Lucene search
+L
AttackerkbRecent

75902 matches found

attackerkb
attackerkb
added 2026/06/03 7:26 p.m.7 views

CVE-2026-44682

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.15051.93227...

7.3CVSS7.1AI score0.00115EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/03 7:26 p.m.6 views

CVE-2026-42061

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.15051.93227...

7.3CVSS7.1AI score0.00106EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/03 7:26 p.m.7 views

CVE-2026-50033

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.15051.93227...

7.3CVSS7.1AI score0.00115EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/03 7:25 p.m.9 views

CVE-2026-44609

Local privilege escalation due to EXE hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.15051.93227...

7.3CVSS7.1AI score0.00106EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/03 6:16 p.m.9 views

CVE-2026-8888

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...

5.8AI score0.00432EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/03 6:15 p.m.6 views

CVE-2026-8889

Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching 25,020 hashes and CIPA blocklist matching 12,352 hashes...

5.8AI score0.00249EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/03 6:13 p.m.7 views

CVE-2026-8881

Version 3.0.7 of the Securly Chrome Extension uses EVPBytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching...

5.7AI score0.00163EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/03 6:11 p.m.7 views

CVE-2026-8879

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

5.8AI score0.00374EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/03 6:10 p.m.9 views

CVE-2026-7888

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the Workflow, Form block, and File/Set components that lack the allowedclasses restriction. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been...

8.4CVSS5.9AI score0.00175EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/06/03 6:9 p.m.7 views

CVE-2026-8878

Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 hashes that are inadequately obfuscated using a simple Caesar cipher, which can be easily reversed to recover...

5.8AI score0.00211EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/03 6:7 p.m.8 views

CVE-2026-8876

Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data...

5.7AI score0.00241EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/03 6:3 p.m.7 views

CVE-2026-8874

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS...

5.8AI score0.00138EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/03 5:55 p.m.7 views

CVE-2026-45702

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.3.0 and prior to version 4.11.0, a type confusion vulnerability exists in OP-TEE OS when processing an FFAMEMSHARE...

4.4CVSS5.8AI score0.00155EPSS
Exploits1References2Affected Software1
attackerkb
attackerkb
added 2026/06/03 5:53 p.m.12 views

CVE-2026-45614

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By...

4.7CVSS5.8AI score0.00096EPSS
Exploits1References2Affected Software1
attackerkb
attackerkb
added 2026/06/03 5:44 p.m.7 views

CVE-2026-42839

An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the itemname, description, or image fields of an Item and trigger unescaped rendering in the Point of Sale POS cart interface for every operator who adds that item to a transaction.This issue...

4.8CVSS5.9AI score0.00261EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/06/03 5:35 p.m.8 views

CVE-2026-42840

An authenticated user can persist arbitrary HTML/JavaScript in the emailid or mobileno fields of a Customer record and trigger unescaped rendering in the Point of Sale POS interface for every operator who selects that customer. This issue affects ERPNext: 16.16.0...

5.1CVSS5.9AI score0.00243EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/06/03 4:56 p.m.7 views

CVE-2019-25720

Dräger SC Monitoring devices SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL contain a denial-of-service vulnerability in all software versions that allows unauthenticated attackers to reboot the monitor by sending a malformed network packet. Attackers can repeatedly send such malformed packet...

7.1CVSS5.8AI score0.00199EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/03 4:45 p.m.10 views

CVE-2026-40290

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior to 4.11.0, a user-after-free UAF race condition exists in the shared memory teardown logic of FF-A...

7.8CVSS5.8AI score0.00187EPSS
Exploits1References2Affected Software1
attackerkb
attackerkb
added 2026/06/03 4:19 p.m.7 views

CVE-2026-46273

In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support segmentation offload when the MSS is less than 224 bytes. Attempting to send such packets causes the adapter to freeze, stoppi...

5.6AI score0.00389EPSS
Exploits0References9Affected Software1
attackerkb
attackerkb
added 2026/06/03 4:9 p.m.10 views

CVE-2026-20230

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct server-side request forgery SSRF attacks through an affected device. This vulnerability ...

8.6CVSS7.6AI score0.41694EPSS
Exploits3References2Affected Software1
attackerkb
attackerkb
added 2026/06/03 4:6 p.m.8 views

CVE-2026-20175

A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input...

6.1CVSS6.1AI score0.0018EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/06/03 4:6 p.m.7 views

CVE-2026-20233

A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is needed. This vulnerability...

6.1CVSS6AI score0.00184EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:50 p.m.7 views

CVE-2026-46272

In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode When trying to run perf and sysfs mode simultaneously, the WARNON in tmcetrenablehw is triggered sometimes: WARNING: CPU: 42 PID: 3911571 at...

5.8AI score0.00088EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:50 p.m.10 views

CVE-2026-46271

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In case of multi-link connection, WCN7850 firmware crashes due to WoW offloads enabled on both primary and secondary links. Change to do it only on primary link to fix it...

5.8AI score0.00119EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:50 p.m.8 views

CVE-2026-46270

In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...

5.8AI score0.00129EPSS
Exploits0References9Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:50 p.m.6 views

CVE-2026-46269

In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree When probing the k230 pinctrl driver, the kernel triggers a NULL pointer dereference. The crash trace showed: 0.732084 Unable to handle kernel NULL point...

5.7AI score0.00113EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:50 p.m.6 views

CVE-2026-46268

In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Fix p2pmemallocmmap warning condition Commit b7e282378773 has already changed the initial page refcount of p2pdma page from one to zero, however, in p2pmemallocmmap it uses "VMWARNONONCEPAGE!pagerefcountpage" to asser...

5.7AI score0.00113EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:50 p.m.8 views

CVE-2026-46267

In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work before freeing context llcshdlcdeinit purges SHDLC skb queues and frees the llcshdlc structure while its timers and state machine work may still be active. Timer callbacks can schedule smwork...

5.7AI score0.00121EPSS
Exploits0References8Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:50 p.m.8 views

CVE-2026-46266

In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTORAW MUST drop incoming ICMP Yizhou Zhao reported that simply having one RAW socket on protocol IPPROTORAW 255 was dangerous. socketAFINET, SOCKRAW, 255; A malicious incoming ICMP packet can set the...

5.8AI score0.00346EPSS
Exploits0References6Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:50 p.m.6 views

CVE-2026-46265

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix WQMEMRECLAIM warning When sunrpc is used, if a reset triggered, our wq may lead the following trace: workqueue: WQMEMRECLAIM xprtiod:xprtrdmaconnectworker rpcrdma is flushing !WQMEMRECLAIM...

5.8AI score0.00371EPSS
Exploits0References7Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:50 p.m.11 views

CVE-2026-46264

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devmaddactionorreset failure the provided cleanup action will be run immediately on the not yet initialized kobject. This may lead to errors like: kobject: 'null' ff110001393608e0: i...

5.8AI score0.00112EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:50 p.m.7 views

CVE-2026-46263

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds stream encoder index v3 engid can be negative and that streamencregs can be indexed out of bounds. engid is used directly as an index into streamencregs, which has only 5 entries. When engid is ...

5.7AI score0.0012EPSS
Exploits0References5Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:49 p.m.7 views

CVE-2026-46262

In the Linux kernel, the following vulnerability has been resolved: ASoC: fslxcvr: Revert fix missing lock in fslxcvrmodeput This reverts commit f51424872760 "ASoC: fslxcvr: fix missing lock in fslxcvrmodeput". The original patch attempted to acquire the card-controlsrwsem lock in fslxcvrmodeput...

5.7AI score0.00091EPSS
Exploits0References8Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:49 p.m.7 views

CVE-2026-46261

In the Linux kernel, the following vulnerability has been resolved: spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcmfiuprobe platformgetresourcebyname can return NULL, which would cause a crash when passed the pointer to resourcesize. Move the fiu-memorysize assignment after the erro...

5.7AI score0.00114EPSS
Exploits0References6Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:49 p.m.9 views

CVE-2026-46260

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bound access in fib6addrt2node. syzbot reported out-of-bound read in fib6addrt2node. 0 When IPv6 route is created with RTANHID, struct fib6info does not have the trailing struct fib6nh. The cited commit started t...

5.7AI score0.0012EPSS
Exploits0References6Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:49 p.m.11 views

CVE-2026-46259

In the Linux kernel, the following vulnerability has been resolved: procfs: fix missing RCU protection when reading realparent in dotaskstat When reading /proc/pid/stat, dotaskstat accesses task-realparent without proper RCU protection, which leads to: cpu 0 cpu 1 ----- ----- dotaskstat var =...

5.7AI score0.0012EPSS
Exploits0References9Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:49 p.m.8 views

CVE-2026-46258

In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Avoid NULL dereference in linehandlecreate In linehandlecreate, there is a statement like this: retainandnullptrlh; Soon after, there is a debug printout that dereferences "lh", which will crash things. Avoid the cras...

5.8AI score0.001EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:49 p.m.7 views

CVE-2026-46257

In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/timer-sp804: Fix an Oops when readcurrenttimer is called on ARM32 platforms where the SP804 is not registered as the schedclock. On SP804, the delay timer shares the same clkevt instance with schedclock. On so...

5.7AI score0.001EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:49 p.m.6 views

CVE-2026-46256

In the Linux kernel, the following vulnerability has been resolved: NFS/localio: prevent direct reclaim recursion into NFS via nfswritepages LOCALIO is an NFS loopback mount optimization that avoids using the network for READ, WRITE and COMMIT if the NFS client and server are determined to be on...

5.8AI score0.00099EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:49 p.m.7 views

CVE-2026-46255

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: don't explicitly disable clocks in .remove The clocks in fsledmaengine::muxclk are allocated and enabled with devmclkgetenabled, which automatically cleans these resources up, but these clocks are also manual...

5.8AI score0.00114EPSS
Exploits0References6Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:49 p.m.6 views

CVE-2026-46254

In the Linux kernel, the following vulnerability has been resolved: AppArmor: Allow apparmor to handle unaligned dfa tables The dfa tables can originate from kernel or userspace and 8-byte alignment isn't always guaranteed and as such may trigger unaligned memory accesses on various architectures...

5.7AI score0.00114EPSS
Exploits0References5Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:49 p.m.7 views

CVE-2026-46253

In the Linux kernel, the following vulnerability has been resolved: pstore/ram: fix buffer overflow in persistentramsaveold persistentramsaveold can be called multiple times for the same persistentramzone e.g., via ramoopspstoreread - ramoopsgetnextprz for PSTORETYPEDMESG records. Currently, the...

5.9AI score0.00136EPSS
Exploits0References9Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:49 p.m.6 views

CVE-2026-46252

In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulatorresolvesupply error path If late enabling of a supply regulator fails in regulatorresolvesupply, the code currently triggers a lockdep warning: WARNING: drivers/regulator/core.c:2649 at...

5.5CVSS5.8AI score0.00091EPSS
Exploits0References9Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:49 p.m.7 views

CVE-2026-46251

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix blockgrouptree dirtylist corruption When the incompat flag EXTENTTREEV2 is set, we unconditionally add the block group tree to the switchcommits list before calling switchcommitroots, as we do for the tree root and the...

5.7AI score0.00132EPSS
Exploits0References7Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:49 p.m.6 views

CVE-2026-46250

In the Linux kernel, the following vulnerability has been resolved: MIPS: Work around LLVM bug when gp is used as global register variable On MIPS, currentthreadinfo is defined as global register variable locating in $gp, and is simply assigned with new address during kernel relocation. This...

5.7AI score0.00128EPSS
Exploits0References9
attackerkb
attackerkb
added 2026/06/03 3:49 p.m.6 views

CVE-2026-46249

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix PF driver crash with kexec kernel booting During a kexec reboot the hardware is not power-cycled, so AF state from the old kernel can persist into the new kernel. When AF and PF drivers are built as modules, the...

5.8AI score0.00115EPSS
Exploits0References9Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:49 p.m.13 views

CVE-2026-46248

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: clear stale link mapping of ahvif-linksmap When an arvif is initialized in non-AP STA mode but MLO connection preparation fails before the arvif is created arvif-iscreated remains false, the error path attempts to...

5.7AI score0.00121EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:49 p.m.6 views

CVE-2026-46247

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gfx3d: add parent to parent request map After commit d228ece36345 "clk: divider: remove roundrate in favor of determinerate" determining GFX3D clock rate crashes, because the passed parent map doesn't provide the...

5.8AI score0.00123EPSS
Exploits0References7Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:49 p.m.8 views

CVE-2026-46246

In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916lbc: Fix use-after-free for extcon in IRQ handler Using the devm variant for requesting IRQ before the devm variant for allocating/registering the extcon handle, means that the extcon handle will be...

5.8AI score0.00125EPSS
Exploits0References5Affected Software1
attackerkb
attackerkb
added 2026/06/03 3:49 p.m.10 views

CVE-2026-46245

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dclink NULL handling in HPD init amdgpudmhpdinit may see connectors without a valid dclink. The code already checks dclink for the polling decision, but later unconditionally dereferences it when setting up H...

5.7AI score0.00108EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities75902