Lucene search
K
AttackerkbRecent

74775 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/07 8:59 p.m.7 views

CVE-2026-49229

Actual is a local-first personal finance app. Prior to 26.6.0, in OpenID multi-user mode, disabling a user only blocks future OpenID login for that identity, while existing Actual session tokens for the disabled user remain valid. The shared session validation path accepts any existing token row...

8.3CVSS6AI score0.00441EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:58 p.m.6 views

CVE-2026-50179

Actual is a local-first personal finance tool. Prior to 26.6.0, exportToCSV and exportQueryToCSV in packages/loot-core/src/server/transactions/export/export-to-csv.ts pass user-controlled Payee, Notes, Account, and Category strings to csv-stringify with no cast callback and no formula-prefix...

4.2CVSS6AI score0.00286EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:56 p.m.6 views

CVE-2026-46700

Actual is a local-first personal finance tool. Prior to 26.6.0, the GET /secret/:name endpoint in @actual-app/sync-server checks only that the caller has a valid session and does not verify the caller is an admin, while the sibling POST /secret/ handler enforces an admin check in OpenID mode. Any...

4.3CVSS6AI score0.00342EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:55 p.m.6 views

CVE-2026-46672

Actual is a local-first personal finance app. Prior to 26.6.0, @actual-app/cli ships a hand-rolled CSV serializer in packages/cli/src/output.ts used whenever the global --format csv option is passed, whose escapeCsv helper only handles RFC 4180 delimiter, quote, and newline escaping and does not...

4.6CVSS6.1AI score0.00188EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:53 p.m.8 views

CVE-2026-50007

Actual is an open-source personal finance application. Prior to 26.7.0, a missing authorization issue allows a shared user with useraccess on a budget file to perform owner-only file management actions. A non-owner shared user can call file-management endpoints intended for higher-privilege users...

7.2CVSS5.9AI score0.00246EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:50 p.m.5 views

CVE-2026-49471

Serena is a powerful MCP toolkit for coding that provides semantic retrieval and editing capabilities. Prior to v1.5.2, Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port, with no authentication, no CSRF protection, and no Host header validation. A D...

8.3CVSS6.7AI score0.00237EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:48 p.m.6 views

CVE-2026-55592

Dashy is a self-hostable personal dashboard. Prior to 4.3.7, Dashy's workspace view trusts the url query parameter and assigns it directly to an iframe source without scheme validation. If a logged-in user opens a crafted workspace link containing a javascript: URL, JavaScript runs on the Dashy...

3.9CVSS6AI score0.00255EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:46 p.m.5 views

CVE-2026-53511

calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition with a python: template in calibre:usermetadata that is pass...

8.5CVSS6.2AI score0.00197EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:44 p.m.5 views

CVE-2026-53935

Cilium is a networking, observability, and security solution. Prior to 1.17.16, from 1.18.2 to 1.18.9, and from 1.19.0 to 1.19.3, users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, enabling hijacking traffic to Services in any namespa...

6.9CVSS6AI score0.00341EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:41 p.m.5 views

CVE-2026-50530

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a share mode chart data interface only validates that sceneId matches the resourceId in the link token and fails to validate whether tableId and field IDs in the request body belong to the shared resource, allowing...

7.1CVSS6AI score0.00238EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:39 p.m.5 views

CVE-2026-50529

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/share/proxyInfo share interface generates and returns X-DE-LINK-TOKEN before validating the share password or ticket, allowing unauthenticated attackers who know a protected share UUID to obtain a valid...

8.7CVSS6AI score0.00285EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:37 p.m.5 views

CVE-2026-55647

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, dashboard text components render stored component content with Vue v-html without server-side HTML sanitization, allowing an authenticated user who can edit dashboard component data to inject HTML with executable...

5.1CVSS6AI score0.00269EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:37 p.m.9 views

CVE-2026-59707

LocalAI contains an unauthenticated server-side request forgery vulnerability in the POST /models/apply endpoint that allows attackers to fetch arbitrary internal URLs. The endpoint passes unsanitized gallery URL fields directly to gallery.GetGalleryConfigFromURLWithContext without proper...

9.2CVSS6.1AI score0.0036EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:35 p.m.6 views

CVE-2026-55635

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, chart quota and Y-axis filters embed attacker-controlled filter values directly into generated SQL in Quota2SQLObj.getYWheres without applying the SQL literal validation and escaping used by other filter paths,...

8.7CVSS6AI score0.00266EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:34 p.m.6 views

CVE-2026-58473

Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which performs no admin or superuser check. Attackers can redirect all L...

9.3CVSS6AI score0.00372EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:33 p.m.6 views

CVE-2026-58583

FluxInk formerly Sunia SPB Peripheral Color Management Driver TcnPeripheral64.sys 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \Device\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows...

8.4CVSS6AI score0.00101EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:33 p.m.6 views

CVE-2026-57172

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, ShareSecretManage uses a hardcoded default share link signature key, allowing an attacker who can obtain a passwordless share for a resource and user to use the known key link-pwd-fit2cloud to forge linkToken JWTs,...

8.3CVSS5.9AI score0.00289EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:31 p.m.7 views

CVE-2026-53751

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the H2 database JDBC URL validation logic can be bypassed with special Unicode characters whose case-conversion behavior differs between DataEase validation and H2 parsing, allowing attackers to smuggle dangerous...

8.7CVSS6.2AI score0.00375EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:29 p.m.8 views

CVE-2026-53730

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/datasetData/previewSql endpoint lacks the mandatory @DePermit permission validation annotation, allowing any authenticated user to specify datasourceId=-1, access the built-in engine database, execute...

8.7CVSS6.2AI score0.00235EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:27 p.m.6 views

CVE-2026-55633

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a bypass of the H2 zip protocol and file dropper fix allows an authenticated attacker to upload a zip archive disguised with a .ttf extension through FontManage.saveFile and then exploit it through the zip protocol...

8.7CVSS6.3AI score0.00501EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:24 p.m.8 views

CVE-2026-55631

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the font management module allows authenticated users to submit an arbitrary fileTransName when creating a font record; when the record is later deleted, the backend concatenates that stored value with the font...

7.2CVSS6.1AI score0.00313EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:23 p.m.5 views

CVE-2026-53729

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, any authenticated user can download /exportCenter/download/id, delete /exportCenter/delete, retry /exportCenter/retry/id, or generate download links /exportCenter/generateDownloadUri/id for export tasks belonging t...

8.7CVSS5.9AI score0.00391EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:16 p.m.6 views

CVE-2026-44454

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7 and 2.30.2, the dotfiles registry module passed unsanitized user input to shell commands, allowing arbitrary code execution inside a provisioned workspace. Any user who supplied a craft...

8.1CVSS6.6AI score0.02642EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:14 p.m.6 views

CVE-2026-55434

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.33.0 and prior to versions 2.33.8 and 2.34.2, AI Bridge provider handlers read request bodies with io.ReadAll without a maximum size so an authenticated user with AI Bridge access could se...

6.5CVSS6AI score0.00552EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:2 p.m.5 views

CVE-2026-55417

Chevereto is a self-hosted media-sharing platform. Starting in version 3.7.5 and prior to version 4.5.4, when a user enables the private profile option, visiting their profile HTML route /username correctly returns 404. However, the /json AJAX listing endpoint does not apply the same check. An...

6.9CVSS6AI score0.00249EPSS
Exploits0References3Affected Software3
ATTACKERKB
ATTACKERKB
added 2026/07/07 7:50 p.m.5 views

CVE-2026-58472

GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the htmlquotestring function in src/convert.c that allows a remote attacker to trigger memory corruption by supplying a crafted HTML attribute with a large number of characters requiring entity...

6CVSS6.3AI score0.00221EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/07 7:47 p.m.4 views

CVE-2026-58471

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

6CVSS6.2AI score0.00221EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/07 7:45 p.m.4 views

CVE-2026-58470

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigg...

6.9CVSS6.1AI score0.00247EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/07 7:43 p.m.6 views

CVE-2026-58469

GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the cleanmetalinkstring function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can cau...

8.7CVSS6.2AI score0.00351EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/07 7:27 p.m.7 views

CVE-2026-58468

NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin...

5.5CVSS6.1AI score0.002EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/07 7:3 p.m.7 views

CVE-2026-44877

An unauthenticated remote disclosure vulnerability has been identified in HPE Networking Instant On 1830, 1930, and 1960 Switches. Successful exploitation of this vulnerability could allow an unauthenticated remote threat actor to access sensitive cryptographic secrets on a vulnerable system...

6.5CVSS5.9AI score0.00277EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 6:38 p.m.6 views

CVE-2026-59708

The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attackers with a private access ID can retrieve sensitive portfolio information including holdings,...

8.7CVSS6AI score0.00343EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/07 6:19 p.m.7 views

CVE-2026-59800

9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint this route is not covered by the dashboard middleware matcher, so no authorization check is applied. The sudoPassword field from the request body is written to t...

9.8CVSS6.3AI score0.01372EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:41 p.m.5 views

CVE-2026-7017

HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, mayberedirect follows the Location: header and prepareheadersandcb re-merges the caller's headers argument into the new request, without checking whether...

7.1CVSS6AI score0.0026EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:37 p.m.6 views

CVE-2026-55435

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, AI Bridge proxy endpoints authenticate via Server.IsAuthorized in coderd/aibridgedserver, which validates key format, expiry, secret...

5.4CVSS6AI score0.00315EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:33 p.m.6 views

CVE-2026-48952

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:32 p.m.8 views

CVE-2026-48947

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS6AI score0.00197EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:32 p.m.7 views

CVE-2026-48958

An improper access check allows unauthorized users to create custom fields via webservices endpoints...

6.4CVSS6AI score0.00262EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:31 p.m.6 views

CVE-2026-48950

Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:31 p.m.6 views

CVE-2026-48955

An improper access check allows unauthorized users to access workflow stage and transition information...

6.4CVSS6AI score0.00208EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:31 p.m.8 views

CVE-2026-48956

An improper access check allows users to display a list of modules in the frontend...

6.4CVSS6AI score0.00168EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:30 p.m.6 views

CVE-2026-48957

An improper access check allows unauthorized users to access comprivacy datasets...

6.4CVSS6AI score0.0024EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:30 p.m.7 views

CVE-2026-48951

Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:30 p.m.7 views

CVE-2026-48953

Lack of escaping leads to an XSS vulnerability in the generic image output layout...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:29 p.m.6 views

CVE-2026-48948

An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...

6.4CVSS6AI score0.0024EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:29 p.m.8 views

CVE-2026-48949

Lack of validation leads to an XSS vulnerability in the MFA management views...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:29 p.m.7 views

CVE-2026-48954

Improper validation leads to a generic XSS vector in the language override feature...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 4:40 p.m.9 views

CVE-2026-13019

Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API...

9.8CVSS6AI score0.0041EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/07 4:39 p.m.10 views

CVE-2026-13020

A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an...

8.1CVSS6AI score0.00234EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/07 4:37 p.m.9 views

CVE-2026-14904

AWS Research and Engineering Studio RES is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue CWE-59 in the Auth.GetUserPrivateKey API. An authenticated remot...

7.1CVSS6.2AI score0.00381EPSS
Exploits0References3
Total number of security vulnerabilities74775