Lucene search
+L
AttackerkbRecent

76099 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/02 8:30 p.m.11 views

CVE-2026-41569

authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix check rather than proper URL parsing. An attacker who can craft a login link can supply a wreply value on a different origin...

6.9CVSS5.8AI score0.0019EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 8:30 p.m.8 views

CVE-2026-10624

A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Page. Such manipulation of the argument employeeid leads to improper control of resource identifier...

5.3CVSS5.3AI score0.00242EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 8:15 p.m.7 views

CVE-2026-10620

A flaw has been found in code-projects Student Admission System 1.0. Affected is an unknown function of the file /index.php. This manipulation of the argument eid/did causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

7.5CVSS6.9AI score0.00272EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 8:0 p.m.9 views

CVE-2026-10619

A vulnerability was detected in sayan365 student-management-system up to 7f3c9ce7d410332335c2affac93a385485051800. This impacts an unknown function. The manipulation results in improper authentication. The attack can be executed remotely. The exploit is now public and may be used. This product...

7.5CVSS6.8AI score0.00498EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:31 p.m.12 views

CVE-2026-28299

SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when exploited, could cause the Web Help Desk server to crash due to insufficient memory...

8.2CVSS5.8AI score0.00417EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:27 p.m.8 views

CVE-2021-4479

Dräger Atlan A350 software versions 1.00 through 1.01 contains an improper input handling vulnerability that allows attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can transmit malformed data to overload th...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:17 p.m.9 views

CVE-2021-4478

Dräger CC-Vision Basic before 7.5.3 and Dräger CC-Vision E-Cal before 7.2.5.0 contain an out-of-bounds write vulnerability when loading .gdt files. A crafted .gdt file can trigger a buffer overflow during file parsing, allowing an attacker to crash the application or execute malicious code on the...

8.3CVSS6.3AI score0.00122EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:11 p.m.7 views

CVE-2019-25724

Dräger Infinity M300 patient worn monitors with software version VG2.x and earlier contain a network-based denial of service vulnerability that allows attackers with access to the hospital or Infinity Network to repeatedly trigger device reboots until the device enters a fail state requiring manu...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:9 p.m.10 views

CVE-2026-48596

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.addcontenttypeparam/2. Tesla.Multipart.addcontenttypeparam/2 appends caller-supplied strings to the multipart...

2.1CVSS5.9AI score0.0017EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:8 p.m.8 views

CVE-2026-48594

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline, HTTP...

8.2CVSS5.8AI score0.00329EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:8 p.m.10 views

CVE-2026-48595

Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects. Tesla.Middleware.FollowRedirects strips security-sensitive headers on cross-origin redirects using a case-sensitive string comparison against a...

8.2CVSS5.8AI score0.00396EPSS
Exploits2References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:8 p.m.9 views

CVE-2026-48597

Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme with no...

8.2CVSS5.8AI score0.00301EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:8 p.m.8 views

CVE-2026-48598

Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.partheadersfordisposition/1 interpolates each disposition parameter as k="v" with no validation of CR \r, LF \n, o...

2.1CVSS5.8AI score0.00143EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:8 p.m.8 views

CVE-2026-10584

Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests intended to be sent over HTTPS. To remediate this issue, users should upgrade to Graph Explorer...

8.2CVSS5.8AI score0.00101EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:3 p.m.8 views

CVE-2026-35202

Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broke...

2.3CVSS5.8AI score0.00212EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:0 p.m.8 views

CVE-2019-25723

Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can overload the internal...

6.3CVSS5.8AI score0.00236EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:0 p.m.13 views

CVE-2026-10617

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...

7.5CVSS6.5AI score0.00399EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:44 p.m.9 views

CVE-2019-25722

Dräger SC Monitoring devices SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with...

7.6CVSS5.9AI score0.00193EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:35 p.m.7 views

CVE-2026-35049

wire-ios is an iOS client for the Wire secure messaging application. Prior to version 4.16.0, upon receiving a crafted malicious Proteus external message with an encrypted payload that is shorter than 16 bytes, the Wire iOS client crashes. The crash is triggered automatically after message receiv...

6.5CVSS5.7AI score0.00235EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:32 p.m.9 views

CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

8.7CVSS5.8AI score0.0015EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:32 p.m.8 views

CVE-2026-5385

An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7...

8.4CVSS5.8AI score0.00418EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:30 p.m.15 views

CVE-2026-5073

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS5.9AI score0.01383EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:30 p.m.13 views

CVE-2026-5076

The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...

9.8CVSS5.9AI score0.01383EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:30 p.m.11 views

CVE-2026-5074

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir0' parameter of the getprivatecontentdata AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient sanitization of the user-supplied parameter which is concatenated directly into...

6.5CVSS5.9AI score0.00308EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:30 p.m.10 views

CVE-2026-10616

A weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function TeamTasksTool.executeComplete of the file internal/tools/teamtaskslifecycle.go of the component Team Task Completion Handler. Executing a manipulation can lead to missing authorization. Th...

5.3CVSS5.5AI score0.00206EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:29 p.m.8 views

CVE-2026-34993

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

6.4CVSS6.1AI score0.00128EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:23 p.m.9 views

CVE-2026-42342

React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportionate server resources via unbounded path expansion in the manifest endpoint, resulting in response...

7.5CVSS5.8AI score0.00299EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:20 p.m.7 views

CVE-2025-64390

A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J Blu-ray Disc Java sandbox can be escaped through a malformed JAR file...

5.8AI score0.00085EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:18 p.m.7 views

CVE-2026-42211

React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote code execution RCE through external requests. This attack requires the application code to have an existing prototype pollution...

8.1CVSS6.5AI score0.00416EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:5 p.m.8 views

CVE-2026-49120

Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHIR Subscription resources with arbitrary endpoint URLs. Attackers can point subscription endpoints ...

8.5CVSS6AI score0.00229EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:0 p.m.9 views

CVE-2026-10608

A security flaw has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the file /plus/carbuyaction.php. The manipulation of the argument postname/des results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used f...

7.5CVSS6.9AI score0.00308EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:55 p.m.10 views

CVE-2026-40181

React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact...

8.7CVSS5.8AI score0.00162EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:45 p.m.12 views

CVE-2026-10607

A vulnerability was identified in DedeCMS 5.7.88. The impacted element is the function dedehtmlspecialchars of the file /plus/flink.php. The manipulation of the argument msg leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

7.5CVSS7AI score0.00313EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:31 p.m.9 views

CVE-2026-34077

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:29 p.m.11 views

CVE-2019-25721

Dräger Infinity M300 patient worn monitors with software version VG2.3.1 and earlier contain a network-based denial of service vulnerability that allows network-adjacent attackers to repeatedly trigger device reboots by sending malicious requests over the Infinity Network. Attackers can exploit...

7.1CVSS5.8AI score0.00187EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:28 p.m.8 views

CVE-2026-1829

The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'etpbtext' shortcode 'cvdbcontentvisibilitycheck' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...

8.8CVSS6.1AI score0.00682EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:26 p.m.8 views

CVE-2026-8036

Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux...

8.4CVSS5.9AI score0.00107EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:22 p.m.7 views

CVE-2026-8035

Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux...

7.1CVSS5.8AI score0.00096EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:16 p.m.10 views

CVE-2026-10702

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3...

5.8AI score0.00553EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:15 p.m.8 views

CVE-2026-10701

Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 151.0.3...

5.8AI score0.00301EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:14 p.m.9 views

CVE-2026-33245

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

8CVSS5.8AI score0.00188EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:12 p.m.9 views

CVE-2026-41577

authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor ResponseProcessor.parse does not validate the Conditions element on assertions. NotBefore, NotOnOrAfter, and AudienceRestriction are all ignored. This allows replay of expir...

6.9CVSS5.7AI score0.00169EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 4:59 p.m.15 views

CVE-2026-33244

React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in the statically generated HTML files if the redirect location comes from an...

5.4CVSS5.8AI score0.00144EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 4:49 p.m.17 views

CVE-2026-24237

NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure...

7.8CVSS5.8AI score0.0017EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 4:48 p.m.11 views

CVE-2026-24221

NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering and information disclosure...

7.8CVSS5.8AI score0.0017EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 4:44 p.m.15 views

CVE-2026-40571

NamelessMC is website software for Minecraft servers. In version 2.2.4, core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated low-privileged users can add reactions to private...

5.3CVSS5.8AI score0.00235EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 4:41 p.m.21 views

CVE-2026-35447

NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page modules/Core/pages/profile.php processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to wri...

5.3CVSS5.9AI score0.00236EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 4:30 p.m.10 views

CVE-2026-10606

A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler. Executing a manipulation of the argument msg can lead to sql injection. The attack can be launched remotely. The exploit has been public...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/02 4:16 p.m.8 views

CVE-2026-49943

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The aspathmatch function uses a fixed-size stack array of 2048 + 1 pmpos entries, while parsepath expands ASPATH segments from a received BGP...

6.3CVSS6.1AI score0.003EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 4:14 p.m.8 views

CVE-2026-40715

Dell ThinOS 10, versions prior to ThinOS10 260210.0765, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Privilege Escalation...

7.8CVSS5.8AI score0.001EPSS
Exploits0References2
Total number of security vulnerabilities76099