Lucene search
+L
AttackerkbRecent

76397 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/01 11:30 p.m.11 views

CVE-2026-10302

A flaw has been found in itsourcecode Fees Management System 1.0. The impacted element is an unknown function of the file /managefee.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

6.5CVSS5.7AI score0.002EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 11:28 p.m.11 views

CVE-2026-9048

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...

4.3CVSS5.8AI score0.00163EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 11:28 p.m.11 views

CVE-2026-9050

The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00153EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 11:15 p.m.13 views

CVE-2026-10301

A vulnerability was detected in itsourcecode Fees Management System 1.0. The affected element is an unknown function of the file index.php. Performing a manipulation of the argument page results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...

5.3CVSS4.3AI score0.00273EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 11:0 p.m.9 views

CVE-2026-10300

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...

6.3CVSS5.2AI score0.00368EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:45 p.m.10 views

CVE-2026-10299

A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument delid causes improper control of resource identifiers. The attack can be initiated remotely. The...

5.1CVSS5.6AI score0.00274EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:30 p.m.10 views

CVE-2026-10298

A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whispermodelload of the file ggml/src/ggml.c. The manipulation results in null pointer dereference. Attacking locally is a requirement. The exploit has been released to the public and...

4.8CVSS5.4AI score0.00112EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:27 p.m.9 views

CVE-2026-25879

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges enabling code execution or filesystem access...

9.8CVSS6.3AI score0.00409EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:24 p.m.11 views

CVE-2026-28511

eLabFTW is an open source electronic lab notebook. Prior to version 5.4.2, in certain cases, an authenticated user performing a numeric reference/search can return results that include resources the requesting user is not authorized to view. The exposed information is limited only the title...

4.3CVSS5.8AI score0.00186EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:15 p.m.14 views

CVE-2026-10297

A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /managecourse.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

6.5CVSS5.7AI score0.002EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.12 views

CVE-2026-25277

Memory corruption while using Strongbox due to buffer overflow...

8.8CVSS6.2AI score0.00074EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.10 views

CVE-2026-25276

Memory corruption while using Strongbox due to missing bounds check...

8.8CVSS5.8AI score0.00075EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.8 views

CVE-2026-25260

Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications...

7.8CVSS5.8AI score0.00052EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.9 views

CVE-2026-25259

Memory corruption while processing multiple IOCTL command for escape operations...

7.8CVSS5.8AI score0.0007EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.9 views

CVE-2026-25258

Memory corruption while processing IOCTL calls for escape operations...

7.8CVSS5.8AI score0.0007EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.11 views

CVE-2026-24092

Memory Corruption when processing fastboot commands to set display mode...

7.2CVSS5.8AI score0.00097EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.11 views

CVE-2026-24091

Memory corruption while processing fastboot commands with improperly formatted input...

7.2CVSS5.8AI score0.00097EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.11 views

CVE-2026-24090

Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow...

7.1CVSS5.8AI score0.00062EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.11 views

CVE-2026-24089

Memory corruption while processing fastboot commands with invalid input...

7.2CVSS5.8AI score0.00097EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.11 views

CVE-2026-24088

Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader...

8.2CVSS5.8AI score0.00071EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.13 views

CVE-2026-24087

Memory corruption while processing fastboot OEM commands...

7.2CVSS5.8AI score0.00097EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.12 views

CVE-2026-24085

Memory Corruption when processing display command line information due to improper initialization of a variable...

7.2CVSS5.8AI score0.00097EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.10 views

CVE-2025-59614

Memory Corruption when sending random number generator command with insufficient output buffer size...

6.7CVSS5.9AI score0.00079EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.8 views

CVE-2025-59613

Memory Corruption when output buffer size is smaller than input buffer size during data copying operation...

6.7CVSS5.9AI score0.00078EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.11 views

CVE-2025-59612

Memory corruption in windows drivers while sending incorrect trusted application request...

6.7CVSS5.8AI score0.00078EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.14 views

CVE-2025-59611

Memory corruption in diagnostic services due to absence of input validation...

6.7CVSS5.8AI score0.00079EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.10 views

CVE-2025-59610

Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer...

6.4CVSS5.8AI score0.00056EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.11 views

CVE-2025-59609

Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length...

5.5CVSS5.8AI score0.00091EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.12 views

CVE-2025-59606

Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization...

7.8CVSS5.8AI score0.00075EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.8 views

CVE-2025-59605

Memory Corruption when processing device identifier strings that exceed the expected maximum length...

7.8CVSS5.8AI score0.00075EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.12 views

CVE-2025-59604

Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer...

7.8CVSS5.8AI score0.00075EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:0 p.m.10 views

CVE-2026-24782

Kiteworks is a private data network PDN. Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and some global...

7.6CVSS5.9AI score0.00667EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:0 p.m.8 views

CVE-2026-10296

A vulnerability was determined in itsourcecode Fees Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been publicl...

6.5CVSS5.6AI score0.0025EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:52 p.m.10 views

CVE-2026-24761

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization checks on resource...

3.7CVSS5.8AI score0.00142EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:51 p.m.7 views

CVE-2026-24756

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:49 p.m.11 views

CVE-2026-24755

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permissions on resources belonging to other users due to insufficient authorization checks on resource...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:46 p.m.9 views

CVE-2026-24754

Kiteworks is a private data network PDN. Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

5.4CVSS6.1AI score0.00136EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:45 p.m.9 views

CVE-2026-24753

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade...

6.5CVSS5.8AI score0.00174EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:45 p.m.7 views

CVE-2026-10295

A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function addreview/savereview/getallreviews of the file reviewapp.py. Performing a manipulation of the argument name/comment results in denial of service. The attack requires a local approac...

4.8CVSS5.5AI score0.0012EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:43 p.m.12 views

CVE-2026-24752

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

8.2CVSS5.9AI score0.00283EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:41 p.m.6 views

CVE-2019-25718

Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the operating system and cause...

8.6CVSS5.8AI score0.00118EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:30 p.m.10 views

CVE-2026-10294

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:22 p.m.10 views

CVE-2026-40965

Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC Elliptic Curve private keys are inadvertently exposed through the public /tokenkeys endpoint. This endpoint is designed to provide public key material for JW...

10CVSS5.8AI score0.00346EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:15 p.m.7 views

CVE-2019-25716

Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the...

7.1CVSS5.8AI score0.00413EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:15 p.m.10 views

CVE-2026-10293

A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/formFireWall. This manipulation of the argument Profile causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be...

9CVSS6AI score0.00472EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.10 views

CVE-2026-28586

In multiple functions of AppOpsService.java, there is a possible missing permission check due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS5.9AI score0.00064EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.9 views

CVE-2026-28580

In multiple functions, there is a possible desync in persistence due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00073EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.44 views

CVE-2026-28581

In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is a possible way to make an emergency call due to a logic error in the code. This could lead to local with null execution privileges needed. User interaction is null for exploitation...

4CVSS5.9AI score0.00074EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.11 views

CVE-2026-28577

In addWindow of WindowManagerService.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00067EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.10 views

CVE-2026-0097

In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8CVSS5.9AI score0.00121EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities76397