Lucene search
+L
AttackerkbRecent

75902 matches found

attackerkb
attackerkb
added 2026/06/04 11:5 p.m.7 views

CVE-2026-11150

Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

6AI score0.00159EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/06/04 11:5 p.m.6 views

CVE-2026-11148

Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00137EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/06/04 11:5 p.m.7 views

CVE-2026-11147

Use after free in WebML in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.2AI score0.00354EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/06/04 11:5 p.m.6 views

CVE-2026-11146

Insufficient validation of untrusted input in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00234EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/06/04 10:33 p.m.9 views

CVE-2026-20245

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. This vulnerability is due to insufficient validation of user-supplied input...

7.8CVSS6.1AI score0.25323EPSS
Exploits2References3Affected Software1
attackerkb
attackerkb
added 2026/06/04 10:0 p.m.7 views

CVE-2026-48579

Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network...

9.1CVSS5.8AI score0.01015EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/04 10:0 p.m.10 views

CVE-2026-47655

Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network...

6.5CVSS5.8AI score0.00756EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/04 10:0 p.m.8 views

CVE-2026-47644

Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

6.5CVSS5.8AI score0.00732EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/04 10:0 p.m.7 views

CVE-2026-42824

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...

7.5CVSS6AI score0.0764EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/04 10:0 p.m.10 views

CVE-2026-45497

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...

7.7CVSS6AI score0.00452EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/04 10:0 p.m.9 views

CVE-2026-48567

Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network...

10CVSS5.8AI score0.00973EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/04 9:8 p.m.10 views

CVE-2026-42547

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.8AI score0.00174EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/06/04 9:0 p.m.8 views

CVE-2026-42543

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, because they use the HTTP method GET to change state on the server. Version 2.4.28 contains a patch...

5.7AI score0.00174EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/06/04 8:57 p.m.8 views

CVE-2026-42540

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

5.8AI score0.00183EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/06/04 8:54 p.m.9 views

CVE-2026-42539

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...

5.8AI score0.00232EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/06/04 8:48 p.m.11 views

CVE-2026-42538

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...

6.3CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/06/04 8:47 p.m.9 views

CVE-2026-42329

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...

4.7CVSS5.8AI score0.00174EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/06/04 8:31 p.m.8 views

CVE-2026-5066

A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem subsys/net/lib/sockets/socketstls.c. When the TLS session cache is enabled, tlssessionstore and tlssessionrestore memcpy the caller-supplied address into a fixed-size buffer using the...

6.3CVSS6.2AI score0.0032EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/06/04 8:30 p.m.8 views

CVE-2026-10870

A flaw has been found in Shibby Tomato 1.28.0000. This affects the function startdhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This project is...

8.6CVSS6.8AI score0.02199EPSS
Exploits0References6Affected Software1
attackerkb
attackerkb
added 2026/06/04 7:54 p.m.7 views

CVE-2026-5589

An integer underflow in btmeshsolrecv in the Bluetooth Mesh solicitation handling subsys/bluetooth/mesh/solicitation.c leads to an out-of-bounds write. When CONFIGBTMESHODPRIVPROXYSRV is enabled, the function parses solicitation PDUs from raw BLE advertising payloads. The AD parsing loop reads an...

6.2AI score0.00218EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/06/04 7:44 p.m.9 views

CVE-2026-21404

NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation SOAP implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the...

6.3CVSS5.8AI score0.00122EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/04 7:31 p.m.8 views

CVE-2026-41522

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

7.1CVSS5.9AI score0.00246EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/06/04 7:28 p.m.10 views

CVE-2026-41518

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...

7.6CVSS6AI score0.002EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/06/04 7:26 p.m.7 views

CVE-2026-41249

CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.re...

8.2CVSS6AI score0.00433EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/06/04 5:55 p.m.6 views

CVE-2026-41237

Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses \s+ which matches newlines allowing embedded newlines to pass, TLSA matchingType=0 has no upper bound on hex data length, and all validators return raw input without zone-file escaping...

8.6CVSS5.8AI score0.00269EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/06/04 5:52 p.m.8 views

CVE-2026-41236

Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to /.ssh/authorizedkeys under a customer-controlled home directory without...

8.8CVSS5.9AI score0.00366EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/04 5:50 p.m.8 views

CVE-2026-41235

Froxlor is open source server administration software. Version 2.3.6 lets administrators configure system.availableshells as the approved shell list that customers may assign to FTP users. However, the server-side FTP account handlers do not enforce that whitelist when processing add or edit...

9.4CVSS5.9AI score0.00227EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/04 5:47 p.m.11 views

CVE-2026-41234

Froxlor is open source server administration software. Prior to version 2.3.7, the DomainZones.add API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled can inject newlines into TXT record values, which break out of the record...

8.8CVSS5.9AI score0.00544EPSS
Exploits1References4Affected Software1
attackerkb
attackerkb
added 2026/06/04 5:43 p.m.11 views

CVE-2026-40898

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.59.1, an attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large trailer field section with many unique field...

5.3CVSS6.8AI score0.00338EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/06/04 5:39 p.m.8 views

CVE-2026-48480

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptographically-signed final chunk was received before the outer HTTP body terminates. An on-path adversar...

8.7CVSS5.8AI score0.00167EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/06/04 5:39 p.m.7 views

CVE-2025-71316

SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being...

9.8CVSS5.9AI score0.00384EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/06/04 5:33 p.m.7 views

CVE-2026-48040

The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP RFC 9458 using BoringSSL's HPKE C library via JNI. When deriving native memory addresses for cryptographic operations versions prior to 0.0.22.Final provide a fallback path for direct...

8.8CVSS5.9AI score0.00174EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/06/04 5:22 p.m.10 views

CVE-2026-41207

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDFexpand returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a...

6.9CVSS5.8AI score0.00193EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/06/04 5:20 p.m.7 views

CVE-2026-25551

Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack...

8.5CVSS6.2AI score0.0013EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/06/04 5:19 p.m.7 views

CVE-2026-10880

OSNexus QuantaStor SDS Manager is vulnerable to SQL injection in the login endpoint. The username field is not properly sanitized before being incorporated into a SQL query, allowing an unauthenticated remote attacker to bypass authentication and log in as an administrator without supplying a val...

9.8CVSS5.9AI score0.00436EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/06/04 5:13 p.m.10 views

CVE-2026-25550

Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The service registers an unauthenticated singleton endpoint — BarTenderSystem for BarTender 2016 = R9, and...

9.8CVSS6.5AI score0.00729EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/04 5:2 p.m.10 views

CVE-2026-10796

nvm Node Version Manager through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as nvm install read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs...

7.5CVSS6.1AI score0.00464EPSS
Exploits1References5
attackerkb
attackerkb
added 2026/06/04 4:41 p.m.10 views

CVE-2026-50292

In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution...

7.4CVSS6.3AI score0.00498EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/06/04 4:18 p.m.8 views

CVE-2026-50266

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECTMANAGER without...

3.5CVSS7.1AI score0.00963EPSS
Exploits0References6Affected Software1
attackerkb
attackerkb
added 2026/06/04 4:9 p.m.9 views

CVE-2026-50076

Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and invoke classpath-present readResolve/readExternal hooks via...

9.1CVSS5.8AI score0.0052EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/04 4:7 p.m.8 views

CVE-2026-49942

Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could contain Unicode digits such as the Arabic-Indic One U+0661, or non-digits, which were ignored. This could allow network masks to accept larger networks. Leading zeros were also...

7.3CVSS5.8AI score0.00312EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/06/04 4:7 p.m.10 views

CVE-2026-49941

Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the encode method to parse addresses. If the addresses did not look like netmasks or network ranges, then they were assumed to single IP addresses and passed back to itself as a 32-bit or 128-bit...

7.5CVSS5.8AI score0.00329EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/04 4:7 p.m.10 views

CVE-2026-49940

Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One U+0661 were accepted but not properly parsed as numbers. This could allow network masks to accept larger networks...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/04 3:54 p.m.6 views

CVE-2026-46741

Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that the git repository contains an unreleased version with the...

7.5CVSS5.8AI score0.00262EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/04 3:45 p.m.10 views

CVE-2026-46739

Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. The updatestats used for updating counters and gauge methods do not check that values...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/06/04 3:30 p.m.8 views

CVE-2026-10815

A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/06/04 3:0 p.m.10 views

CVE-2026-10814

A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kvcatalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be performed locally. The...

4.5CVSS4.8AI score0.00089EPSS
Exploits0References8Affected Software1
attackerkb
attackerkb
added 2026/06/04 2:45 p.m.11 views

CVE-2026-45287

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it...

2.1CVSS5.8AI score0.00168EPSS
Exploits1References4Affected Software2
attackerkb
attackerkb
added 2026/06/04 2:45 p.m.7 views

CVE-2026-10813

A flaw has been found in LMCache up to 0.4.6. This affects the function hexhashtoint16 of the file lmcache/integration/vllm/utils.py of the component KV Cache Handler. Executing a manipulation can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level ...

3.6CVSS5.1AI score0.00075EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/06/04 2:39 p.m.7 views

CVE-2026-10868

A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit. When processing edit requests, the application accepted a user-controlled User.id value from request data. An authenticated attacker could cra...

9CVSS5.8AI score0.00239EPSS
Exploits0References2
Total number of security vulnerabilities75902