Lucene search
+L
AttackerkbRecent

76341 matches found

ATTACKERKB
ATTACKERKB
•added 2026/06/02 12:30 a.m.•12 views

CVE-2026-10548

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function syncanthropicentryfromcredentialsfile of the file agent/credentialpool.py of the component Credential Pool Synchronization. The manipulation results in improper authentication. The attack...

5.3CVSS5.6AI score0.0014EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/02 12:15 a.m.•11 views

CVE-2026-10529

A weakness has been identified in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is an unknown function of the file src/main/java/com/zhiliao/module/web/system/ScheduleJobController.java of the component Task Scheduling Management Module. Executing a manipulation can...

4.8CVSS4.1AI score0.0021EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
•added 2026/06/02 12:0 a.m.•11 views

CVE-2026-10528

A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the component DCMTK Parser. Performing a manipulation results in stack-based buffer overflow. Attacking...

4.8CVSS5.8AI score0.00124EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/02 12:0 a.m.•10 views

CVE-2026-48682

FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simplepacketparserng.cpp, after validating that the packet contains at least sizeofipv4headert bytes 20 bytes, the code advances the localpointer by '4 ipv4header-getihl' line 164 without...

5.9AI score0.00267EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/06/02 12:0 a.m.•7 views

CVE-2026-38978

transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths...

5.8AI score0.00305EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/06/02 12:0 a.m.•8 views

CVE-2026-35716

A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...

6.3CVSS6.5AI score0.00322EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/06/02 12:0 a.m.•7 views

CVE-2026-33553

Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 before 3.27.1 allows XSS...

5.8AI score0.00166EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/06/02 12:0 a.m.•9 views

CVE-2026-30586

Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZESCHEMA, Memo Rendering Component, and Public/Private Memo View pages...

5.8AI score0.00224EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/06/02 12:0 a.m.•9 views

CVE-2026-35717

A stack-based buffer overflow in the exportlanguage.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST request to the /cgi-bin/admin/exportlanguage.cgi endpoint. The handler passes the...

6.3CVSS6.5AI score0.00261EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/06/02 12:0 a.m.•8 views

CVE-2026-35718

A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted request...

6.5CVSS5.8AI score0.00723EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/06/02 12:0 a.m.•7 views

CVE-2026-38967

CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values...

5.8AI score0.00332EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/06/02 12:0 a.m.•9 views

CVE-2026-30650

A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device...

8.8CVSS6.4AI score0.00599EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/06/02 12:0 a.m.•5 views

CVE-2026-30649

Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the setgetparam.cgi component...

7.3CVSS6.2AI score0.00377EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/06/02 12:0 a.m.•11 views

CVE-2026-30652

A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device...

6.4AI score0.00523EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/06/01 11:45 p.m.•10 views

CVE-2026-10514

A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit...

4.8CVSS4.1AI score0.00251EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/01 11:30 p.m.•11 views

CVE-2026-10302

A flaw has been found in itsourcecode Fees Management System 1.0. The impacted element is an unknown function of the file /managefee.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

6.5CVSS5.7AI score0.002EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/01 11:28 p.m.•11 views

CVE-2026-9048

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...

4.3CVSS5.8AI score0.00163EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/01 11:28 p.m.•11 views

CVE-2026-9050

The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00153EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/01 11:15 p.m.•13 views

CVE-2026-10301

A vulnerability was detected in itsourcecode Fees Management System 1.0. The affected element is an unknown function of the file index.php. Performing a manipulation of the argument page results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...

5.3CVSS4.3AI score0.00273EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/01 11:0 p.m.•9 views

CVE-2026-10300

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...

6.3CVSS5.2AI score0.00368EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:45 p.m.•10 views

CVE-2026-10299

A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument delid causes improper control of resource identifiers. The attack can be initiated remotely. The...

5.1CVSS5.6AI score0.00274EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:30 p.m.•10 views

CVE-2026-10298

A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whispermodelload of the file ggml/src/ggml.c. The manipulation results in null pointer dereference. Attacking locally is a requirement. The exploit has been released to the public and...

4.8CVSS5.4AI score0.00112EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:27 p.m.•9 views

CVE-2026-25879

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges enabling code execution or filesystem access...

9.8CVSS6.3AI score0.00409EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:24 p.m.•11 views

CVE-2026-28511

eLabFTW is an open source electronic lab notebook. Prior to version 5.4.2, in certain cases, an authenticated user performing a numeric reference/search can return results that include resources the requesting user is not authorized to view. The exposed information is limited only the title...

4.3CVSS5.8AI score0.00186EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:15 p.m.•14 views

CVE-2026-10297

A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /managecourse.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

6.5CVSS5.7AI score0.002EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:5 p.m.•12 views

CVE-2026-25277

Memory corruption while using Strongbox due to buffer overflow...

8.8CVSS6.2AI score0.00074EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:5 p.m.•10 views

CVE-2026-25276

Memory corruption while using Strongbox due to missing bounds check...

8.8CVSS5.8AI score0.00075EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:5 p.m.•8 views

CVE-2026-25260

Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications...

7.8CVSS5.8AI score0.00052EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:5 p.m.•9 views

CVE-2026-25259

Memory corruption while processing multiple IOCTL command for escape operations...

7.8CVSS5.8AI score0.0007EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:5 p.m.•9 views

CVE-2026-25258

Memory corruption while processing IOCTL calls for escape operations...

7.8CVSS5.8AI score0.0007EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:5 p.m.•11 views

CVE-2026-24092

Memory Corruption when processing fastboot commands to set display mode...

7.2CVSS5.8AI score0.00097EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:5 p.m.•11 views

CVE-2026-24091

Memory corruption while processing fastboot commands with improperly formatted input...

7.2CVSS5.8AI score0.00097EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:5 p.m.•11 views

CVE-2026-24090

Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow...

7.1CVSS5.8AI score0.00062EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:5 p.m.•11 views

CVE-2026-24089

Memory corruption while processing fastboot commands with invalid input...

7.2CVSS5.8AI score0.00097EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:5 p.m.•11 views

CVE-2026-24088

Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader...

8.2CVSS5.8AI score0.00071EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:5 p.m.•12 views

CVE-2026-24087

Memory corruption while processing fastboot OEM commands...

7.2CVSS5.8AI score0.00097EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:5 p.m.•12 views

CVE-2026-24085

Memory Corruption when processing display command line information due to improper initialization of a variable...

7.2CVSS5.8AI score0.00097EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:5 p.m.•10 views

CVE-2025-59614

Memory Corruption when sending random number generator command with insufficient output buffer size...

6.7CVSS5.9AI score0.00079EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:5 p.m.•8 views

CVE-2025-59613

Memory Corruption when output buffer size is smaller than input buffer size during data copying operation...

6.7CVSS5.9AI score0.00078EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:5 p.m.•11 views

CVE-2025-59612

Memory corruption in windows drivers while sending incorrect trusted application request...

6.7CVSS5.8AI score0.00078EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:5 p.m.•14 views

CVE-2025-59611

Memory corruption in diagnostic services due to absence of input validation...

6.7CVSS5.8AI score0.00079EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:5 p.m.•10 views

CVE-2025-59610

Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer...

6.4CVSS5.8AI score0.00056EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:5 p.m.•11 views

CVE-2025-59609

Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length...

5.5CVSS5.8AI score0.00091EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:5 p.m.•12 views

CVE-2025-59606

Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization...

7.8CVSS5.8AI score0.00075EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:5 p.m.•8 views

CVE-2025-59605

Memory Corruption when processing device identifier strings that exceed the expected maximum length...

7.8CVSS5.8AI score0.00075EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:5 p.m.•12 views

CVE-2025-59604

Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer...

7.8CVSS5.8AI score0.00075EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:0 p.m.•10 views

CVE-2026-24782

Kiteworks is a private data network PDN. Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and some global...

7.6CVSS5.9AI score0.00667EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/01 10:0 p.m.•8 views

CVE-2026-10296

A vulnerability was determined in itsourcecode Fees Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been publicl...

6.5CVSS5.6AI score0.0025EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/01 9:52 p.m.•10 views

CVE-2026-24761

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization checks on resource...

3.7CVSS5.8AI score0.00142EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/01 9:51 p.m.•7 views

CVE-2026-24756

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities76341