Lucene search
K
AttackerkbRecent

75017 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.7 views

CVE-2026-11171

Integer overflow in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.3AI score0.0028EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.7 views

CVE-2026-11170

Inappropriate implementation in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. Chromium security severity: Medium...

5.8AI score0.00238EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.6 views

CVE-2026-11172

Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00234EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.6 views

CVE-2026-11168

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00229EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.6 views

CVE-2026-11169

Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted XML file. Chromium security severity: Medium...

6AI score0.00211EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.11 views

CVE-2026-11167

Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00234EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.8 views

CVE-2026-11166

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

6AI score0.00205EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.7 views

CVE-2026-11163

Use after free in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00234EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.7 views

CVE-2026-11165

Use after free in WebMIDI in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00234EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.6 views

CVE-2026-11164

Use after free in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.2AI score0.0028EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.6 views

CVE-2026-11161

Inappropriate implementation in DataTransfer in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00152EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.6 views

CVE-2026-11162

Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00187EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.6 views

CVE-2026-11158

Insufficient validation of untrusted input in Downloads in Google Chrome on Mac prior to 149.0.7827.53 allowed a local attacker to potentially perform a sandbox escape via a crafted AppleScript command. Chromium security severity: Medium...

5.8AI score0.00083EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.6 views

CVE-2026-11160

Out of bounds read in Input in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00229EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.7 views

CVE-2026-11159

Uninitialized Use in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00204EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.7 views

CVE-2026-11156

Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00152EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.8 views

CVE-2026-11157

Script injection in Accessibility in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML UXSS via a crafted Chrome Extension. Chromium security severity: Medium...

5.9AI score0.00121EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.7 views

CVE-2026-11154

Use after free in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00207EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.8 views

CVE-2026-11155

Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00152EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.7 views

CVE-2026-11151

Insufficient validation of untrusted input in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00221EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.8 views

CVE-2026-11152

Object lifecycle issue in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00234EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.6 views

CVE-2026-11153

Side-channel information leakage in Forms in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00264EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.7 views

CVE-2026-11149

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...

7.5CVSS5.8AI score0.00221EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.6 views

CVE-2026-11150

Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

6AI score0.00159EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.6 views

CVE-2026-11148

Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00137EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.7 views

CVE-2026-11147

Use after free in WebML in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.2AI score0.00354EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.6 views

CVE-2026-11146

Insufficient validation of untrusted input in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00234EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 10:33 p.m.9 views

CVE-2026-20245

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. This vulnerability is due to insufficient validation of user-supplied input...

7.8CVSS6.1AI score0.25323EPSS
Exploits2References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 10:0 p.m.7 views

CVE-2026-48579

Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network...

9.1CVSS5.8AI score0.01015EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 10:0 p.m.9 views

CVE-2026-47655

Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network...

6.5CVSS5.8AI score0.00756EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 10:0 p.m.8 views

CVE-2026-47644

Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

6.5CVSS5.8AI score0.00732EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 10:0 p.m.7 views

CVE-2026-42824

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...

7.5CVSS6AI score0.0764EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 10:0 p.m.10 views

CVE-2026-45497

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...

7.7CVSS6AI score0.00452EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 10:0 p.m.9 views

CVE-2026-48567

Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network...

10CVSS5.8AI score0.00973EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 9:8 p.m.10 views

CVE-2026-42547

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.8AI score0.00174EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 9:0 p.m.8 views

CVE-2026-42543

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, because they use the HTTP method GET to change state on the server. Version 2.4.28 contains a patch...

5.7AI score0.00174EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 8:57 p.m.8 views

CVE-2026-42540

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

5.8AI score0.00183EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 8:54 p.m.9 views

CVE-2026-42539

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...

5.8AI score0.00232EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 8:48 p.m.11 views

CVE-2026-42538

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...

6.3CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 8:47 p.m.9 views

CVE-2026-42329

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...

4.7CVSS5.8AI score0.00174EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 8:31 p.m.8 views

CVE-2026-5066

A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem subsys/net/lib/sockets/socketstls.c. When the TLS session cache is enabled, tlssessionstore and tlssessionrestore memcpy the caller-supplied address into a fixed-size buffer using the...

6.3CVSS6.2AI score0.0032EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 8:30 p.m.8 views

CVE-2026-10870

A flaw has been found in Shibby Tomato 1.28.0000. This affects the function startdhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This project is...

8.6CVSS6.8AI score0.02199EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 7:54 p.m.7 views

CVE-2026-5589

An integer underflow in btmeshsolrecv in the Bluetooth Mesh solicitation handling subsys/bluetooth/mesh/solicitation.c leads to an out-of-bounds write. When CONFIGBTMESHODPRIVPROXYSRV is enabled, the function parses solicitation PDUs from raw BLE advertising payloads. The AD parsing loop reads an...

6.2AI score0.00218EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 7:44 p.m.9 views

CVE-2026-21404

NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation SOAP implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the...

6.3CVSS5.8AI score0.00122EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/04 7:31 p.m.8 views

CVE-2026-41522

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

7.1CVSS5.9AI score0.00246EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 7:28 p.m.10 views

CVE-2026-41518

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...

7.6CVSS6AI score0.002EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 7:26 p.m.7 views

CVE-2026-41249

CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.re...

8.2CVSS6AI score0.00433EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 5:55 p.m.6 views

CVE-2026-41237

Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses \s+ which matches newlines allowing embedded newlines to pass, TLSA matchingType=0 has no upper bound on hex data length, and all validators return raw input without zone-file escaping...

8.6CVSS5.8AI score0.00269EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 5:52 p.m.8 views

CVE-2026-41236

Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to /.ssh/authorizedkeys under a customer-controlled home directory without...

8.8CVSS5.9AI score0.00366EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/04 5:50 p.m.8 views

CVE-2026-41235

Froxlor is open source server administration software. Version 2.3.6 lets administrators configure system.availableshells as the approved shell list that customers may assign to FTP users. However, the server-side FTP account handlers do not enforce that whitelist when processing add or edit...

9.4CVSS5.9AI score0.00227EPSS
Exploits0References3
Total number of security vulnerabilities75017