Lucene search
+L
AttackerkbRecent

76494 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/30 9:0 p.m.8 views

CVE-2026-10153

A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. This manipulation of the argument s causes cross site scripting. Remote exploitation of the attack i...

5.3CVSS4.4AI score0.0028EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/30 7:15 p.m.11 views

CVE-2026-10152

A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attac...

6.5CVSS6.3AI score0.00206EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 4:30 p.m.10 views

CVE-2026-10127

A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack may be initiated remotely. The exploit has...

6.5CVSS6.5AI score0.01262EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 4:15 p.m.11 views

CVE-2026-10126

A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID results in buffer overflow. The attack can be launched remotely. The exploit has...

9CVSS7.8AI score0.00753EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 4:0 p.m.47 views

CVE-2026-10125

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack can be...

9CVSS8AI score0.00447EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 3:45 p.m.24 views

CVE-2026-10124

A vulnerability was determined in Shibby Tomato up to 1.28. Affected is the function ripzebrareadipv4 of the file /usr/sbin/ripd of the component Zserv Handler. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been...

9CVSS7.7AI score0.00472EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 3:32 p.m.11 views

CVE-2026-8594

Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters. Text::LineFold splits the input string by specific line break characters such as VT, FF and others into segments, but applies the break function to the entire string, not just t...

5.8AI score0.002EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/30 3:30 p.m.8 views

CVE-2026-10123

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetDomainFilter of the file /goform/formSetDomainFilter. Performing a manipulation of the argument blockeddomain/permitteddomain/blockeddomainlist/permitteddomainlist results in stack-based buffer overflow. It...

9CVSS7.8AI score0.00472EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 3:15 p.m.10 views

CVE-2026-10122

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocolname leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has...

9CVSS7.6AI score0.00472EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 3:0 p.m.11 views

CVE-2026-10121

A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formSetUrlFilter of the file /goform/formSetUrlFilter. This manipulation of the argument keywordlist/keyword causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploi...

9CVSS7.8AI score0.00447EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.19 views

CVE-2018-25426

WinMTR 0.91 contains a denial of service vulnerability that allows attackers to crash the application by sending a malformed payload file containing a large buffer of repeated characters. Attackers can create a specially crafted input file with 238 bytes of data to trigger a buffer overflow...

8.7CVSS6AI score0.00514EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.20 views

CVE-2018-25425

Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extra...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.14 views

CVE-2018-25424

Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form...

8.8CVSS5.9AI score0.0032EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.10 views

CVE-2018-25423

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a malicious buffer of 700 bytes into the IP address or domain input field to trigger a denial of service condition...

6.9CVSS6AI score0.0014EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.11 views

CVE-2018-25422

MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attackers can send GET requests to play.php with crafted SQL payloads in the id parameter to extract...

8.8CVSS6.1AI score0.00262EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.9 views

CVE-2018-25421

Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules/backup/actions.php with op=getfile and traverse directories using ../ sequences to access sensiti...

7.1CVSS5.9AI score0.00334EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.10 views

CVE-2018-25420

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive database informati...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.13 views

CVE-2018-25418

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the year parameter. Attackers can send GET requests to year.php with crafted SQL payloads in the year parameter to extract sensiti...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.15 views

CVE-2018-25419

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers can send GET requests to genre.php with crafted SQL payloads in the genre parameter to extract...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.12 views

CVE-2018-25417

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the quality parameter. Attackers can send GET requests to quality.php with crafted SQL payloads in the quality parameter to extrac...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.13 views

CVE-2018-25416

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extrac...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.9 views

CVE-2018-25415

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the director parameter. Attackers can send GET requests to director.php with crafted SQL payloads in the director parameter to...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.15 views

CVE-2018-25414

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers can send GET requests to actor.php with crafted SQL payloads in the actor parameter to extract...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.9 views

CVE-2018-25413

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to search.php with crafted SQL payloads to extract sensitive database informati...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.10 views

CVE-2018-25412

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docsupload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute th...

9.8CVSS6.4AI score0.00771EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.14 views

CVE-2018-25411

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.11 views

CVE-2018-25410

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.11 views

CVE-2018-25409

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksipengurus.php endpoint with module=pengurus and act=update parameters, which...

8.8CVSS6AI score0.00325EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.12 views

CVE-2018-25408

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

8.7CVSS5.9AI score0.00638EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.8 views

CVE-2018-25406

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.9 views

CVE-2018-25407

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.8 views

CVE-2018-25405

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters to extract...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:30 p.m.8 views

CVE-2026-10120

A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSetFirewallRule of the file /goform/formSetFirewallRule. The manipulation of the argument firewallname results in stack-based buffer overflow. The attack can be executed remotely. The exploit is...

9CVSS7.9AI score0.00463EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 1:30 p.m.23 views

CVE-2026-10119

A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument filtername leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit h...

9CVSS7.6AI score0.00472EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 12:30 p.m.12 views

CVE-2026-10117

A weakness has been identified in Open5GS up to 2.7.7. This issue affects the function ogspoolidcalloc in the library /lib/sbi/nghttp2-server.c. Executing a manipulation can lead to denial of service. The attack may be launched remotely. The exploit has been made available to the public and could...

5.3CVSS5.5AI score0.00271EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/30 12:13 p.m.14 views

CVE-2026-46242

In the Linux kernel, the following vulnerability has been resolved: eventpoll: fix epremove struct eventpoll / struct file UAF epremove via epremovefile cleared file-fep under file-flock but then kept using @file inside the critical section isfileepoll, hlistdelrcu through the head, spinunlock. A...

7.8CVSS5.7AI score0.00125EPSS
Exploits3References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 11:0 a.m.13 views

CVE-2026-10116

A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogssbixactadd in the library /lib/core/ogs-timer.c of the component ue-authentications Endpoint. Performing a manipulation results in denial of service. The attack may be initiated remotely. The...

5.3CVSS5.4AI score0.00391EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/30 10:15 a.m.12 views

CVE-2026-10115

A vulnerability was identified in Open5GS up to 2.7.7. This affects an unknown part in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit is publicly available and might be...

5.3CVSS5.5AI score0.00309EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/30 10:0 a.m.28 views

CVE-2026-10114

A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function handlescpinfo in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. This manipulation causes out-of-bounds write. The attack can be initiated remotely. The exploit has been...

5.3CVSS5.4AI score0.00276EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/30 9:29 a.m.13 views

CVE-2026-7465

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server...

8.8CVSS6.1AI score0.01174EPSS
Exploits3References7
ATTACKERKB
ATTACKERKB
added 2026/05/30 9:29 a.m.12 views

CVE-2026-7459

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated Subscriber+ account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints reacttoevent / unreacttoevent. The endpoints register getitemspermissionschec...

7.5CVSS5.8AI score0.00593EPSS
Exploits1References13
ATTACKERKB
ATTACKERKB
added 2026/05/30 9:28 a.m.10 views

CVE-2026-9757

The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $SERVER'QUERYSTRING' via parsestr bypassing WordPress's wpmagicquotes protection, which only covers...

7.5CVSS5.8AI score0.00344EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/05/30 8:45 a.m.12 views

CVE-2026-10113

A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is an unknown functionality in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. The manipulation results in denial of service. It is possible to launch the attack remotely. The exploit ha...

5.3CVSS5.3AI score0.00296EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/30 8:0 a.m.10 views

CVE-2026-10112

A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the component Dashboard Page. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

4.8CVSS4AI score0.00206EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 7:45 a.m.12 views

CVE-2026-10111

A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts an unknown function of the component Login Page. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. The...

7.5CVSS6.7AI score0.00259EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 7:15 a.m.12 views

CVE-2026-5071

The SocketCAN implementation validates the length of a user-provided buffer containing a socketcanframe object using only a NETASSERT statement in zcansendtoctx before dereferencing it in socketcantocanframe. In production builds where assertions are disabled, a userspace application that control...

6.1CVSS5.9AI score0.00167EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/30 6:0 a.m.8 views

CVE-2026-10110

A vulnerability was detected in code-projects Student Details Management System 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument roll results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and m...

7.5CVSS7AI score0.00313EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/30 1:50 a.m.13 views

CVE-2026-48840

Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client...

5.3CVSS5.8AI score0.00264EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 9:19 p.m.13 views

CVE-2026-9831

A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issu...

6.3CVSS5.8AI score0.00172EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:58 p.m.12 views

CVE-2026-46385

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is 64-bit on amd64 ...

8.7CVSS5.8AI score0.00406EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities76494