Lucene search
K
AttackerkbRecent

74584 matches found

ATTACKERKB
ATTACKERKB
•added 5 days ago•8 views

CVE-2026-11875

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or verify its guest-session cookie, allowing unauthenticated attackers to forge it and impersonate any ticket owner identified by email address to read, reply to, and close that person's support tickets...

6AI score0.00193EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 5 days ago•8 views

CVE-2026-12270

The Everest Forms WordPress plugin before 3.5.0 does not correctly restrict access to several REST API endpoints belonging to its onboarding assistant: the capability check is only applied when an attacker-controllable request header holds a specific value, so it can be bypassed by omitting or...

5.9AI score0.00179EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 5 days ago•7 views

CVE-2026-11571

The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via...

6AI score0.00256EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 5 days ago•7 views

CVE-2026-12516

The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated media-proxying endpoint, allowing anonymous users to make the site fetch arbitrary URLs, including internal and private-network addresses, and read back...

5.9AI score0.00187EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 5 days ago•7 views

CVE-2026-47826

The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4...

8.8CVSS7.3AI score0.00331EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 5 days ago•10 views

CVE-2026-5523

The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the updateuser function accepting a user ID parameter from form submissions without verifying that the authenticated user has permission to edit that specific...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 5 days ago•10 views

CVE-2026-41857

A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator runs bosh ssh or bosh scp/bosh logs -f with default flags. Affected versions: BOSH CLI versions prior to 7.10.5...

7.8CVSS7.3AI score0.00148EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 5 days ago•9 views

CVE-2026-15138

A security vulnerability has been detected in tumf mcp-text-editor up to 1.0.2. This issue affects the function validatefilepath of the file mcptexteditor/texteditor.py. Such manipulation of the argument filepath leads to path traversal. The attack can be launched remotely. The exploit has been...

7.5CVSS6.2AI score0.00347EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 5 days ago•8 views

CVE-2026-51925

A Local File Inclusion LFI vulnerability exists in docuForm GmbH Client v.11.11c that allows a remote attacker to execute arbitrary code via the dfm-menureport.php component. Attackers can exploit this flaw to read arbitrary files on the server, including sensitive configuration files, source cod...

8.1CVSS6.3AI score0.00322EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 5 days ago•7 views

CVE-2026-51599

An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5 Build 230306 Rel.79931n allows an unauthenticated remote attacker to render an individual TCP connection temporarily unusable via sending an RTSP request with a Content-Length header but no corresponding...

6AI score0.00433EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 5 days ago•7 views

CVE-2026-51926

An issue in docuForm GmbH FSM Client v.11.11c allows a remote attacker to obtain sensitive information via the login.php component. A vulnerability was identified in the authentication mechanism that allows user enumeration through the login interface. An attacker can differentiate between valid...

7.5CVSS6AI score0.0036EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 5 days ago•7 views

CVE-2026-51924

An issue in docuForm GmbH Client v.11.11c allows a remote attacker to execute arbitrary code via the file upload and report.php component...

6.3AI score0.0033EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 5 days ago•7 views

CVE-2026-51597

MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does not implement nonce expiration in RTSP Digest authentication. An adjacent network attacker can capture a legitimate authentication exchange and replay the nonce and response values in a new connection to bypass authentication without...

6AI score0.00372EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 5 days ago•7 views

CVE-2026-51605

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.991 allows an unauthenticated remote attacker to cause a denial of service via a crafted TEARDOWN request...

7.5CVSS6.3AI score0.0041EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 5 days ago•7 views

CVE-2026-51604

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted PLAY request...

7.5CVSS6.3AI score0.0041EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 5 days ago•6 views

CVE-2025-45422

Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass normal restrictions and make arbitrary changes to port forwarding rules...

6AI score0.00448EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 5 days ago•9 views

CVE-2026-51603

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted second SETUP request. After completing the OPTIONS, DESCRIBE, and a legitimate first SETUP request to obtain a...

7.5CVSS6.4AI score0.00411EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 5 days ago•6 views

CVE-2026-31267

Mercusys MW302R MW302REUV11.4.10 Build 231023 is vulnerable to Buffer Overflow in the administrative web interface. A stack buffer overflow vulnerability in the administrative web interface allows an authenticated attacker with administrative privileges to trigger a system crash by sending a...

6.2AI score0.00198EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 5 days ago•7 views

CVE-2026-51602

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted SETUP request. The RTSP service's second-stage URL routing parser fails to validate the length of the URL fiel...

7.5CVSS6.4AI score0.00402EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 5 days ago•7 views

CVE-2026-51600

Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the Content-Length header field in RTSP requests including DESCRIBE, SETUP, and PLAY methods. When a request carrying a Content-Length header is received without a corresponding message body, the RTSP parser enters a persistent body-awaiting...

7.5CVSS6AI score0.00404EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 5 days ago•6 views

CVE-2025-63579

Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book to be exported. The security measure that encrypts incoming data ian be bypassed with this vulnerability, allowing encrypted data to be decrypted. Passwords and other sensitive information can be...

7.5CVSS5.9AI score0.00199EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 5 days ago•7 views

CVE-2026-51601

Tenda CP3 V3.0 firmware V31.1.9.91 contains a stack-based buffer overflow in the RTSP service. The device fails to validate the length of the clock= value in the Range header field when processing a PLAY request. An unauthenticated remote attacker who has completed a standard RTSP session handsha...

6.4AI score0.0041EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 5 days ago•7 views

CVE-2026-51923

An Insecure Direct Object Reference IDOR vulnerability exists in docuForm GmbH Client v.11.11c allowing a remote attacker to execute arbitrary code via the user settings component, and modify or retrieve sensitive data associated with other users’ accounts...

6.3AI score0.00382EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 5 days ago•9 views

CVE-2026-51598

An input validation vulnerability in the RTSP service of MERCURY MIPC252W IP Camera v1.0.5 Build 230306 Rel.79931n allows an unauthenticated, network-adjacent attacker to cause a denial of service via a crafted DESCRIBE request with a malformed URL in the request line...

6.5CVSS6AI score0.00177EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 5 days ago•7 views

CVE-2026-39246

decompress before 4.2.2 allows arbitrary symlink creation during archive extraction. When processing symlink entries type === 'symlink', the x.linkname field from the archive is passed directly to fs.symlink without validation index.js line 121. The preventWritingThroughSymlink check on line 98...

7.5CVSS6.1AI score0.00485EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
•added 5 days ago•6 views

CVE-2026-39245

decompress before 4.2.2 contains an improper path containment check that enables directory traversal and arbitrary file write. The safeMakeDir function index.js line 29 and the extraction path validation index.js line 106 use String.indexOf to verify the resolved path is within the output...

9.8CVSS6AI score0.02147EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
•added 5 days ago•6 views

CVE-2026-39243

decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...

5.5CVSS6.1AI score0.00196EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
•added 5 days ago•6 views

CVE-2026-38076

An integer overflow in the jbig2arithiaidctxnew function of Artifex commit cc37d0 allows attackers to cause a Denial of Service DoS via a crafted input...

7.5CVSS6AI score0.00432EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 5 days ago•8 views

CVE-2026-51606

An improper input handling vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 causes the device to abruptly terminate the TCP connection with a RST packet when a request containing an oversized field value is received, without returning any RFC 2326-compliant error response...

7.5CVSS6AI score0.00324EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 6 days ago•7 views

CVE-2026-15134

A vulnerability was determined in CodeAstro Simple Online Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /SimpleOnlineLeave/index.php. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•11 views

CVE-2026-15131

Inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00172EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•8 views

CVE-2026-15107

Use after free in IndexedDB in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

6.3AI score0.00242EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•8 views

CVE-2026-15128

Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

6.1AI score0.00139EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•8 views

CVE-2026-15130

Insufficient policy enforcement in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00172EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•8 views

CVE-2026-15127

Inappropriate implementation in WebGL in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

6.1AI score0.00139EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•8 views

CVE-2026-15124

Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

6AI score0.00168EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•8 views

CVE-2026-15126

Use after free in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score0.00242EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•9 views

CVE-2026-15125

Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score0.00233EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•7 views

CVE-2026-15123

Inappropriate implementation in DOM in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

6AI score0.00202EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•8 views

CVE-2026-15121

Use after free in WebRTC in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score0.00306EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•9 views

CVE-2026-15122

Insufficient validation of untrusted input in Codecs in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6AI score0.0019EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•6 views

CVE-2026-15119

Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6AI score0.00147EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•7 views

CVE-2026-15120

Use after free in Core in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6AI score0.00178EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•8 views

CVE-2026-15118

Use after free in Input in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score0.00242EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•7 views

CVE-2026-15115

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.115 allowed a local attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

6AI score0.00089EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•7 views

CVE-2026-15116

Use after free in Actor in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score0.00242EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•7 views

CVE-2026-15117

Use after free in Payments in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

6AI score0.00178EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•6 views

CVE-2026-15114

Out of bounds read and write in Codecs in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Chromium security severity: High...

6AI score0.00187EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•6 views

CVE-2026-15113

Use after free in Autofill in Google Chrome on Android prior to 150.0.7871.115 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6AI score0.00202EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•6 views

CVE-2026-15111

Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

6AI score0.00178EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities74584