Lucene search
K
AttackerkbRecent

74794 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/05 10:15 a.m.6 views

CVE-2026-21038

Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access out-of-bounds memory...

5.9CVSS5.4AI score0.00101EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:15 a.m.8 views

CVE-2026-21037

Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege...

6.9CVSS5.6AI score0.00105EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:15 a.m.10 views

CVE-2026-21036

Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information...

6.3CVSS5.5AI score0.00094EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:15 a.m.6 views

CVE-2026-21035

Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive information...

6.5CVSS5.5AI score0.00298EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:15 a.m.7 views

CVE-2026-21034

Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to change audio configuration...

4.8CVSS5.5AI score0.00084EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:15 a.m.6 views

CVE-2026-21033

Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...

6.9CVSS5.8AI score0.00093EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:15 a.m.7 views

CVE-2026-21032

Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...

6.9CVSS5.8AI score0.00093EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:15 a.m.6 views

CVE-2026-21031

Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability...

5.2CVSS5.5AI score0.00093EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:15 a.m.10 views

CVE-2026-21030

Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions...

6.4CVSS5.5AI score0.00094EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:15 a.m.8 views

CVE-2026-21029

Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations...

6.8CVSS5.6AI score0.00093EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:15 a.m.7 views

CVE-2026-21028

Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information...

5.1CVSS5.5AI score0.00093EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:15 a.m.7 views

CVE-2026-21027

Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function...

4.8CVSS5.5AI score0.00084EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:15 a.m.7 views

CVE-2026-21026

Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information...

6.4CVSS5.5AI score0.00093EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:15 a.m.6 views

CVE-2026-21025

Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information...

6.9CVSS5.5AI score0.00093EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:14 a.m.6 views

CVE-2026-21017

Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files...

4.6CVSS5.5AI score0.00093EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 9:49 a.m.7 views

CVE-2026-50265

This CVE ID was assigned as a duplicate of CVE-2026-50292...

9.8CVSS5.4AI score0.00498EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/05 9:36 a.m.6 views

CVE-2026-8914

In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval function in rpc-profile, a vulnerability exists where a lower privileged user could perform command injection as the root user...

8.4CVSS5.5AI score0.00541EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/05 9:1 a.m.7 views

CVE-2026-6274

Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8...

9.8CVSS5.5AI score0.0046EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/05 8:59 a.m.10 views

CVE-2026-49777

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4...

10CVSS5.4AI score0.01656EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 8:21 a.m.12 views

CVE-2026-11332

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field...

7.8CVSS6.1AI score0.00156EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/05 7:52 a.m.8 views

CVE-2026-9088

A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied,...

2.7CVSS5.4AI score0.00348EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/05 7:31 a.m.17 views

CVE-2026-48907

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution...

10CVSS5.6AI score0.80425EPSS
Exploits19References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/05 6:3 a.m.8 views

CVE-2026-21825

HCL Digital Experience Compose is affected by a reflected cross-site scripting XSS vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser...

6.1CVSS5.5AI score0.00152EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/05 5:58 a.m.7 views

CVE-2026-21826

HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways...

6.1CVSS5.5AI score0.00144EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/05 5:50 a.m.10 views

CVE-2026-21837

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover...

8.7CVSS5.9AI score0.0092EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/05 5:0 a.m.12 views

CVE-2026-10732

All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip when extracting a ZIP archive containing two entries with the same path - the first being a symlink to an arbitrary target and the second being a regular file - the file content is writte...

9.8CVSS6.4AI score0.02147EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/06/05 2:14 a.m.18 views

CVE-2026-50593

Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range...

7.3CVSS5.8AI score0.00112EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/05 1:57 a.m.8 views

CVE-2026-50592

In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog aka the communication log administration view...

6.4CVSS5.8AI score0.00148EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/05 1:52 a.m.7 views

CVE-2026-50591

In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/05 1:39 a.m.8 views

CVE-2026-7763

A heap-based buffer overflow vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated attacker within radio range to cause a Denial of Service kernel panic or potentially achieve Remote Code Execution via a...

6AI score0.00536EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 1:36 a.m.8 views

CVE-2026-7762

A heap-based buffer overflow vulnerability in the dot11ah.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated attacker within radio range to cause a Denial of Service kernel panic or potentially achieve Remote Code Execution via a...

6AI score0.00567EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 12:35 a.m.6 views

CVE-2026-41567

Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via PUT /containers/id/archive or piped through docker cp -, the daemon resolves decompression binaries such as xz or unpigz fr...

7.2CVSS6.2AI score0.00153EPSS
Exploits0References2Affected Software3
ATTACKERKB
ATTACKERKB
added 2026/06/05 12:30 a.m.8 views

CVE-2026-11312

A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purgekvmap in the library /src/infinistore.h of the component KV Map Handler. Performing a manipulation results in inefficient algorithmic complexity. The attack requires a local approach. The...

4.8CVSS4.8AI score0.00112EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/05 12:15 a.m.7 views

CVE-2026-50590

In Mimecast Incydr before 2.6.0, arbitrary file access can occur...

4.5CVSS5.5AI score0.0009EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/05 12:12 a.m.6 views

CVE-2026-11326

OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on .openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI...

6CVSS5.2AI score0.00214EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 12:0 a.m.9 views

CVE-2026-10878

A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument actionvalue results in command injection. The attack is possible to be carried out remotely. The exploit is now public and...

8.8CVSS6.4AI score0.04236EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/05 12:0 a.m.6 views

CVE-2026-37737

sanic-cors version 2.2.0 and prior contains an improper regular expression in the trymatch function in saniccors/core.py that uses re.match without end-anchoring. This allows an attacker to bypass CORS origin allowlists by registering a domain that begins with a trusted origin string, to gain...

5.5AI score0.00164EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/05 12:0 a.m.7 views

CVE-2026-38579

Multiple reflected Cross-Site Scripting XSS vulnerabilities in damasac thaipalliativelte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter line 24, the id parameter lines 25, 75, and the ptidkey parameter lines 26, 42 in...

5.6AI score0.00199EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/05 12:0 a.m.6 views

CVE-2020-25900

HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client of other users. The client side was changed in 2019 to encrypt that database...

5.3CVSS5.5AI score0.00201EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 12:0 a.m.8 views

CVE-2026-36501

An issue in the Externalizable.readExternal component of Controller v12.0.5 allows attackers to cause a Denial of Service DoS via a crafted input...

5.5AI score0.00278EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/05 12:0 a.m.6 views

CVE-2026-36785

Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the page parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

5.5AI score0.00357EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/05 12:0 a.m.6 views

CVE-2026-36500

An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...

5.7AI score0.00686EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:59 p.m.8 views

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

5.3CVSS5.5AI score0.00433EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:45 p.m.8 views

CVE-2026-10877

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System up to 1.0. This impacts an unknown function of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Username leads to sql injection. The attack can be executed...

7.5CVSS6.9AI score0.00328EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:30 p.m.7 views

CVE-2026-10876

A weakness has been identified in SourceCodester Ship Ferry Ticket Reservation System 1.0. This affects an unknown function of the file /admin/. This manipulation of the argument page causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made available...

6.5CVSS6.3AI score0.0027EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:28 p.m.12 views

CVE-2026-10586

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.3 via the saveaigeneratedimage function. This makes it possible for authenticated attackers, with Author-level...

7.2CVSS5.9AI score0.00213EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:6 p.m.6 views

CVE-2026-11309

Insufficient policy enforcement in History in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.5AI score0.00132EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:6 p.m.8 views

CVE-2026-11306

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...

8.8CVSS6AI score0.00224EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:6 p.m.10 views

CVE-2026-11307

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...

8.8CVSS6AI score0.00228EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:6 p.m.8 views

CVE-2026-11308

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. Chromium security severity: Low...

6.3CVSS5.4AI score0.00099EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities74794