Lucene search
K
AttackerkbRecent

74584 matches found

ATTACKERKB
ATTACKERKB
•added 6 days ago•5 views

CVE-2026-15172

FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS5.9AI score0.00097EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•5 views

CVE-2026-15173

pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service...

4.7CVSS5.9AI score0.00089EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•5 views

CVE-2026-15171

SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS6AI score0.00097EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•5 views

CVE-2026-15169

UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS5.9AI score0.00218EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•6 views

CVE-2026-15167

DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

7.5CVSS5.9AI score0.00156EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•7 views

CVE-2026-55778

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.9.1-alpha.11 and 8.6.81, the default fileUpload.fileExtensions blocklist could be bypassed by uploading a file with a non-standard or compound extension and dangerous content type,...

2.1CVSS5.6AI score0.00406EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•5 views

CVE-2026-15170

Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS5.9AI score0.00133EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•6 views

CVE-2026-15165

TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service...

5.5CVSS5.9AI score0.00133EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•5 views

CVE-2026-15163

Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service...

5.5CVSS5.9AI score0.00187EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•5 views

CVE-2026-15164

Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS5.9AI score0.00097EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•68 views

CVE-2025-12506

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to create a repository where the content displayed in the web interface differed from t...

3.5CVSS6AI score0.00187EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•7 views

CVE-2026-49866

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to 16.0.0, @libp2p/gossipsub defaultDecodeRpcLimits set maxIhaveMessageIDs and maxIwantMessageIDs to Infinity, allowing oversized IHAVE and IWANT control message arrays in message/decodeRpc.ts and gossipsub.ts to synchronousl...

7.5CVSS6AI score0.00446EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•69 views

CVE-2026-6352

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper...

2.7CVSS6AI score0.00264EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•6 views

CVE-2026-6896

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary scripts in another user's browser...

8.7CVSS6.2AI score0.00282EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•16 views

CVE-2026-7492

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls...

4.3CVSS6AI score0.00254EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•70 views

CVE-2026-8472

GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to...

4.3CVSS6AI score0.00243EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•70 views

CVE-2026-11827

GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to imprope...

4.9CVSS6AI score0.00255EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•71 views

CVE-2026-13151

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper...

2.7CVSS6AI score0.00161EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•6 views

CVE-2026-13320

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.7 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to execute arbitrary scripts in another user's browser session due to improper...

7.3CVSS6.2AI score0.00243EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•12 views

CVE-2026-58525

Improper access control in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...

8.2CVSS5.9AI score0.00362EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•4 views

CVE-2026-54590

AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Version 2.23.0 contains an incomplete fix for CVE-2026-45309 in SSHServerConfig.settokens that blocks /, , and .. before %u substitution in...

5.9CVSS6AI score0.00285EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•6 views

CVE-2026-54591

AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior to 2.23.1, a malicious SSH server can write arbitrary files on the asyncssh SCP client's filesystem by sending filenames containing ../...

8.1CVSS6.1AI score0.00317EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•6 views

CVE-2026-55542

Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, Snipe-IT S3 signature image retrieval lacks authorization before temporary URL. On S3-backed deployments, authenticated users who know a signature filename can obtain a 5-minute signed S3 URL because the S3 branch returns...

5.3CVSS6AI score0.00281EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•7 views

CVE-2026-55206

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, PackInfo.read in archiveinfo.py used an On^2 cumulative sum pattern for attacker-controlled numstreams values parsed from archive headers, allowing a crafted...

8.7CVSS5.9AI score0.00321EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•5 views

CVE-2026-58212

Further research determined the issue is not a vulnerability based on CNA Rule 4.1.12 The act of updating Product dependencies MUST NOT be determined to be a Vulnerability, regardless of whether the dependencies have Vulnerabilities...

6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 6 days ago•5 views

CVE-2026-55195

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, py7zr's Worker.decompress extracted archive entries without tracking total decompressed size, allowing a crafted .7z file such as a 15.6 KB archive that expan...

8.7CVSS6AI score0.00321EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•8 views

CVE-2026-55596

Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0 until 53.1.4, the media embed renderer trusts serialized provider or sourceUrl metadata in useMediaState and skips parseMediaUrl protocol validation, allowing a crafted Plate document to set a known video provider while keeping url as...

8.7CVSS6AI score0.00241EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•5 views

CVE-2026-56669

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to 1.4.29, Elysia uses getAll in form data normalization for multipart/form-data endpoints, causing the amount of work to grow quadratically with the number of...

7.5CVSS6AI score0.00358EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•6 views

CVE-2026-58494

Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite...

6.5CVSS6AI score0.00119EPSS
Exploits0References10Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•4 views

CVE-2026-14896

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS6AI score0.0016EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
•added 6 days ago•5 views

CVE-2026-58208

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with...

6.8CVSS6AI score0.00593EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•4 views

CVE-2026-58211

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client could be registered as the configured noauthuser through a parser path used when the first client operation was not CONNECT, bypassing user-level connection...

5.4CVSS6AI score0.00292EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•4 views

CVE-2026-58207

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client able to send account-scoped connection monitoring requests could crash the server by supplying Connz pagination Offset and Limit values that overflowed internal...

7.7CVSS6AI score0.0056EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•5 views

CVE-2026-0288

Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent TSA component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service DoS condition or potentially execute arbitrary code by sending specially crafted...

9.2CVSS6.5AI score0.00557EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
•added 6 days ago•4 views

CVE-2026-58210

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completed, consuming server memory while the...

7.5CVSS6AI score0.00732EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•4 views

CVE-2026-58209

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, MQTT retained message delivery and QoS1+ durable replay could deliver messages whose original topics matched a subscriber configured subscribe deny rule because these...

4.3CVSS6AI score0.00342EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•8 views

CVE-2026-14361

The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability CVE-2026-14361 is fixed in consul-templat...

4.7CVSS5.9AI score0.00105EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•6 views

CVE-2026-14891

HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability,...

8.7CVSS6AI score0.00316EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
•added 6 days ago•6 views

CVE-2026-58214

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protoc...

4.3CVSS5.9AI score0.00367EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•5 views

CVE-2026-58254

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to messages arriving through leafnode connections, allowing a leafnode...

5.3CVSS5.9AI score0.00428EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•5 views

CVE-2026-8801

Path equivalence: vulnerability in Progress MOVEit Transfer File Upload modules. This issue affects MOVEit Transfer: before 2025.0.8, from 2025.1.0 before 2025.1.4...

3.5CVSS5.9AI score0.00311EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•5 views

CVE-2026-8800

Incorrect Authorization vulnerability in Progress MOVEit Transfer Audit User module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

2.7CVSS5.9AI score0.00196EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•5 views

CVE-2026-58213

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9, an MQTT client could include protocol control characters in subscription filters that were later forwarded as NATS protocol data to route or leafnode connections, corrupti...

7.1CVSS6AI score0.00439EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•6 views

CVE-2026-15154

A flaw was found in guardrails-detectors, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service ReDoS, allows a remote attacker to provide specially crafted regular expressions to the public detection API. This can cause catastrophic backtracking,...

6.5CVSS5.9AI score0.00204EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 6 days ago•5 views

CVE-2026-8651

Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer HTTPS module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

3.7CVSS5.9AI score0.00215EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•6 views

CVE-2026-58250

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.12.8 and 2.11.17, an unauthenticated peer with network access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by...

7.5CVSS5.9AI score0.00732EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•5 views

CVE-2026-8650

Relative path traversal vulnerability in Progress MOVEit Transfer Admin Settings module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

4.5CVSS5.9AI score0.00365EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•5 views

CVE-2026-58252

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a configured wildcard deny rule but was not a subset...

6.5CVSS6AI score0.00465EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
•added 6 days ago•5 views

CVE-2026-59807

Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and exfiltrate sensitive files by exploiting a missing assertSafeFileUploadPath check in the readFileFromDisk function within tool-file-uploads.ts. Attackers can exploit prompt...

8.9CVSS6AI score0.00289EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
•added 6 days ago•5 views

CVE-2026-59806

Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the filefetch function in the /gradioapi/file= endpoint. Attackers can cra...

7.4CVSS6AI score0.00247EPSS
Exploits0References6
Total number of security vulnerabilities74584