-11585

A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The exploit has been...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 7:30 p.m.11 views

CVE-2026-11584

A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 7:29 p.m.7 views

CVE-2026-35058

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...

6.9CVSS5.4AI score0.00317EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 7:28 p.m.7 views

CVE-2026-40519

Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins function in backend/setup.js, allowing attackers with certificates:manage permission to execute arbitrary...

7.7CVSS6.7AI score0.00921EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 7:15 p.m.10 views

CVE-2026-11583

A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the argument className leads to sql injection. It is possible to initiate the attack remotely. The exploit...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 7:13 p.m.9 views

CVE-2026-49141

WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants by supplying an arbitrary caller-controlled contactid in the POST request body without tenant ownership...

7.1CVSS5.6AI score0.00216EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/08 7:9 p.m.9 views

CVE-2026-46484

Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by node and user rename operations. This issue has been patched in versions 0.6.3 and 0.7.0-beta.3...

8.1CVSS5.4AI score0.00374EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 7:4 p.m.8 views

CVE-2026-47345

Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2...

5.1CVSS5.2AI score0.00366EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/08 7:3 p.m.7 views

CVE-2026-47344

When ALLOWINSECURERAWTEXT is enabled, whitespace-variant closing tags e.g., are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitiz...

2.1CVSS5.2AI score0.00282EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/08 7:0 p.m.8 views

CVE-2026-11582

A flaw has been found in CodeAstro Student Attendance Management System 1.0. The impacted element is an unknown function of the file /attendance-php/index.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has bee...

7.5CVSS7AI score0.00269EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 6:45 p.m.10 views

CVE-2026-11559

A vulnerability was detected in CodeAstro Payroll System 1.0. This affects an unknown function of the file /viewaccount.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 6:41 p.m.8 views

CVE-2026-46490

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...

8.7CVSS5.3AI score0.00383EPSS
Exploits2References2Affected Software1
Total number of security vulnerabilities74775