Lucene search
+L
AttackerkbRecent

76593 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/29 6:8 p.m.11 views

CVE-2026-46344

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:7 p.m.15 views

CVE-2026-44518

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a signature...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:4 p.m.10 views

CVE-2026-9051

There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to privilege escalation or information disclosure. Successful exploitation requires an attacker to send...

9.3CVSS5.8AI score0.00623EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:3 p.m.9 views

CVE-2026-47740

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...

8.1CVSS5.8AI score0.00258EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:2 p.m.9 views

CVE-2026-47741

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's totaluse counter. Under concurrent checkout pressure Black Friday, flash sale, viral coupon, the global usagelimit was...

5.9CVSS5.8AI score0.00239EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:0 p.m.16 views

CVE-2026-47742

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Sub-form Livewire components used in the product editor Edit, Inventory, Seo, Shipping, Files had no authorization on their store method. Any authenticated panel user, regardless of role, could mutate any product's pricing, stock, SEO...

6.5CVSS5.9AI score0.00221EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:58 p.m.10 views

CVE-2026-47744

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public...

9.9CVSS6AI score0.00321EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:55 p.m.8 views

CVE-2026-47745

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, the admin tables for PaymentMethods, Currencies and Carriers exposed inline toggles and per-record actions enable, disable, edit, delete that were rendered for any authenticated panel user without checking the corresponding per-action...

6.5CVSS5.9AI score0.00221EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:49 p.m.10 views

CVE-2026-44651

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, when fetchurl throws, the code sends: res.status500.send'Error occurred while trying to proxy to:...

6.9CVSS5.9AI score0.00323EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:48 p.m.12 views

CVE-2026-44650

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, POST /api/extensions/delete endpoint accepts extensionName: "." which bypasses sanitize-filename...

9.1CVSS5.8AI score0.00567EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:47 p.m.12 views

CVE-2026-40425

The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password...

6.9CVSS5.8AI score0.00376EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:46 p.m.8 views

CVE-2026-44648

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern relies on cookie-session for authentication, storing all session data user handle,...

7.5CVSS5.8AI score0.00394EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:45 p.m.11 views

CVE-2026-44649

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User Authelia and X-Authentik-Username Authentik HTTP headers to...

9.8CVSS5.8AI score0.00218EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:44 p.m.10 views

CVE-2026-42929

Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials...

8.7CVSS5.8AI score0.00226EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:43 p.m.9 views

CVE-2026-44652

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, corsProxyMiddleware forwards req.params.url directly into fetchurl, .... It only blocks circular...

6.9CVSS5.8AI score0.00375EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:42 p.m.10 views

CVE-2026-44611

Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks...

5.9CVSS5.8AI score0.00141EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:41 p.m.20 views

CVE-2026-46372

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern exposes /api/search/searxng, which accepts attacker-controlled baseUrl and uses it...

8.5CVSS5.8AI score0.00866EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:32 p.m.10 views

CVE-2026-42951

An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes...

5.9CVSS5.8AI score0.00169EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:27 p.m.9 views

CVE-2026-42941

The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change...

8.7CVSS5.8AI score0.00226EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:18 p.m.7 views

CVE-2026-45668

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with safe import enabled achieves RCE via docName path traversal and XSS by combining a payload note type: code, mime:...

9.3CVSS5.8AI score0.0017EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:14 p.m.12 views

CVE-2026-44697

Klever-Go is the Go implementation of the Klever blockchain protocol. Prior to 1.7.17, a remote, unauthenticated denial-of-service vulnerability in Batch.Decompress data/batch/batch.go allows any peer that participates in a topic served by MultiDataInterceptor to allocate multi-gigabyte heaps on...

8.6CVSS5.8AI score0.0038EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:11 p.m.11 views

CVE-2026-7786

Jinan USR IOT Technology Limited PUSR USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services...

9.8CVSS5.8AI score0.00415EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:10 p.m.13 views

CVE-2026-45625

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing GitOps source repositories and their stored credentials. Eig...

9.9CVSS5.8AI score0.00387EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:10 p.m.31 views

CVE-2026-45626

Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/id/volumes/volumeName/browse accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside an Arcane helper container. The path sanitis...

6.3CVSS6AI score0.0021EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:8 p.m.8 views

CVE-2026-45627

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, the unauthenticated GET /api/app-images/logo endpoint reflects a user-supplied color query parameter into the body of an SVG document via strings.ReplaceAll with no escaping. The substitution...

8.2CVSS5.8AI score0.00185EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:7 p.m.9 views

CVE-2026-47125

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.2, the PUT /api/environments/id/templates/variables endpoint, which writes the system-wide .env.global file used for variable substitution in every project's compose file, is missing an admin...

8.8CVSS5.8AI score0.00245EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:6 p.m.21 views

CVE-2026-47179

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because...

7.7CVSS6AI score0.00307EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:58 p.m.18 views

CVE-2026-5768

The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities,...

8.8CVSS5.8AI score0.0028EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:53 p.m.10 views

CVE-2026-45577

Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present. In affected deployments, the REST auth middleware can resolv...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:51 p.m.7 views

CVE-2026-10108

xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/filepath:path endpoint that allows unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete path prefix check. Attackers can request files from...

8.7CVSS5.9AI score0.00513EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:43 p.m.14 views

CVE-2026-45660

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.22 and 6.18.1, the Glide image proxy's URL validation could be bypassed using an IP representation that wasn't normalized before the public-IP check. An unauthenticated user could cause the server to make HTTP...

5.4CVSS5.8AI score0.00151EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:41 p.m.10 views

CVE-2026-10107

MoviePilot v2 contains a server-side request forgery vulnerability in the image proxy endpoint that allows authenticated attackers to request arbitrary URLs by supplying a resourcetoken cookie and a URL whose domain matches the assembled allowlist. Attackers can bypass internal network protection...

7.7CVSS5.9AI score0.0025EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:41 p.m.15 views

CVE-2026-6824

A stored cross-site scripting XSS vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend. When administrators o...

8.4CVSS5.7AI score0.00373EPSS
Exploits0References4Affected Software3
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:40 p.m.9 views

CVE-2026-45629

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to execute arbitrary system commands on remote servers managed by Dokploy, leading to full server...

9.9CVSS6.1AI score0.00758EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:40 p.m.9 views

CVE-2026-43917

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scoping. Each endpoint must individually verify the resource's org matches the session's...

5.3CVSS5.8AI score0.00225EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:35 p.m.6 views

CVE-2026-9194

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:33 p.m.9 views

CVE-2026-45628

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via childprocess.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...

9.6CVSS5.8AI score0.0023EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:25 p.m.8 views

CVE-2026-5386

The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings...

9.1CVSS5.8AI score0.00624EPSS
Exploits0References4Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:18 p.m.9 views

CVE-2026-10105

agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the deletebymetadata method. Attackers can exploit the unsafe f-string interpolation in...

8.7CVSS6AI score0.00319EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:15 p.m.11 views

CVE-2026-45630

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users to execute arbitrary system commands on remote servers via unsanitized echo shell interpolation...

9CVSS6.1AI score0.00763EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:15 p.m.11 views

CVE-2026-10070

A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor deleted the...

5.8CVSS5.5AI score0.00218EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:13 p.m.16 views

CVE-2026-45631

Dokploy is a free, self-hostable Platform as a Service PaaS. From 0.27.0 to before 0.29.3, a hardcoded BETTERAUTHSECRET fallback "better-auth-secret-123456789" lets an unauthenticated attacker forge email verification JWTs, trigger auto-sign-in as admin, and execute commands on the host via the...

10CVSS5.9AI score0.00351EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:11 p.m.13 views

CVE-2026-45632

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.7 and earlier, the schedule router does not enforce organization/role checks. As a result, any authenticated user can create, update, run, or delete schedules belonging to other organizations if they know the scheduleId/serverId...

9.9CVSS6AI score0.00256EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:10 p.m.13 views

CVE-2026-45633

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing...

9.9CVSS6.1AI score0.00922EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:7 p.m.13 views

CVE-2026-45661

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arbitrary files to the filesystem during application deployment. When combined with Dokploy's remote serve...

9.9CVSS6.5AI score0.0066EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:4 p.m.10 views

CVE-2026-45662

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.0 and earlier, the deleteRegistry function in Dokploy packages/server/src/services/registry.ts executes docker logout $response.registryUrl without shell escaping. In the same file, the docker login command correctly uses shEsca...

8.8CVSS5.8AI score0.00841EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:3 p.m.10 views

CVE-2026-45663

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.1 and earlier, a command injection vulnerability exists in the Docker file upload functionality. When an authenticated user uploads a file to a container, the destinationPath parameter is not properly sanitized and is directly...

9.9CVSS6.1AI score0.00866EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:0 p.m.7 views

CVE-2026-10069

A vulnerability has been found in Shibby Tomato 1.28. The impacted element is an unknown function of the file usr/sbin/miniupnpd. Such manipulation leads to resource consumption. The attack may be launched remotely. This project is superseded by FreshTomato. This vulnerability only affects produc...

8.7CVSS6.7AI score0.00438EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 3:58 p.m.8 views

CVE-2026-10099

XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocketreceiveworker routine of simplehttpserver.py that allows attackers to cause corrupted application data by sending unmasked WebSocket frames. The server unconditionally reads 4 bytes as a masking key regardless of...

5.1CVSS5.8AI score0.00125EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/29 3:45 p.m.10 views

CVE-2026-10068

A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side request forgery. The attack may be initiated remotely. This project is superseded by FreshTomato. Thi...

7.5CVSS6.8AI score0.00278EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities76593