Lucene search
K
AttackerkbRecent

74784 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/07 10:45 p.m.7 views

CVE-2026-11465

A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...

3.1CVSS4.6AI score0.0022EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/07 10:30 p.m.9 views

CVE-2026-11464

A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt leads to informatio...

3.1CVSS4.8AI score0.0022EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/07 10:15 p.m.9 views

CVE-2026-11463

A vulnerability was determined in USCiLab Cereal up to 1.3.2. Affected is an unknown function of the component Shared Pointer Handler. Executing a manipulation can lead to type confusion. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor...

7.5CVSS6.8AI score0.00313EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/07 10:0 p.m.10 views

CVE-2026-11462

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file plugins/Stripe/Controllers/StripeController.php of the component Stripe Plugin. Performing a manipulation of the argument Request results in improper...

7.5CVSS6.7AI score0.00294EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/07 9:45 p.m.7 views

CVE-2026-11461

A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolvesessionbytitle of the file hermesstate.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotel...

6.5CVSS6.1AI score0.00225EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/07 7:30 p.m.10 views

CVE-2026-11460

A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notifie...

7.5CVSS6.8AI score0.00311EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/07 12:8 p.m.14 views

CVE-2026-49494

Xcitium Client Security XCS before 13.8.2.10019 and Comodo Internet Security CIS through 12.3.4.8162 fix expected by 2026 Q3 contain an integer underflow vulnerability in the firewall driver Inspect.sys that allows remote unauthenticated attackers to crash the system by sending a crafted IPv6...

8.7CVSS6.2AI score0.00542EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/07 8:15 a.m.9 views

CVE-2026-11459

A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.1. Impacted is an unknown function in the library saappctl.sys of the component IOCTL Handler. The manipulation leads to information disclosure. Local access is required to approach this attack. The exploit has been...

4.8CVSS4.8AI score0.00106EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/07 8:0 a.m.11 views

CVE-2026-11458

A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be...

6.9CVSS5.5AI score0.00292EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/07 7:45 a.m.8 views

CVE-2026-11457

A security flaw has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the component JimuReport test-connection Endpoint. Performing a manipulation of the argument...

7.5CVSS6.8AI score0.00329EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/07 7:15 a.m.9 views

CVE-2026-11456

A vulnerability was identified in Chanjet CRM 1.0. This affects an unknown part of the file /tools/jxfdumpsystable.php of the component HTTP GET Request Handler. Such manipulation of the argument gblOrgID leads to sql injection. The attack may be launched remotely. The exploit is publicly availab...

7.5CVSS7AI score0.0026EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/07 7:0 a.m.10 views

CVE-2026-11455

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. Affected by this issue is the function checkcmdexists of the file metagpt/utils/common.py. This manipulation of the argument mermaid.path causes command injection. The attack may be initiated remotely. A high degree of...

5CVSS5.2AI score0.00936EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/07 3:45 a.m.7 views

CVE-2026-11453

A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched...

6.5CVSS5.3AI score0.00193EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/07 3:15 a.m.10 views

CVE-2026-11452

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN0042e200 of the file /cgi-bin/glc of the component SETUSERPWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version 4.8....

7.5CVSS5.2AI score0.01681EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/07 3:0 a.m.8 views

CVE-2026-11451

A flaw has been found in GL.iNet GL-MT3000 4.4.5. This impacts the function snprintf of the file /cgi-bin/glc of the component FTP Protocol Handler. Executing a manipulation of the argument mediadir can lead to command injection. It is possible to launch the attack remotely. Upgrading to version...

7.5CVSS5.5AI score0.02027EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/07 2:30 a.m.7 views

CVE-2026-11450

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument devname results in command injection. It is possible to initiate the attack...

7.5CVSS5.4AI score0.01572EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/07 2:15 a.m.7 views

CVE-2026-11449

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpcsys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS5.2AI score0.01102EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/07 2:0 a.m.7 views

CVE-2026-11448

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument kube. set causes command injection. The attack is possible to be carried out remotely. Upgrading to...

5.8CVSS5.1AI score0.01582EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/07 1:15 a.m.8 views

CVE-2026-11447

A security flaw has been discovered in GL.iNet GL-MT3000 up to 4.4.5. Impacted is the function iwinfobackend of the file iwinfo.so of the component MTK Backend. The manipulation of the argument device results in command injection. The attack can be executed remotely. The exploit has been released...

6.5CVSS5.1AI score0.01073EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/06 9:30 p.m.11 views

CVE-2026-36229

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

5.4AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/06 5:45 p.m.8 views

CVE-2026-11441

A vulnerability was identified in theonedev onedev up to 15.0.5. This vulnerability affects the function canAccessIssue of the file /issues/ of the component Pull Request Handler. Such manipulation of the argument issue leads to improper authorization. It is possible to launch the attack remotely...

6.5CVSS5.2AI score0.00214EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/06 5:30 p.m.9 views

CVE-2026-11440

A vulnerability was determined in theonedev onedev up to 15.0.5. This affects an unknown part of the file /repositories/projectId/default-branch of the component REST API. This manipulation of the argument project.defaultBranch causes improper authorization. It is possible to initiate the attack...

6.5CVSS5.2AI score0.00214EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/06 5:15 p.m.8 views

CVE-2026-11439

A vulnerability was found in theonedev onedev up to 15.0.5. Affected by this issue is some unknown functionality of the file /projects/ of the component Parent Project Handler. The manipulation of the argument project.parentId results in improper authorization. The attack may be performed from...

6.5CVSS5AI score0.00214EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/06 5:0 p.m.8 views

CVE-2026-11438

A vulnerability has been found in theonedev onedev up to 15.0.5. Affected by this vulnerability is an unknown functionality of the file /projects. The manipulation of the argument project.forkedFromId leads to improper authorization. The attack is possible to be carried out remotely. Upgrading to...

6.5CVSS5.1AI score0.00214EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/06 4:30 p.m.6 views

CVE-2026-11437

A flaw has been found in perfree go-fastdfs-web up to 1.3.7. Affected is the function checkServer of the file /install/checkServer of the component Installation Endpoint. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been...

7.5CVSS5AI score0.00409EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/06 3:45 p.m.7 views

CVE-2026-11436

A vulnerability was detected in Mage AI up to 0.9.79. This impacts the function useMutation of the file mageai/frontend/components/Sessions/SignForm/index.tsx of the component Sign-in Flow. Performing a manipulation of the argument query.redirecturl results in cross site scripting. Remote...

5.3CVSS4AI score0.00263EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/06 3:15 p.m.11 views

CVE-2026-11435

A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...

7.5CVSS5.4AI score0.00259EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:15 p.m.9 views

CVE-2026-11434

A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could...

4.8CVSS3.8AI score0.00275EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/06 12:45 p.m.10 views

CVE-2026-11413

A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function setmacfilter of the file /sbin/jdcwebrpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been...

9CVSS8.1AI score0.00481EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/06 11:0 a.m.9 views

CVE-2026-11412

A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can lead to sql injection. The attack may be performed from remote. The exploit has been made availab...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/06 10:45 a.m.9 views

CVE-2026-11411

A security flaw has been discovered in iAI Lab PDF AI App 4.21.0 on Android. Impacted is the function getExternalCacheDir of the component chatpdf.pro. Performing a manipulation of the argument displayname results in path traversal. The attack requires a local approach. The exploit has been...

4.8CVSS5AI score0.00171EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/06 10:30 a.m.8 views

CVE-2026-11408

A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulation of the argument req.query leads to os command injection. The attack can be executed remotely. Th...

6.5CVSS6.3AI score0.01114EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/06 9:15 a.m.13 views

CVE-2026-11406

A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...

6.5CVSS6.2AI score0.0123EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/06 9:14 a.m.10 views

CVE-2026-10725

Protocol::HTTP2 versions through 1.12 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per index...

5.7AI score0.00414EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/06 4:28 a.m.8 views

CVE-2026-9829

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compactalbumorderby' Shortcode Parameter in all versions up to, and including, 1.8.41 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS5.8AI score0.00325EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 2026/06/06 4:28 a.m.7 views

CVE-2026-9851

The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capability check on the 'updateUser' branch of the packageappaction AJAX endpoint, where the handler only validates a nonce and th...

7.2CVSS5.4AI score0.00345EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/06 4:28 a.m.9 views

CVE-2026-9016

The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due to the logjserrors AJAX handler being registered for unauthenticated users via...

5.3CVSS5.6AI score0.00261EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/06 3:28 a.m.6 views

CVE-2026-8611

The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoiceid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS5.6AI score0.00234EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/06 3:28 a.m.10 views

CVE-2026-8839

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This is due to missing ownership verification in the REST API routes registered via MappressApi::restapiinit, where the GET...

5.3CVSS5.5AI score0.00813EPSS
Exploits0References25
ATTACKERKB
ATTACKERKB
added 2026/06/06 3:28 a.m.7 views

CVE-2026-9594

The WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'locationmessages' parameter in all versions up to, and including, 4.9.4 due to insufficient input sanitization and output escaping...

4.4CVSS5.7AI score0.00201EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/06 3:28 a.m.9 views

CVE-2026-7624

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS5.5AI score0.00296EPSS
Exploits0References15
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.10 views

CVE-2026-2500

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...

4.4CVSS5.4AI score0.00315EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.10 views

CVE-2026-7792

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to and including 1.10.0.1. This is due to the PayPal Commerce webhook endpoint processing unauthenticat...

5.3CVSS5.4AI score0.00202EPSS
Exploits0References15
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.13 views

CVE-2026-8978

The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

4.9CVSS5.8AI score0.00259EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.11 views

CVE-2026-8502

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the 'returntype' parameter. This makes it possible for unauthenticated attackers to extract sensitive data...

5.3CVSS5.5AI score0.00353EPSS
Exploits0References15
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.14 views

CVE-2026-7796

The EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block 'url' attribute in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping...

6.4CVSS5.7AI score0.00234EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.11 views

CVE-2026-7665

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajaxloadmore function due to insufficient restrictions on which posts can be included. This makes it possible f...

5.3CVSS5.5AI score0.0515EPSS
Exploits1References15
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.8 views

CVE-2026-7795

The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to insufficient escaping when embedding user-supplied shortcode attribute values inside JavaScript string...

6.4CVSS5.8AI score0.00288EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.11 views

CVE-2026-7537

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

7.2CVSS6.3AI score0.00659EPSS
Exploits1References11
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.9 views

CVE-2026-9280

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS5.7AI score0.00225EPSS
Exploits0References9
Total number of security vulnerabilities74784