Lucene search
K
AttackerkbRecent

75017 matches found

ATTACKERKB
ATTACKERKB
added 57 minutes ago2 views

CVE-2026-33443

CVE-2026-33443 is a memory management error in Secure Access servers prior to 14.55. Attackers with an intimate knowledge of and total control over the tunnel protocol can create a persistent DoS against the server...

7.1CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 59 minutes ago2 views

CVE-2026-50144

ncnn is a high-performance neural network inference framework optimized for the mobile platform. In commit e54f7b1f88434e1d844ea0551b880a1cfb079ce1 and earlier, ncnn allows an out-of-bounds heap write in ncnn::ParamDict::loadparam when Net::loadparam loads a malicious .param model file because th...

7.1CVSS0.00018EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 1 hour ago3 views

CVE-2026-40958

CVE-2026-40958 is a input validation error in Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...

2.3CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 1 hour ago3 views

CVE-2026-45737

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From 3.2.0 until 3.2.12, 3.3.10, and 3.4.2, Argo CD ServerSideDiff can expose Kubernetes Secret values embedded in the kubectl.kubernetes.io/last-applied-configuration annotation because HideSecretDatatarget, live, ... does...

6.3CVSS0.00034EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 1 hour ago2 views

CVE-2026-40957

o CVE-2026-40957 is a frameable content vulnerability in the Secure Access server login page prior to 14.55. Attackers with control of a malicious web site could use it to potentially steal credentials from an unwary administrator...

6.1CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 1 hour ago2 views

CVE-2026-40956

CVE-2026-40956 is a memory disclosure vulnerability in Secure Access client versions prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can cause a small amount of random memory to leak...

2.1CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 1 hour ago2 views

CVE-2026-45738

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to 3.2.12, 3.3.10, and 3.4.2, Argo CD users with application write access can set link.argocd.argoproj.io/ annotations whose pipe-separated values are rendered by...

7.3CVSS0.00037EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 1 hour ago3 views

CVE-2026-40955

CVE-2026-40955 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...

2.1CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 1 hour ago2 views

CVE-2026-40954

CVE-2026-40954 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...

2.1CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 1 hour ago2 views

CVE-2026-49867

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template static resources let authenticated users submit TemplateManageRequest.staticResource through POST /de2api/templateManage/save or DataVisualizationServer.decompression, after which...

6.3CVSS0.00032EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 1 hour ago2 views

CVE-2026-46684

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase enterprise token handling can let TokenFilterdoFilter pass X-DE-TOKEN values to TokenUtils.validate, which checks only token presence and length before userBOByTokentoken uses JWT.decode without signature...

9.5CVSS0.00024EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 1 hour ago2 views

CVE-2026-40953

CVE-2026-40953 is a heap overflow in the certificate parsing function of Secure Access clients prior to 14.55. Attackers with local access and administrator permissions can create a denial of service attack against the client over which they have control...

6.7CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 1 hour ago3 views

CVE-2026-45320

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase dashboard SQL variables such as $deptId are processed by SqlparserUtils.transFilter, whose final branch returns raw user input for non-in and non-between operators before SubstitutedSql.replace"$var", valu...

8.7CVSS0.00062EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 1 hour ago2 views

CVE-2026-45535

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL-type datasets store attacker-controlled SQL variable defaultValue entries such as $var and SqlparserUtils.handleVariableDefaultValue inserts them with String.replace without escaping or parameterizatio...

8.7CVSS0.00017EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 1 hour ago3 views

CVE-2026-45533

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase export-center deletion can accept path traversal sequences such as ../ in the bulk delete API endpoint and pass attacker-controlled identifiers to ExportCenterManage.delete, allowing recursive deletion of...

8.3CVSS0.00024EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 1 hour ago3 views

CVE-2026-50124

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase can be exploited by uploading payload.zip through the Excel upload API /datasource/upload, creating an H2 datasource that uses the zip: protocol, and executing an SQL dataset path where...

7.1CVSS0.00025EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 1 hour ago2 views

CVE-2026-40952

CVE-2026-40952 is a privilege misconfiguration in the Secure Access installer for the Windows client and server prior to version 14.55. Attackers with local access to the client or server can use it to elevate privileges to Administrator when Secure Access is installed in a non-default location...

8.5CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 1 hour ago3 views

CVE-2026-50030

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL preview exposes DatasetDataApi.previewSql/previewSqlCheck through /de2api/datasetData/previewSql, accepts PreviewSqlDTO.sql, PreviewSqlDTO.datasourceId, and PreviewSqlDTO.isCross, then...

7.1CVSS0.00025EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 1 hour ago3 views

CVE-2026-45419

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template saves call TemplateManageServicesave, StaticResourceServersaveFilesToServe, and the /de2api/templateManage/save endpoint with attacker-controlled staticResource names and Base64 content, allowing...

8.5CVSS0.00024EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 1 hour ago3 views

CVE-2026-45417

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase datasource connection status checks concatenate configuration.getSchema into getTablesSql and execute the resulting SQL with executeQuery in io.dataease.datasource.provider.CalciteProvidercheckStatus,...

8.7CVSS0.00019EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 1 hour ago2 views

CVE-2026-45534

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase Redshift datasource connections can load attacker-controlled rsjdbc.ini configuration from System.getProperty"java.io.tmpdir", setting...

9CVSS0.00024EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 1 hour ago2 views

CVE-2026-49445

Cilium is a networking, observability, and security solution. Prior to 1.17.14, 1.18.8, and 1.19.2, when Cilium L7 functionality is enabled, the embedded or standalone Envoy instance creates a world-accessible admin.sock on cluster nodes, allowing a local attacker to access Envoy admin endpoints,...

9.2CVSS0.00017EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 1 hour ago2 views

CVE-2026-62353

TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.14, source/libs/parser/src/parTokenizer.c tGetToken incremented past a trailing backslash in a SQL string literal such as 'abc\ and read one byte beyond the null terminator, allowing an authenticated user...

5.4CVSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 1 hour ago2 views

CVE-2026-62351

TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, source/libs/transport/src/transComm.c transDecompressMsg read STransCompMsg.contLen when pHead-comp == 1 without first validating that the RPC packet contained the 8-byte STransCompMsg structure, causi...

7.5CVSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 1 hour ago2 views

CVE-2026-62348

TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, TDengine Enterprise allowed an authenticated low-privilege SQL user to run KILL SSMIGRATE against an active shared-storage migration because mndProcessKillSsMigrateReq called mndKillSsMigrate while the...

5.4CVSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 1 hour ago2 views

CVE-2026-15895

OS command injection in the npm package loading component in AWS jsii-diff before 1.131.0 might allow context-dependent attackers to execute arbitrary commands via crafted package specifiers passed to the npm: source argument. To mitigate this issue, users should upgrade to jsii-diff v1.131.0 or...

8.4CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 hours ago2 views

CVE-2026-62349

TDengine is an open source, time-series database optimized for Internet of Things devices. In 3.4.1.6 and earlier, source/libs/parser/src/parUtil.c trimString checks space for only one byte before processing SQL string escape sequences %, , or \x, allowing a one-byte out-of-bounds write to the...

8.3CVSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2 hours ago2 views

CVE-2026-62350

TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, a user with create udf privilege could upload a crafted shared library and install it as a user-defined function, such as eval, then execute arbitrary C code on the TDengine server side...

7.2CVSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2 hours ago2 views

CVE-2026-46421

The SAP Cloud Application Programming Model is a tool for building enterprise-grade cloud applications, and cap-js/cds-dbs is the monorepo for SQL database services for that tool. On April 29, 2026, compromised versions of @cap-js/[email protected], @cap-js/[email protected], and @cap-js/[email protected]....

9.3CVSS0.00025EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2 hours ago2 views

CVE-2026-62355

TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, a Data Reader adminuser on a TDengine Cloud DB instance could run create udf even though standard users should have read-only permissions for non-database objects and show dnodes and crea...

5.4CVSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2 hours ago2 views

CVE-2026-26032

The PackagerResolver of Apache Ivy is able to download online artifacts and to repackage them in a format defined by a packager.xml file. This repackaging is done by an Ant script, which is stored in a subdirectory of the configured "buildRoot" directory. This subdirectory is calculated based on...

5.4CVSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2 hours ago2 views

CVE-2026-15746

Strands Agents is an open-source Python SDK for building and running AI agents. The strands-agents-tools package provides pre-built tools for use with the SDK, including the elasticsearchmemory tool for agent memory storage. We identified CVE-2026-15746, a server-side request forgery SSRF issue i...

6.9CVSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2 hours ago2 views

CVE-2026-12997

The Gravity Forms plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.10.4 via the 'gformuploadedfiles' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain...

7.5CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 hours ago3 views

CVE-2026-8055

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-48866. Reason: This candidate is a reservation duplicate of CVE-2026-48866. Notes: All CVE users should reference CVE-2026-48866 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 hours ago3 views

CVE-2026-54443

Dashy is a self-hostable personal dashboard. From 1.9.4 until 3.2.0, the Dashy RSS Widget in src/components/Widgets/RssFeed.vue does not sanitize RSS item link values before rendering feed item titles and Read More links as anchor href attributes, allowing an attacker-controlled feed to provide a...

5.9CVSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2 hours ago3 views

CVE-2026-46485

Dashy is a self-hostable personal dashboard. Prior to 4.0.8, Dashy deployments using OIDC can allow unauthenticated users or non-admin authenticated users to write changes to the main config.yaml through the config-saving functionality despite configured permissions, allowing unauthorized...

8.2CVSS0.00129EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2 hours ago2 views

CVE-2026-49987

Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, src/core/git/gitCommand.ts execGitShallowClone passes the --remote-branch value directly to git fetch and git checkout without validation or --end-of-options, allowing --upload-pack or other Git option injection th...

7.5CVSS0.00066EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2 hours ago3 views

CVE-2026-49988

Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, the Repomix MCP server attachpackedoutput and readrepomixoutput flow can register and read arbitrary local .json, .txt, .md, or .xml files without the filesystemreadfile runSecretLint safety check or Repomix...

6.8CVSS0.00028EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 3 hours ago2 views

CVE-2026-62947

OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, the cgi-download handler in cgi-io authorizes the requested path against the caller's ubus session file ACL before canonicalization, and rpcd session.c uses fnmatch without FNMPATHNAME, allowing traversal such as an...

4.9CVSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 3 hours ago2 views

CVE-2026-62948

OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, odhcpd writes a DHCPv6 client FQDN option 39 hostname into /tmp/odhcpd.leases through src/statefiles.c statefileswritestate6 and statefileswritestate4 without escaping, allowing newline injection of forged lease lin...

9.6CVSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 3 hours ago3 views

CVE-2026-40501

Cherry Studio versions 1.2.2 through 1.9.12, fixed in commit 1518530, contain a remote code execution vulnerability in SearchService that allows remote attackers to execute arbitrary code by delivering malicious JavaScript through controlled search provider content loaded into an Electron...

8.8CVSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 3 hours ago2 views

CVE-2026-10673

The Zephyr ADIN2111/ADIN1110 10BASE-T1S/T1L Ethernet driver drivers/ethernet/ethadin2111.c reassembles received Ethernet frames in OPEN Alliance OA SPI mode by copying device-supplied 64-byte data chunks into a fixed static buffer ctx-buf of size CONFIGETHADIN2111BUFFERSIZE default 1524 bytes. In...

8.3CVSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 3 hours ago2 views

CVE-2026-53517

Better Auth is an authentication and authorization library for TypeScript. From 1.4.8-beta.7 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint on the refreshtoken grant performs a non-atomic read, validate, revoke, and mint sequence on the oauthRefreshToken row, allowing...

8.1CVSS0.00029EPSS
Exploits0References4Affected Software2
ATTACKERKB
ATTACKERKB
added 3 hours ago2 views

CVE-2026-56687

Dell ThinOS 10, versions prior to 260510.2100, contain an Obsolete Feature in UI vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access...

7.8CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 3 hours ago4 views

CVE-2026-62287

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61873. Reason: This candidate is a duplicate of CVE-2026-61873. Notes: All CVE users should reference CVE-2026-61873 instead of this candidate...

6.1AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 hours ago4 views

CVE-2026-62248

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61438. Reason: This candidate is a duplicate of CVE-2026-61438. Notes: All CVE users should reference CVE-2026-61438 instead of this candidate...

6.1AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 hours ago5 views

CVE-2026-62180

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61440. Reason: This candidate is a duplicate of CVE-2026-61440. Notes: All CVE users should reference CVE-2026-61440 instead of this candidate...

6.1AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 hours ago5 views

CVE-2026-62174

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61435. Reason: This candidate is a duplicate of CVE-2026-61435. Notes: All CVE users should reference CVE-2026-61435 instead of this candidate...

6.1AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 hours ago5 views

CVE-2026-62173

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61433. Reason: This candidate is a duplicate of CVE-2026-61433. Notes: All CVE users should reference CVE-2026-61433 instead of this candidate...

6.1AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 hours ago4 views

CVE-2026-62172

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61436. Reason: This candidate is a duplicate of CVE-2026-61436. Notes: All CVE users should reference CVE-2026-61436 instead of this candidate...

6.1AI score
Exploits0References1
Total number of security vulnerabilities75017