Lucene search
+L
AttackerkbRecent

76593 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/31 11:15 p.m.9 views

CVE-2026-10202

A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/31 11:0 p.m.14 views

CVE-2026-10201

A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. The attack needs to be launched locally. The exploit has be...

4.8CVSS5.3AI score0.00112EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/31 10:45 p.m.16 views

CVE-2026-10200

A vulnerability was found in Assimp up to 6.0.4. This affects the function glTFCommon::CopyValue in the library glTFCommon.h of the component 4x4 Matrix Parser. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has bee...

5.3CVSS6AI score0.00124EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/31 10:30 p.m.10 views

CVE-2026-10199

A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator leads to null pointer dereference. The attack must be carried out locally. The exploit has been disclosed to the...

4.8CVSS5.2AI score0.00118EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/05/31 10:15 p.m.13 views

CVE-2026-10198

A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit ha...

4.8CVSS5.3AI score0.00113EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/31 10:0 p.m.13 views

CVE-2026-10197

A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null pointer dereference. The attack is only possible with local...

4.8CVSS5.4AI score0.00115EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/31 9:11 p.m.15 views

CVE-2026-48210

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend This issue...

5.7CVSS5.8AI score0.00248EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 7:43 p.m.9 views

CVE-2026-8796

Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...

5.8AI score0.00399EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/31 4:30 p.m.12 views

CVE-2026-10194

A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched...

6.5CVSS6.8AI score0.00247EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 4:15 p.m.11 views

CVE-2026-10193

A security flaw has been discovered in OFCMS up to 1.1.3. The impacted element is the function Query of the file ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\ComnController.java of the component ComnController. Performing a manipulation of the argument system.user.query results in sq...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/31 4:0 p.m.9 views

CVE-2026-10192

A vulnerability was identified in Tenda W12 3.0.0.74763. The affected element is the function setlocaltime0 of the file /bin/httpd. Such manipulation of the argument Time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used...

9CVSS8AI score0.00503EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 3:45 p.m.13 views

CVE-2026-10191

A vulnerability was determined in Tenda W12 3.0.0.74763. Impacted is the function cgiWifiMacFilterSet of the file /bin/httpd. This manipulation of the argument wifiMacFilterSet.macList.mac causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly...

9CVSS7.9AI score0.00476EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 3:30 p.m.14 views

CVE-2026-10190

A vulnerability was found in Tenda W12 3.0.0.74763. This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the argument webovertime results in denial of service. It is possible to launch the attack remotely. The...

7.1CVSS6.3AI score0.00368EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 3:0 p.m.11 views

CVE-2026-10189

A vulnerability has been found in Tenda W12 3.0.0.74763. This vulnerability affects the function cgiSysTimeInfoSet of the file /bin/httpd. The manipulation of the argument sec leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to t...

9CVSS7.8AI score0.00503EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 2:30 p.m.17 views

CVE-2026-10188

A flaw has been found in Tenda W12 3.0.0.74763. This affects the function cgistaKickOff of the file /bin/httpd. Executing a manipulation of the argument staMac can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

9CVSS7.8AI score0.00476EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 2:15 p.m.16 views

CVE-2026-10187

A vulnerability was detected in Totolink N300RH 6.1c.1353B20190305. Affected by this issue is the function setWiFiBasicConfig of the file wireless.so of the component Web Management Interface. Performing a manipulation of the argument KeyStr results in stack-based buffer overflow. The attack is...

10CVSS7.9AI score0.01425EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 2:0 p.m.14 views

CVE-2026-10186

A security vulnerability has been detected in code-projects Online Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patient.php. Such manipulation of the argument editid leads to sql injection. The attack can be executed remotely. The exploit...

7.5CVSS6.9AI score0.00269EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 1:45 p.m.11 views

CVE-2026-10185

A weakness has been identified in SourceCodester Hospitals Patient Records Management System 1.0. Affected is an unknown function of the file /classes/Users.php?f=save. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been...

7.5CVSS6.9AI score0.00269EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 1:30 p.m.10 views

CVE-2026-10184

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This impacts an unknown function of the file /classes/Users.php?f=delete. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been...

7.5CVSS6.9AI score0.00269EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 1:15 p.m.9 views

CVE-2026-10183

A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. This affects the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument enrollee leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and mig...

9CVSS7.9AI score0.00472EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 1:0 p.m.11 views

CVE-2026-10182

A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formWlanSetup of the file /goform/formWlanSetup. Executing a manipulation of the argument enrollee can lead to command injection. The attack can be launched remotely. The exploit has been publicly...

6.5CVSS6.4AI score0.01072EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 12:45 p.m.13 views

CVE-2026-10181

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSysCmd of the file /goform/formSysCmd. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made...

9CVSS7.8AI score0.00472EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 12:7 p.m.12 views

CVE-2026-49490

OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the non-filterable Tags column in the Candidates DataGrid. Attackers can bypass column filterable restrictions by...

8.6CVSS6.1AI score0.00249EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/31 12:4 p.m.20 views

CVE-2026-49489

OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php to perform...

8.5CVSS5.9AI score0.00263EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/31 11:15 a.m.13 views

CVE-2026-10180

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSysCmd of the file /goform/formSysCmd. Such manipulation of the argument sysCmd leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and ma...

6.5CVSS6.3AI score0.0105EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 11:0 a.m.11 views

CVE-2026-10179

A flaw has been found in TRENDnet TEW-432BRP 3.10B20. This issue affects the function formSetWlanEncrypt of the file /goform/formSetWlanEncrypt. This manipulation of the argument webpage causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been...

9CVSS7.8AI score0.03198EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 10:30 a.m.17 views

CVE-2026-10178

A vulnerability was detected in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminEditAlbum.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may ...

7.5CVSS7AI score0.00269EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 10:15 a.m.11 views

CVE-2026-10177

A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file apidocs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 9:0 a.m.14 views

CVE-2026-10176

A weakness has been identified in Aider-AI Aider 0.86.3. Affected by this issue is some unknown functionality of the component Code Generation Workflow. Executing a manipulation can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 8:45 a.m.12 views

CVE-2026-10175

A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editorcoder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has bee...

6.5CVSS5.6AI score0.00242EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 8:0 a.m.13 views

CVE-2026-10174

A vulnerability was identified in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-commit-verify leads to protection mechanism failure. The attack may be launched remotely. The exploit ...

6.5CVSS5.6AI score0.00228EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 7:0 a.m.10 views

CVE-2026-10173

A weakness has been identified in Orthanc Explorer 2 up to 1.12.0. The impacted element is an unknown function of the file WebApplication/src/components/StudyList.vue of the component URL Handler. This manipulation of the argument remote-source causes cross site scripting. It is possible to...

5.3CVSS4.2AI score0.00278EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 6:45 a.m.14 views

CVE-2026-10172

A security flaw has been discovered in Bdtask Multi-Store Inventory Management System 1.0. The affected element is the function Upload of the file application/modules/dashboard/controllers/Module.php of the component Component Module. The manipulation of the argument module results in unrestricte...

6.5CVSS5.5AI score0.00206EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 5:45 a.m.15 views

CVE-2026-10171

A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public a...

5.8CVSS5.7AI score0.00206EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 5:15 a.m.10 views

CVE-2026-10170

A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone0.php. This manipulation of the argument phone causes sql injection. The attack may be initiated remotely. The exploit has been published and may be...

6.5CVSS5.7AI score0.00244EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 4:45 a.m.11 views

CVE-2026-10169

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajaxforgotpassword of the file application/controllers/Login.php of the component Forgot Password Endpoint. The...

6.3CVSS5.1AI score0.00286EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/31 4:0 a.m.13 views

CVE-2026-10168

A security vulnerability has been detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected is the function marks of the file application/controllers/Parents.php. The manipulation of the argument param1 leads to improper control...

6.5CVSS6.3AI score0.00243EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/31 3:30 a.m.12 views

CVE-2026-10167

A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function signauthcookie of the file application/controllers/Login.php of the component MYController. Executing a manipulation of the argumen...

7.5CVSS6.8AI score0.00409EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/31 3:15 a.m.13 views

CVE-2026-10166

A vulnerability was determined in Edimax BR-6478AC 1.23. The affected element is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack is possible to be carried out remotely...

6.5CVSS6.4AI score0.01072EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 3:0 a.m.14 views

CVE-2026-10165

A vulnerability was identified in Edimax BR-6478AC 1.23. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack may be...

9CVSS7.9AI score0.00472EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 2:30 a.m.15 views

CVE-2026-10164

A vulnerability was found in Edimax BR-6478AC 1.23. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. The manipulation of the argument ShareName/SelectName results in buffer overflow. The attack can be executed remotely. The exploit ha...

9CVSS7.7AI score0.00463EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 2:28 a.m.13 views

CVE-2026-8382

The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...

5.3CVSS5.8AI score0.00402EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/31 2:15 a.m.15 views

CVE-2026-10163

A vulnerability has been found in Edimax BR-6478AC 1.23. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. The manipulation of the argument UserName/Password leads to buffer overflow. Remote exploitation of the attack is...

9CVSS7.5AI score0.00463EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 2:0 a.m.9 views

CVE-2026-10162

A flaw has been found in TRENDnet TEW-432BRP 3.10B20. This vulnerability affects the function formSetPassword of the file /goform/formSetPassword. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been...

9CVSS7.9AI score0.00472EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 1:45 a.m.9 views

CVE-2026-10161

A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. This affects the function formResetStatistic of the file /goform/formResetStatistic. Performing a manipulation of the argument statusstatistic results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is...

9CVSS7.9AI score0.00472EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 1:30 a.m.25 views

CVE-2026-10160

A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formSetEnableWizard of the file /goform/formSetEnableWizard. Such manipulation of the argument startwizard leads to stack-based buffer overflow. The attack can be launched remotely. T...

9CVSS7.8AI score0.00472EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 1:15 a.m.13 views

CVE-2026-10159

A weakness has been identified in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSysLog of the file /goform/formSysLog. This manipulation of the argument currentpage causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been mad...

9CVSS7.9AI score0.00463EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 12:45 a.m.12 views

CVE-2026-10158

A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. Affected is the function formPortFw of the file /goform/formPortFw. The manipulation of the argument servername results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released t...

9CVSS7.8AI score0.00463EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/31 12:30 a.m.11 views

CVE-2026-10157

A vulnerability was identified in Open5GS up to 2.7.6. This impacts an unknown function of the file src/amf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit is...

7.5CVSS6.7AI score0.00419EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/30 11:45 p.m.10 views

CVE-2026-10156

A vulnerability was determined in Open5GS up to 2.7.7. This affects the function handleamfinfo in the library /lib/sbi/nnrf-handler.c of the component nf-instances Endpoint. Executing a manipulation of the argument nfinfopool can lead to resource consumption. The attack may be performed from...

5.3CVSS5.4AI score0.00277EPSS
Exploits0References5
Total number of security vulnerabilities76593