Lucene search
+L
AttackerkbRecent

76194 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/02 6:32 p.m.8 views

CVE-2026-5385

An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7...

8.4CVSS5.8AI score0.00418EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:30 p.m.15 views

CVE-2026-5073

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS5.9AI score0.01383EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:30 p.m.13 views

CVE-2026-5076

The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...

9.8CVSS5.9AI score0.01383EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:30 p.m.11 views

CVE-2026-5074

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir0' parameter of the getprivatecontentdata AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient sanitization of the user-supplied parameter which is concatenated directly into...

6.5CVSS5.9AI score0.00308EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:30 p.m.10 views

CVE-2026-10616

A weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function TeamTasksTool.executeComplete of the file internal/tools/teamtaskslifecycle.go of the component Team Task Completion Handler. Executing a manipulation can lead to missing authorization. Th...

5.3CVSS5.5AI score0.00206EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:29 p.m.8 views

CVE-2026-34993

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

6.4CVSS6.1AI score0.00128EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:23 p.m.9 views

CVE-2026-42342

React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportionate server resources via unbounded path expansion in the manifest endpoint, resulting in response...

7.5CVSS5.8AI score0.00299EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:20 p.m.7 views

CVE-2025-64390

A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J Blu-ray Disc Java sandbox can be escaped through a malformed JAR file...

5.8AI score0.00085EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:18 p.m.7 views

CVE-2026-42211

React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote code execution RCE through external requests. This attack requires the application code to have an existing prototype pollution...

8.1CVSS6.5AI score0.00416EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:5 p.m.8 views

CVE-2026-49120

Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHIR Subscription resources with arbitrary endpoint URLs. Attackers can point subscription endpoints ...

8.5CVSS6AI score0.00229EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:0 p.m.9 views

CVE-2026-10608

A security flaw has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the file /plus/carbuyaction.php. The manipulation of the argument postname/des results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used f...

7.5CVSS6.9AI score0.00308EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:55 p.m.10 views

CVE-2026-40181

React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact...

8.7CVSS5.8AI score0.00162EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:45 p.m.12 views

CVE-2026-10607

A vulnerability was identified in DedeCMS 5.7.88. The impacted element is the function dedehtmlspecialchars of the file /plus/flink.php. The manipulation of the argument msg leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

7.5CVSS7AI score0.00313EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:31 p.m.9 views

CVE-2026-34077

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:29 p.m.11 views

CVE-2019-25721

Dräger Infinity M300 patient worn monitors with software version VG2.3.1 and earlier contain a network-based denial of service vulnerability that allows network-adjacent attackers to repeatedly trigger device reboots by sending malicious requests over the Infinity Network. Attackers can exploit...

7.1CVSS5.8AI score0.00187EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:28 p.m.8 views

CVE-2026-1829

The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'etpbtext' shortcode 'cvdbcontentvisibilitycheck' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...

8.8CVSS6.1AI score0.00682EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:26 p.m.8 views

CVE-2026-8036

Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux...

8.4CVSS5.9AI score0.00107EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:22 p.m.7 views

CVE-2026-8035

Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux...

7.1CVSS5.8AI score0.00096EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:16 p.m.10 views

CVE-2026-10702

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3...

5.8AI score0.00553EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:15 p.m.8 views

CVE-2026-10701

Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 151.0.3...

5.8AI score0.00301EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:14 p.m.9 views

CVE-2026-33245

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

8CVSS5.8AI score0.00188EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:12 p.m.9 views

CVE-2026-41577

authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor ResponseProcessor.parse does not validate the Conditions element on assertions. NotBefore, NotOnOrAfter, and AudienceRestriction are all ignored. This allows replay of expir...

6.9CVSS5.7AI score0.00169EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 4:59 p.m.15 views

CVE-2026-33244

React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in the statically generated HTML files if the redirect location comes from an...

5.4CVSS5.8AI score0.00144EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 4:49 p.m.17 views

CVE-2026-24237

NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure...

7.8CVSS5.8AI score0.0017EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 4:48 p.m.11 views

CVE-2026-24221

NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering and information disclosure...

7.8CVSS5.8AI score0.0017EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 4:44 p.m.15 views

CVE-2026-40571

NamelessMC is website software for Minecraft servers. In version 2.2.4, core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated low-privileged users can add reactions to private...

5.3CVSS5.8AI score0.00235EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 4:41 p.m.21 views

CVE-2026-35447

NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page modules/Core/pages/profile.php processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to wri...

5.3CVSS5.9AI score0.00236EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 4:30 p.m.10 views

CVE-2026-10606

A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler. Executing a manipulation of the argument msg can lead to sql injection. The attack can be launched remotely. The exploit has been public...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/02 4:16 p.m.8 views

CVE-2026-49943

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The aspathmatch function uses a fixed-size stack array of 2048 + 1 pmpos entries, while parsepath expands ASPATH segments from a received BGP...

6.3CVSS6.1AI score0.003EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 4:14 p.m.8 views

CVE-2026-40715

Dell ThinOS 10, versions prior to ThinOS10 260210.0765, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Privilege Escalation...

7.8CVSS5.8AI score0.001EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 4:13 p.m.7 views

CVE-2026-1871

TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core service process to...

7.1CVSS6.1AI score0.00305EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/02 4:8 p.m.10 views

CVE-2026-40713

Dell ThinOS 10, versions prior to ThinOS10 260210.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information exposure...

6.1CVSS5.8AI score0.00152EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 4:8 p.m.9 views

CVE-2026-40314

NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...

6.9CVSS5.8AI score0.00272EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:57 p.m.10 views

CVE-2024-42206

HCL iReflection Third party vulnerable and outdated components issue was detected in the web application...

3.1CVSS5.8AI score0.00151EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:50 p.m.11 views

CVE-2026-35443

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/classes/ForumPostReactionContext.php only verifies that the caller can view the forum, but it does not re-enforce topic-level viewothertopics authorization. As a result, in forums where users may enter the forum...

5.3CVSS5.8AI score0.00235EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:39 p.m.10 views

CVE-2026-0611

Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel exposed on port 8989 that allows attackers to perform arbitrary file read and write operations by...

9.8CVSS6.5AI score0.00664EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:38 p.m.8 views

CVE-2026-42073

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter...

6.5CVSS5.8AI score0.00219EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:38 p.m.15 views

CVE-2026-42074

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the dangerouslyDisableSandbox parameter is exposed as part of the BashTool input schema, meaning the LLM an untrusted principal per the project's own threat model can set ...

9.3CVSS6AI score0.00544EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:35 p.m.9 views

CVE-2026-45554

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside...

5.3CVSS5.8AI score0.00343EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:34 p.m.8 views

CVE-2026-10591

Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...

8.8CVSS6.1AI score0.00373EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:34 p.m.9 views

CVE-2026-45553

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...

7.5CVSS5.8AI score0.00255EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:30 p.m.9 views

CVE-2026-45080

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been patched in version 2.10.4...

6.9CVSS5.7AI score0.00249EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:29 p.m.13 views

CVE-2026-44367

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service DoS and complete account...

2.7CVSS5.7AI score0.00236EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:29 p.m.10 views

CVE-2026-34460

NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging the authorization code. This allows an attacker to capture a valid OAuth callback URL for their own account and cause ...

5.4CVSS5.8AI score0.00114EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:25 p.m.10 views

CVE-2026-45686

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integer overflow in OBI's memcached text protocol parser can crash the OBI process and cause denial of service. When parsing...

7.5CVSS5.9AI score0.00354EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:25 p.m.8 views

CVE-2026-45685

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to before version 0.9.0, malformed MongoDB wire messages can trigger uncaught panics in the MongoDB TCP parser, allowing a remote unauthenticated attacker to crash the telemetr...

7.5CVSS5.8AI score0.00463EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:25 p.m.9 views

CVE-2026-45684

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total ioviter.count as the copy length. When log...

4.9CVSS5.8AI score0.00172EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:25 p.m.8 views

CVE-2026-45683

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Java TLS ioctl probe reads user-controlled ioctl pointers with bpfproberead instead of bpfprobereaduser. An instrumented local process can therefore point OBI at kerne...

3.8CVSS5.7AI score0.00174EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:25 p.m.13 views

CVE-2026-45681

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can...

5.9CVSS5.8AI score0.00287EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:24 p.m.11 views

CVE-2026-45680

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the...

5.9CVSS5.8AI score0.00319EPSS
Exploits1References3Affected Software1
Total number of security vulnerabilities76194