Lucene search
+L
AttackerkbRecent

77679 matches found

ATTACKERKB
ATTACKERKB
•added 2026/05/28 2:44 p.m.•10 views

CVE-2026-44593

esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates the path components...

8.7CVSS5.9AI score0.00362EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 2:35 p.m.•7 views

CVE-2026-44672

mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code in Dynamic table without being authenticated. This vulnerability is fixed in 3.28.28, 3.30.30, 3.31.22,...

9.3CVSS6.2AI score0.00325EPSS
Exploits0References2Affected Software4
ATTACKERKB
ATTACKERKB
•added 2026/05/28 2:28 p.m.•11 views

CVE-2026-44358

Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspace after copying the fork's checkout into it, creating an untrusted search path for both binary...

8.2CVSS6AI score0.00181EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 2:24 p.m.•10 views

CVE-2026-45017

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 2:13 p.m.•11 views

CVE-2026-41565

CryptX versions before 0.088001 for Perl have a stack buffer overflow in four AEAD decryptverify helpers. The gcmdecryptverify, ccmdecryptverify, chacha20poly1305decryptverify and eaxdecryptverify XS routines copied the caller-supplied authentication tag into a fixed 144-byte stack buffer...

6.1AI score0.00469EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/05/28 2:13 p.m.•7 views

CVE-2026-35676

phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Attackers can enumerate valid username and email pairs and force immediate password changes by sendin...

8.8CVSS5.8AI score0.00241EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/05/28 2:13 p.m.•8 views

CVE-2026-35675

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verification or email confirmation. Attackers can enumerate valid usernames, obtain plaintext passwords via...

8.8CVSS5.8AI score0.00324EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/05/28 2:13 p.m.•7 views

CVE-2026-35672

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via PO...

8.7CVSS5.8AI score0.00384EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/05/28 2:13 p.m.•9 views

CVE-2026-35671

phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without authorization verification. An attacker with low-privilege admin credentials can escalate to...

8.8CVSS5.8AI score0.00303EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/05/28 1:27 p.m.•10 views

CVE-2026-8990

A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 1:22 p.m.•14 views

CVE-2026-49237

An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries multipass, qemu-img, qemu-system-aarch64,...

7.8CVSS6AI score0.0015EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
•added 2026/05/28 1:22 p.m.•28 views

CVE-2026-49238

An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component sshfsserver, which executes with root privileges on the host, contains a path containment bypass vulnerability within its validatepath function in src/sshfsmount/sftpserver.cpp. The function...

8.4CVSS6AI score0.00505EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
•added 2026/05/28 1:15 p.m.•7 views

CVE-2026-42250

bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash denial of service. This issue was fixed in bzip2...

5.1CVSS5.8AI score0.00126EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/05/28 1:12 p.m.•9 views

CVE-2026-8980

The Mennekes Amtron series firmware versions ≤ 5.22.3 is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin operator and manufacturer accounts via crafted POST requests...

10CVSS5.8AI score0.00331EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
•added 2026/05/28 1:5 p.m.•8 views

CVE-2026-8979

The Mennekes Amtron series firmware versions ≤ 5.22.3 is vulnerable to an authentication bypass. An unauthenticated remote attacker can change the password of the user account via a crafted POST request to the /operator/operator endpoint...

10CVSS5.8AI score0.00612EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
•added 2026/05/28 12:52 p.m.•14 views

CVE-2026-9828

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer c...

2.1CVSS6.4AI score0.0037EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/05/28 12:28 p.m.•7 views

CVE-2026-40914

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...

5.8AI score0.00372EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
•added 2026/05/28 12:16 p.m.•17 views

CVE-2026-9818

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

4.7CVSS5.7AI score
Exploits0References6
ATTACKERKB
ATTACKERKB
•added 2026/05/28 11:36 a.m.•21 views

CVE-2026-9658

Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET /path\r\nHTTP/1.1\r\nHost:...

5.8AI score0.00226EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:41 a.m.•12 views

CVE-2026-46241

In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on registration failure Make sure to disable and free the interrupts in case controller registration fails to avoid a potential use-after-free and resource leak. This issue was flagged by Sashiko...

5.8AI score0.00125EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:41 a.m.•7 views

CVE-2026-46240

In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix use-after-free in irisreleaseinternalbuffers The recent change in commit 1dabf00ee206 "media: iris: gen1: Destroy internal buffers after FW releases" introduced a regression where sessionreleasebuf may free the...

5.8AI score0.00124EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:41 a.m.•8 views

CVE-2026-46239

In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Fix runtime PM refcount leak in sctrl Three control cases AUTOGAIN, EXPOSUREAUTO, ANALOGUEGAIN directly return without calling pmruntimeput, causing runtime PM reference count leaks. Change these cases from...

5.8AI score0.00105EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:41 a.m.•12 views

CVE-2026-46237

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn3: Avoid overflow on msg bound check As pointed out by SDL, the previous condition may be vulnerable to overflow. cherry picked from commit db00257ac9e4a51eb2515aaea161a019f7125e10...

7.1CVSS5.8AI score0.00013EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:41 a.m.•7 views

CVE-2026-46238

In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop caching unowned originator pointers in BAT IV BAT IV keeps the last-hop neighbor address in each neighnode, but some paths also cache an originator pointer derived from a temporary lookup. That pointer is not own...

8.8CVSS5.7AI score0.00262EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:41 a.m.•9 views

CVE-2026-46236

In the Linux kernel, the following vulnerability has been resolved: media: rc: xboxremote: heed DMA restrictions The buffer for IO must not be part of the device structure because that violates the DMA coherency rules...

5.8AI score0.00119EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:41 a.m.•12 views

CVE-2026-46235

In the Linux kernel, the following vulnerability has been resolved: media: saa7164: add ioremap return checks and cleanups Add checks for ioremap return values in saa7164devsetup. If ioremap for BAR0 or BAR2 fails, release the already allocated PCI memory regions, remove the device from the globa...

5.8AI score0.00119EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:40 a.m.•7 views

CVE-2026-46234

In the Linux kernel, the following vulnerability has been resolved: vsock: fix buffer size clamping order In vsockupdatebuffersize, the buffer size was being clamped to the maximum first, and then to the minimum. If a user sets a minimum buffer size larger than the maximum, the minimum check...

5.8AI score0.00129EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:40 a.m.•7 views

CVE-2026-46233

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: only purge non-released claims When batadvblapurgeclaims goes through the list of claims, it is only traversing the hash list with an rcureadlock. Due to a potential parallel batadvclaimput, it can happen that it...

5.8AI score0.00119EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:40 a.m.•9 views

CVE-2026-46232

In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Clamp numtouchreports A device would never lie about the number of touch reports would it? If it does the loop in dualshock4parsereport will read off the end of the touchreports array, up to about 2 KiB for the...

5.7AI score0.00258EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:40 a.m.•10 views

CVE-2026-46231

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: put backbone reference on failed claim hash insert When batadvblaaddclaim fails to insert a new claim into the hash, it leaked a reference to the backbonegw for which the claim was intended. Call...

5.8AI score0.00119EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:40 a.m.•15 views

CVE-2026-46230

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg Check bounds against the end of the BO whenever we access the msg...

7.1CVSS5.8AI score0.00122EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:40 a.m.•21 views

CVE-2026-46229

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPUGEMCREATEVRAMWIPEONRELEASE but not AMDGPUGEMCREATEVRAMCLEARED, leaving freshly allocated VRAM with stale data from prior use...

5.8AI score0.00119EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:40 a.m.•11 views

CVE-2026-46228

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

5.8AI score0.00117EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:40 a.m.•10 views

CVE-2026-46227

In the Linux kernel, the following vulnerability has been resolved: sctp: revalidate list cursor after sctpsendmsgtoasoc in SCTPSENDALL The SCTPSENDALL path in sctpsendmsg iterates ep-asocs with listforeachentrysafe, which caches the next entry in @tmp before the loop body runs. The body calls...

7.8CVSS5.7AI score0.00104EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:40 a.m.•10 views

CVE-2026-46226

In the Linux kernel, the following vulnerability has been resolved: spi: fsl: fix controller deregistration Make sure to deregister the controller before releasing underlying resources like DMA during driver unbind...

5.8AI score0.00119EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:40 a.m.•12 views

CVE-2026-46225

In the Linux kernel, the following vulnerability has been resolved: spi: rspi: fix controller deregistration Make sure to deregister the controller before releasing underlying resources like DMA during driver unbind...

5.8AI score0.00119EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:40 a.m.•9 views

CVE-2026-46224

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix bo leak in xedmabufinitobj on allocation failure When drmgpuvmresvobjectalloc fails, the pre-allocated storage bo is not freed. Add xebofreestorage before returning the error. xedmabufinitobj calls xeboinitlocked, whi...

5.8AI score0.00117EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:40 a.m.•8 views

CVE-2026-46223

In the Linux kernel, the following vulnerability has been resolved: cgroup: Defer css percpuref kill on rmdir until cgroup is depopulated A chain of commits going back to v7.0 reworked rmdir to satisfy the controller invariant that a subsystem's -cssoffline must not run while tasks are still doin...

5.6AI score0.00083EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:40 a.m.•12 views

CVE-2026-46222

In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: Add missing MUSTCONNECT flag to pads The pads missed checks for connected devices which may a null dereference when the stream is enabled. Unable to handle kernel NULL pointer dereference at virtual addres...

5.8AI score0.00105EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:40 a.m.•9 views

CVE-2026-46221

In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix device name memory leak The device name allocated via kzalloc in initonemc is assigned to dev-initname but never freed on the normal removal path. deviceregister copies initname and then sets dev-initname to...

5.7AI score0.00117EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:40 a.m.•12 views

CVE-2026-46220

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/sdma4: replace BUGON with WARNON in fence emission sdmav40ringemitfence contains two BUGONaddr & 0x3 assertions that verify fence writeback addresses are dword-aligned. These assertions can be reached from unprivileged...

5.8AI score0.00119EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:40 a.m.•9 views

CVE-2026-46219

In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on unbind The state machine work is scheduled by the interrupt handler and therefore needs to be cancelled after disabling interrupts to avoid a potential use-after-free...

5.7AI score0.00135EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:40 a.m.•10 views

CVE-2026-46218

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add bounds checking to ibget,setvalue The uvd/vce/vcn code accesses the IB at predefined offsets without checking that the IB is large enough. Check the bounds here. The caller is responsible for making sure it can...

7.1CVSS6AI score0.00131EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:40 a.m.•10 views

CVE-2026-46217

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn4: Avoid overflow on msg bound check As pointed out by SDL, the previous condition may be vulnerable to overflow. cherry picked from commit 3c5367d950140d4ec7af830b2268a5a6fdaa3885...

5.8AI score0.00013EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:40 a.m.•8 views

CVE-2026-46216

In the Linux kernel, the following vulnerability has been resolved: drm/xe/hdcp: Add NULL check for mediagt in intelhdcpgsccheckstatus When media GT is disabled via configfs, there is no allocation for mediagt, which is kept as NULL. In such scenario, intelhdcpgsccheckstatus results in a kernel...

5.7AI score0.00127EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:40 a.m.•12 views

CVE-2026-46215

In the Linux kernel, the following vulnerability has been resolved: drm: Set old handle to NULL before prime swap in changehandle There was a potential race condition in changehandle. The ioctl briefly had a single object with two idr entries; a concurrent gemclose could delete the object and...

5.8AI score0.00134EPSS
Exploits2References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:40 a.m.•19 views

CVE-2026-46214

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix accept queue count leak on transport mismatch virtiotransportrecvlisten calls skacceptqadded before vsockassigntransport. If vsockassigntransport fails or selects a different transport, the error path returns...

5.8AI score0.00128EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:40 a.m.•8 views

CVE-2026-46213

In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix UAF in inactivity-timer cleanup path Commit 38224c472a03 "HID: appletb-kbd: fix slab use-after-free bug in appletbkbdprobe" added timerdeletesync&kbd-;inactivitytimer to both the probe closehw error path and...

5.7AI score0.00124EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:40 a.m.•11 views

CVE-2026-46212

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: prevent use-after-free when deleting claims When batadvbladelbackboneclaims removes all claims for a backbone, it does this by dropping the link entry in the hash list. This list entry itself was one of the...

8.8CVSS5.7AI score0.00274EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/05/28 9:40 a.m.•52 views

CVE-2026-46211

In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: fix error handling in msmioctlgeminfogetmetadata msmioctlgeminfogetmetadata always returns 0 regardless of errors. When copytouser fails or the user buffer is too small, the error code stored in ret is ignored becaus...

5.9AI score0.00127EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities77679