Lucene search
K
AttackerkbRecent

74872 matches found

ATTACKERKB
ATTACKERKB
•added 1 hour ago•4 views

CVE-2026-62175

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-60091. Reason: This candidate is a duplicate of CVE-2026-60091. Notes: All CVE users should reference CVE-2026-60091 instead of this candidate...

Exploits0References1
ATTACKERKB
ATTACKERKB
•added 1 hour ago•2 views

CVE-2026-43637

Cornac before 2.6.0 contains a path traversal Tar Slip vulnerability that allows attackers to write arbitrary files outside the intended cache directory by supplying a crafted TAR archive containing ../ sequences, absolute paths, or symlink/hardlink entries to the extractarchive function in...

9.1CVSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2 hours ago•2 views

CVE-2026-59838

A improper neutralization of script-related html tags in a web page basic xss vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.2.0 through 7.2.6, FortiSIEM 7.1 all versions, FortiSIEM 7.0 all versions, FortiSIEM 6.7 all versions, FortiSIEM 6.6 all versions,...

5.9CVSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2 hours ago•2 views

CVE-2026-46459

ICU Scandinavia Boomerang is vulnerable to a missing authentication flaw in its device receiver endpoints. This allows an unauthenticated remote attacker to read full facility configurations and write unauthorized data to the sensor database. This issue has been fixed in version 2.4.18.029...

7.1CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2 hours ago•2 views

CVE-2026-46458

ICU Scandinavia Boomerang is vulnerable to an information disclosure flaw where sensitive credential files are exposed via static HTTP. This allows an unauthenticated remote attacker to retrieve plaintext service account and SMTP credentials by requesting specific XML files from the webroot. This...

7.1CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 3 hours ago•2 views

CVE-2026-58559

DoS vulnerability in the vibration service. Impact: Successful exploitation of this vulnerability may affect availability...

6.5CVSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
•added 3 hours ago•2 views

CVE-2026-58558

Permission control vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

7.8CVSS
Exploits0References3Affected Software2
ATTACKERKB
ATTACKERKB
•added 3 hours ago•2 views

CVE-2026-58556

Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect availability...

5.1CVSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
•added 3 hours ago•2 views

CVE-2026-15779

A flaw was found in samba's pamwinbind. When mkhomedir is enabled, pamwinbind chowns the target account's home directory without validating the path is not a critical system directory such as /. On affected systems, accounts with / as their home directory a common default for system accounts can...

6.1CVSS
Exploits0References6
ATTACKERKB
ATTACKERKB
•added 3 hours ago•3 views

CVE-2026-15809

A flaw was found in CRI-O. The fix for a previous vulnerability CVE-2022-4318 was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can inject a newline character into the HOME environment variable. This issue allows the addition of arbitra...

7.8CVSS0.00266EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
•added 3 hours ago•2 views

CVE-2026-58557

Design defect vulnerability in Expedition mode. Impact: Successful exploitation of this vulnerability may affect availability...

4.8CVSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 3 hours ago•2 views

CVE-2026-58554

Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

6.6CVSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
•added 3 hours ago•2 views

CVE-2026-58555

Permission bypass vulnerability in the card module. Impact: Successful exploitation of this vulnerability may affect availability...

6.6CVSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 3 hours ago•2 views

CVE-2026-58553

Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

4CVSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 3 hours ago•3 views

CVE-2026-58552

Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

5.1CVSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 3 hours ago•2 views

CVE-2026-58551

Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

5.1CVSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 3 hours ago•2 views

CVE-2026-58550

Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

4CVSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 3 hours ago•3 views

CVE-2026-58549

Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

4CVSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 hours ago•3 views

CVE-2026-61873

Grav before 9.1.8 contains an arbitrary file write vulnerability in the Form plugin's process.save.filename parameter, which is validated against path traversal before Twig processing but never re-validated after rendering. Attackers can submit form data containing path traversal sequences that a...

8.1CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•3 views

CVE-2026-61872

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the TIFF encoder when an invalid tiff:tile-geometry is specified. Supplying malformed tile geometry parameters causes allocated memory not to be released, which can lead to increased memory consumption...

2.5CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•2 views

CVE-2026-61871

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the ICON decoder that occurs when a memory allocation fails. Processing a crafted ICON file that triggers an allocation failure leaks memory, which may lead to a denial of service...

6.3CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•3 views

CVE-2026-61869

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the MIFF encoder that occurs when a memory allocation fails during MIFF image processing, which can lead to denial of service...

2.9CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•2 views

CVE-2026-61868

ImageMagick before 7.1.2-26 and 6.9.x before 6.9.13-51 contains a memory leak in the YUV decoder that occurs when opening of the blob fails. Repeated triggering can lead to resource exhaustion denial of service...

6.3CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•2 views

CVE-2026-61867

ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the TIFF encoder when memory allocation fails. Attackers can trigger allocation failures during TIFF image processing to cause memory exhaustion and denial of service...

2.9CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•2 views

CVE-2026-61865

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the hough lines operation: when a specific operation fails, a small memory leak occurs...

2.9CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•3 views

CVE-2026-61866

ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the JNG encoder when a blob cannot be opened. Attackers can trigger the memory leak by providing malformed JNG files that fail blob operations, causing resource exhaustion...

2.9CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•2 views

CVE-2026-61864

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in color transformation to the log colorspace: when the operation fails, a small amount of memory is not released...

2.9CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•2 views

CVE-2026-61863

ImageMagick before 7.1.2-26 and 6.x before 6.9.13-51 contains a memory leak in the TIFF encoder that occurs when a temporary file cannot be created, resulting in a small memory leak...

2.9CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•3 views

CVE-2026-61862

ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed read past the profile boundary. This behavior occurs whe...

2.9CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•2 views

CVE-2026-61860

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a use-after-free vulnerability that occurs when freetype initialization fails: the method does not exit and continues to use memory that was already freed. This can be triggered during image processing and may lead to a denial of service...

6.3CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•2 views

CVE-2026-61859

ImageMagick before 7.1.2-26 and 6.9.13-x before 6.9.13-51 contains a policy bypass vulnerability in the -script operation due to missing security policy checks. This allows reading files from paths that are otherwise disallowed by the configured security policy...

4.8CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•3 views

CVE-2026-61464

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a heap-based buffer over-write vulnerability that occurs when running an X11 import with a crafted window title, which can result in heap memory corruption and denial of service...

1.8CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•2 views

CVE-2026-61457

The Grav API plugin getgrav/grav-plugin-api before 1.0.3 contains a file upload extension bypass in the API media controller. HandlesMediaUploads::validateFileExtension inspects only the final file extension via pathinfo$filename, PATHINFOEXTENSION, so a user with api.media.write permission can...

8.8CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•3 views

CVE-2026-61452

The Grav API plugin getgrav/grav-plugin-api before 2.0.4 contains an improper session invalidation vulnerability where JWT access tokens are issued without a jti JWT ID claim and therefore cannot be revoked server-side. Unlike refresh tokens, access tokens remain valid for their full lifetime...

6.9CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•2 views

CVE-2026-61453

Grav v2.0.0 contains a cross-site scripting vulnerability fixed in 2.0.1. The XSS blueprint validator Security::detectXss runs on raw page content before Twig processing. When Twig content processing is enabled twigcontent.processenabled: true, an attacker with page-write API permission can use...

6.1CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•2 views

CVE-2026-61451

The Grav API plugin grav-plugin-api before 1.0.4 does not validate the origin of the client-supplied adminbaseurl field in the POST /api/v1/auth/forgot-password endpoint. The sanitizeHttpUrl function only checks that the URL scheme is http/https and never verifies the host against the server's ow...

9.6CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•3 views

CVE-2026-61449

Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM\Installer. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory header ZipArchive::statIndex'size' and rejects archives exceeding...

7.1CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•2 views

CVE-2026-61446

PraisonAI praisonaiagents before 1.6.78 contains a remote code execution vulnerability in the plugin manager, which loads and executes arbitrary Python .py files from project-level and user-home .praisonai/plugins/ directories using importlib specfromfilelocation and execmodule without code...

8.6CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•3 views

CVE-2026-61443

PraisonAI before 1.6.78 contains a remote code execution vulnerability in SkillTools.runskillscript that executes scripts without path containment validation. Attackers can supply absolute file paths to execute arbitrary scripts from any filesystem location, including those outside the intended...

8.6CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•2 views

CVE-2026-61438

PraisonAI before 4.6.78 contains a remote code execution vulnerability in JobWorkflowExecutor.execinlinepython due to insufficient AST validation of workflow script steps. Attackers can create malicious YAML workflow files with import os statements followed by os.system calls that bypass sandbox...

7.3CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•2 views

CVE-2026-61440

PraisonAI Platform before 0.1.9 fails to properly authorize label and issue-label mutations, allowing workspace members to rename and recolor shared labels and add or remove labels on owner-created issues. Attackers with workspace member privileges can exploit PATCH and POST/DELETE endpoints to...

7.1CVSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 4 hours ago•2 views

CVE-2026-61436

PraisonAI before 4.6.78 fails to verify Svix webhook signatures in AgentMail webhook mode, allowing unauthenticated attackers to forge message.received events. Attackers can send crafted JSON payloads to the webhook endpoint to invoke configured agents with arbitrary sender addresses and message...

8.8CVSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 4 hours ago•2 views

CVE-2026-61435

PraisonAI before 4.6.78 contains an authentication bypass in the Call API agent invocation endpoints src/praisonai/praisonai/api/agentinvoke.py when PRAISONAICALLAUTH=disabled is configured. The safeguard intended to restrict the disabled-auth opt-out to localhost binding derives the bind host fr...

8.8CVSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 4 hours ago•2 views

CVE-2026-61430

PraisonAI before 1.6.78 contains a server-side request forgery vulnerability in the webcrawl tool that validates hostnames at check time but re-resolves them at connection time without IP pinning. Attackers can use DNS rebinding to bypass SSRF protection and retrieve internal HTTP response bodies...

8.5CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•2 views

CVE-2026-61433

PraisonAI before 4.6.78 fails to safely encode deployment configuration values when generating Python source code for API servers. Attackers can inject arbitrary Python expressions through the deploy.api.host and agentsfile configuration parameters that execute when the generated server starts or...

8.5CVSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 4 hours ago•3 views

CVE-2026-61427

PraisonAI before 4.6.78 exposes the MCP HTTP-stream transport without authentication by default: the CLI --api-key option defaults to None, and the server only enforces Authorization/Bearer checks when an API key is configured. When an operator runs 'praisonai mcp serve --transport http-stream'...

7.3CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•2 views

CVE-2026-60087

PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with...

6.9CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•2 views

CVE-2026-60085

PraisonAI before 4.6.78 contains an unenforced security policy vulnerability in the default Subprocess Sandbox backend where blockedcommands, blockedpaths, blockedimports, allowsubprocess, and allowfilewrite restrictions are completely ignored. Attackers can execute arbitrary subprocess commands,...

8.7CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•2 views

CVE-2026-59259

n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a permission bypass vulnerability in external secrets handling caused by a mismatch between the static validation check and the runtime expression engine. An authenticated user with credential create or update permissions but without the...

6CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 4 hours ago•2 views

CVE-2026-59254

n8n before 2.28.1 contains an information disclosure vulnerability where external secrets are incorrectly resolved in workflow node expressions outside credentials scope. Authenticated project editors can read plaintext external secret values by referencing them in node expressions without...

6.3CVSS
Exploits0References3
Total number of security vulnerabilities74872