Lucene search
+L
AttackerkbRecent

76494 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/01 5:45 a.m.10 views

CVE-2026-10229

A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::readmeshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been...

5.3CVSS6.1AI score0.00125EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/01 5:30 a.m.12 views

CVE-2026-10228

A vulnerability was found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admissionformcheck.php. The manipulation of the argument Message results in cross site scripting. The attack can be...

5.1CVSS4.2AI score0.00199EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 5:15 a.m.13 views

CVE-2026-10227

A vulnerability has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file addusercheck.php of the component User Creation Handler. The manipulation of the argument role leads to sql injectio...

7.5CVSS6.7AI score0.00263EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 5:0 a.m.20 views

CVE-2026-10226

A flaw has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulation of the argument userid/courseid/teacherid/studentid/applicationid can lead to sql injection. The...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 4:45 a.m.14 views

CVE-2026-10225

A vulnerability was detected in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file logincheck.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 4:30 a.m.19 views

CVE-2026-10224

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handlewebhookrequest of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...

6.9CVSS5.6AI score0.00372EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 4:15 a.m.16 views

CVE-2026-10223

A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function scanmemorycontent of the file tools/memorytool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used f...

6.5CVSS6.3AI score0.00228EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 4:0 a.m.11 views

CVE-2026-10222

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function sanitizeenvlines of the file hermescli/config.py. The manipulation results in injection. It is possible to launch the attack remotely. The attack requires a high level of...

6.3CVSS5.5AI score0.00266EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:45 a.m.12 views

CVE-2026-10221

A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function compresscontext of the file runagent.py. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be use...

7.5CVSS6.8AI score0.00304EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:33 a.m.13 views

CVE-2026-48187

An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of the webserver.This issue affects OTRS: 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.4.X Please note that OTRS Community Edition 6.x,...

5.7CVSS5.8AI score0.00201EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:33 a.m.14 views

CVE-2026-48188

An improper Input Validation vulnerability in OTRS or OTRS Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/MariaDB server is configured with the NOBACKSLASHESCAPES SQL mode...

9.1CVSS5.9AI score0.00362EPSS
Exploits1References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:33 a.m.11 views

CVE-2026-48189

An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X 8.0.X 2023.X...

5.7CVSS5.8AI score0.00198EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:32 a.m.9 views

CVE-2026-48190

An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X...

3.5CVSS5.8AI score0.00143EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:32 a.m.9 views

CVE-2026-48191

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

3.5CVSS5.8AI score0.00143EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:32 a.m.11 views

CVE-2026-48208

An improper neutralization of active SVG content in OTRS or OTRS Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via email content, leading to browser-side resource exhaustion and denial of service when affected tickets are opened by an agent o...

6.5CVSS5.9AI score0.00333EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:32 a.m.14 views

CVE-2026-48209

An improper neutralization of user-controllable input in OTRS or OTRS Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting XSS attacks via crafted request parameters associated with ticket actions. By injecting malicious JavaScript into...

7.1CVSS6AI score0.00219EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:30 a.m.9 views

CVE-2026-10220

A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function servepluginskill/skillview of the file tools/skillstool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been publicly disclosed and ma...

7.5CVSS6.8AI score0.00304EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:20 a.m.8 views

CVE-2026-20456

In wlan STA driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480851; Issue ID: MSV-6338...

5.9AI score0.00102EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:20 a.m.9 views

CVE-2026-20455

In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6784...

5.8AI score0.00108EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:20 a.m.12 views

CVE-2026-20454

In geniezone, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6786...

5.8AI score0.00078EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:20 a.m.9 views

CVE-2026-20453

In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10886526; Issue ID: MSV-6791...

5.8AI score0.00114EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:20 a.m.7 views

CVE-2026-20452

In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote proximal/adjacent code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295...

6.5AI score0.00435EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:15 a.m.11 views

CVE-2026-10219

A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component writefile Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. T...

7.5CVSS6.7AI score0.01336EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:0 a.m.8 views

CVE-2026-10218

A vulnerability has been found in nextlevelbuilder GoClaw up to 3.11.3. This affects the function auth of the file internal/http/evolutionhandlers.go. Such manipulation leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be...

5.5CVSS5.6AI score0.0023EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 2:45 a.m.8 views

CVE-2026-10217

A flaw has been found in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function handleSave of the file internal/http/ttsconfig.go of the component RoleAdmin Gateway. This manipulation causes improper privilege management. Remote exploitation of the attack is possible. The...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 2:30 a.m.10 views

CVE-2026-10216

A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulation results in improper restriction of excessive authentication attempts. The attack may be launched...

6.3CVSS5.2AI score0.00406EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 2:15 a.m.16 views

CVE-2026-10215

A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/apiholidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization. The attack may be initiat...

5.3CVSS5.3AI score0.00259EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 2:0 a.m.8 views

CVE-2026-10214

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function getsafetywarning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit h...

7.5CVSS6.7AI score0.01336EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 1:45 a.m.7 views

CVE-2026-10213

A security flaw has been discovered in AstrBotDevs AstrBot 4.23.6. This vulnerability affects unknown code of the file /api/skills/delete of the component API Endpoint. Performing a manipulation of the argument Name results in path traversal. The attack can be initiated remotely. The exploit has...

5.5CVSS5.7AI score0.00372EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 1:30 a.m.8 views

CVE-2026-10212

A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astrmainagent of the file astrbot/core/astrmainagent.py. Such manipulation of the argument sessionid leads to authorization bypass. It is possible to launch the attack remotely. The exploit is publicly availab...

6.5CVSS6.4AI score0.00211EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 1:15 a.m.10 views

CVE-2026-10211

A vulnerability was determined in AstrBotDevs AstrBot 4.23.6. Affected by this issue is the function normalizerwpath of the file astrbot/core/tools/computertools/fs.py. This manipulation causes incorrect authorization. It is possible to initiate the attack remotely. The exploit has been publicly...

6.5CVSS6.3AI score0.00201EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 1:0 a.m.9 views

CVE-2026-10210

A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function sanitizepromptdescription of the file astrbot/core/skills/skillmanager.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 12:45 a.m.17 views

CVE-2026-10209

A vulnerability has been found in code-projects Online Hospital Management System 1.0. Affected is an unknown function of the file appointmentdetail.php of the component Appointment Handler. The manipulation of the argument editid leads to sql injection. The attack is possible to be carried out...

6.5CVSS6.4AI score0.002EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 12:30 a.m.13 views

CVE-2026-10208

A flaw has been found in code-projects Online Hospital Management System 1.php. This impacts the function loginuser of the file login1.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 12:15 a.m.13 views

CVE-2026-10206

A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a manipulation of the argument str results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used...

9CVSS7.7AI score0.005EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 12:0 a.m.11 views

CVE-2026-10205

A security vulnerability has been detected in Metasoft 美特软件 MetaCRM 6.4.0. The impacted element is an unknown function of the file develop/systparam/softlogo/upload.jsp. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed publicly an...

6.5CVSS6.2AI score0.00201EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 12:0 a.m.7 views

CVE-2025-55664

A heap buffer overflow in the m2tsdmxsendpacket function filters/dmxm2ts.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

6AI score0.00158EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/01 12:0 a.m.10 views

CVE-2025-60485

A segmentation violation in the gfisomapplesettagex function /isomedia/isomwrite.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.8AI score0.00143EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/01 12:0 a.m.11 views

CVE-2025-60486

A heap use-after-free in the dasherprocess function /filters/dasher.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG-2 file...

5.8AI score0.0013EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/01 12:0 a.m.10 views

CVE-2025-60495

A segmentation violation in the gfmediagetcolorinfo function /mediatools/isomtools.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted data file...

5.8AI score0.00133EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/01 12:0 a.m.12 views

CVE-2025-60481

A NULL pointer dereference in the gfodfac4cfgdsiv1 function /odf/descriptors.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted AC4 file...

5.8AI score0.00143EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/01 12:0 a.m.8 views

CVE-2025-60483

A NULL pointer dereference in the gfac4presb4backchannelspresent function /mediatools/avparsers.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted AC4 file...

5.8AI score0.00143EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/01 12:0 a.m.14 views

CVE-2026-37220

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2SETUPREQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert. A remote unauthenticated attacker can crash the near-RT RIC port 36421...

5.8AI score0.00347EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/01 12:0 a.m.11 views

CVE-2026-37234

FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xappids by sending multiple E42SETUPREQUESTs. On disconnect, only the first registered xappid's resources are cleaned up; subsequent xappids and their subscriptions remain as stale entries. A remote attacker can exploit this to leak...

5.8AI score0.00345EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/01 12:0 a.m.13 views

CVE-2025-70099

A NULL pointer dereference in the ext4direngetnamelen function in include/ext4dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the...

5.9AI score0.0035EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/01 12:0 a.m.8 views

CVE-2026-37221

FlexRIC v2.0.0 crashes when receiving a RICSUBSCRIPTIONRESPONSE with an unknown ricid that has no corresponding pending event. The near-RT RIC uses assert to enforce the existence of a pending event during response processing. A remote unauthenticated attacker can send a forged...

5.8AI score0.00347EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/31 11:45 p.m.15 views

CVE-2026-10204

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/31 11:30 p.m.12 views

CVE-2026-10203

A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemParamController.java of the component JSON Query Interface. The manipulation results in sql injection. The attack can be launched...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/31 11:15 p.m.9 views

CVE-2026-10202

A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/31 11:0 p.m.14 views

CVE-2026-10201

A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. The attack needs to be launched locally. The exploit has be...

4.8CVSS5.3AI score0.00112EPSS
Exploits0References7
Total number of security vulnerabilities76494