Lucene search
K
AttackerkbRecent

74784 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/06 8:5 p.m.5 views

CVE-2026-55574

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, the structuredoutputs.regex API parameter passes a user-supplied regular expression string directly to the grammar compiler backends with no compilation timeout; in the xgrammar backend the stri...

8.7CVSS5.9AI score0.00324EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:0 p.m.7 views

CVE-2026-55727

A flaw in the authentication mechanism for video stream requests in Genetec Security Center 5.14.0.0 prior to build 5.14.178.18 may allow an unauthenticated attacker to access live video streams...

7.5CVSS5.9AI score0.00291EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:52 p.m.7 views

CVE-2026-50135

Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat follows symlinks instead of Lstat , so a direct resources.Get of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local mount e.g. a...

6.9CVSS5.9AI score0.00275EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:49 p.m.6 views

CVE-2026-54234

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, a frontend-legal multi-request speculative decoding workload can cause the rejection sampler to produce a recovered token equal to the model vocabulary size boundary value, which is then convert...

7.5CVSS6AI score0.00343EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:45 p.m.6 views

CVE-2026-48267

DNG SDK versions 1.7.1 2536 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue...

5.5CVSS6AI score0.00139EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:42 p.m.6 views

CVE-2026-50134

Hugo is a static site generator. From 0.91.0 until 0.162.0, resources.GetRemote enforces security.http.urls on the URL it is called with, but it did not re-validate intermediate URLs on HTTP 3xx redirects. An allowed server or an attacker controlling its DNS or response could therefore redirect t...

6.3CVSS5.9AI score0.00249EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:41 p.m.5 views

CVE-2026-14898

The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in content processed by Codex, such as a connected-tool result or another untrusted source, could induce the model to construct a remote image U...

6.1AI score0.00221EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:41 p.m.6 views

CVE-2026-55646

vLLM is an inference and serving engine for large language models. From 0.22.0 to 0.23.0, the /v1/audio/transcriptions and /v1/audio/translations routes call request.file.read to fully materialize an uploaded audio file into memory before vLLM checks the documented VLLMMAXAUDIOCLIPFILESIZEMB...

6.5CVSS6AI score0.00289EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:38 p.m.6 views

CVE-2026-59089

A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table CLUT due to an integer overflow. This occurs when multiplying numcolors and numcluts, both 16-bit unsigned short integers, resulting i...

5.5CVSS6AI score0.00208EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:35 p.m.7 views

CVE-2026-53763

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.0.0 and prior to version 4.11.0, 32-bit integer overflows in OP-TEE core's AES-GCM implementation cause the...

3.8CVSS6AI score0.00149EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:33 p.m.6 views

CVE-2026-44362

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20.0 and prior to version 4.11.0, a vulnerability in OP-TEE’s subkey rollback protection allows the use of revoked ...

5.5CVSS6AI score0.00122EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:31 p.m.6 views

CVE-2026-42546

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.3.0 and prior to version 4.11.0, a resource leak exists in OP-TEE’s shared memory cleanup logic because the functio...

3.8CVSS6AI score0.00105EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:31 p.m.5 views

CVE-2026-50133

Hugo is a static site generator. Prior to 0.162.0, Hugo accepts content files in several markup formats. Files mapped to the text/html media type typically .html files under /content, or pages produced by a content adapter that sets content.mediaType = "text/html" had their body emitted verbatim...

5.1CVSS5.4AI score0.00187EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:27 p.m.6 views

CVE-2026-41516

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA PKCS1 v1.5 decryption implementation in the Hisilicon HPRE crypto driver...

2.5CVSS6AI score0.00099EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:25 p.m.5 views

CVE-2026-58403

Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the mount tree, but a regression caused RootMappingFs.statRoot to call Stat, which follows symlinks, instead of Lstat, so a direct os.ReadFile...

5.9CVSS5.9AI score0.00318EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:25 p.m.5 views

CVE-2026-41515

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.9.0 and prior to version 4.11.0, the RSA-OAEP decryption implementation in the NXP CAAM crypto driver uses...

2.5CVSS6AI score0.00094EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:23 p.m.6 views

CVE-2026-14536

Improper enforcement of a mandatory multi-factor authentication policy in Devolutions Server 2026.2.9.0 allows an attacker with valid user credentials to bypass the MFA Required policy and authenticate without completing multi-factor authentication. The problem occurs when DVLS encounters an...

6AI score0.00231EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:19 p.m.7 views

CVE-2026-58402

Hugo is a static site generator. From 0.60.0 until 0.163.3, Hugo's default code-block renderer wrote the Markdown code-fence language or info-string into the code class="language-…" data-lang="…" wrapper without HTML escaping. A fence info-string containing a quote and a script payload breaks out...

5.1CVSS5.8AI score0.00172EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:17 p.m.7 views

CVE-2026-11405

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification prodencode64/PasswordToMd5/checkrandkey. - After normal authentication fails, it...

6AI score0.00668EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:16 p.m.5 views

CVE-2026-58404

Hugo is a static site generator. From v0.162.0 through v0.163.0, the default security.http.urls policy denies requests to loopback, internal, and cloud-metadata IPv4 literals, but the deny rule only matched dotted-decimal notation, so alternate IPv4 encodings of the same addresses, including...

4.6CVSS5.8AI score0.00208EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:6 p.m.5 views

CVE-2026-41514

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA-OAEP decryption implementation in the Hisilicon HPRE crypto driver uses...

2.5CVSS6AI score0.00095EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:55 p.m.5 views

CVE-2026-54291

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...

8.2CVSS5.9AI score0.00236EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:52 p.m.5 views

CVE-2026-55379

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS6AI score0.00364EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:50 p.m.6 views

CVE-2026-55380

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS6AI score0.00361EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:49 p.m.6 views

CVE-2026-54060

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per-glyph images into a combined bitmap with Image.new"1", xsize, ysize without calling Image.decompressionbombcheck, allowing a font to trigger excessive allocation during conversion or saving. This...

7.5CVSS6AI score0.00361EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:46 p.m.5 views

CVE-2026-54059

Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py loadbitmaps read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes without calling Image.decompressionbombcheck, allowing crafted PCF font data to cause excessive memory allocation. Thi...

7.5CVSS6AI score0.00354EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:44 p.m.6 views

CVE-2026-55798

Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.getcommand constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to subprocess.Popen..., shell=True, allowing shell metacharacters in the file path to inject...

4.5CVSS6AI score0.00136EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:22 p.m.7 views

CVE-2026-9181

Esri ArcGIS Server contains a directory traversal vulnerability. ArcGIS Enterprise on Kubernetes is not impacted. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful exploitation could allow overwriting sensitive files on the system. Abuse of this...

9.8CVSS6AI score0.00727EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:21 p.m.6 views

CVE-2026-9182

Esri ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload, potentially allowing for other attacks. This issue impacts a...

9.8CVSS6.1AI score0.00352EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:0 p.m.6 views

CVE-2026-13753

A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version =TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive...

7.5CVSS6AI score0.00271EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 5:31 p.m.5 views

CVE-2026-12154

The Reviews Widgets for Google, Yelp & TripAdvisor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pageid' shortcode attribute of the fbrev shortcode in versions up to and including 2.7.3. This is due to insufficient input sanitization and output escaping in the...

6.4CVSS6AI score0.00193EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/06 5:24 p.m.6 views

CVE-2026-41434

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.10.0 and prior to version 4.11.0, an unbounded recursion can crash the PKCS11 TA. Version 4.11.0 contains a patch. ...

3.3CVSS6AI score0.00105EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 4:46 p.m.6 views

CVE-2026-48614

An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root and full privilege escalation on the underlying server...

9.9CVSS6.1AI score0.0033EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 4:26 p.m.6 views

CVE-2026-40257

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.21.0 and prior to version 4.11.0, the ARM Crypto Extensions accelerated SHA-3 implementation has an off-by-one erro...

5.5CVSS6AI score0.00109EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 4:23 p.m.7 views

CVE-2025-53831

DrawIO for ownCloud is an application for using DrawIO with the file storage, synchronization, and sharing application ownCloud Classic. In DrawIO for ownCloud prior to version 1.0.2, which corresponds to ownCloud 10 prior to version 10.15.3, attackers with access to the DrawIO app can leverage...

8.2CVSS5.9AI score0.00164EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/07/06 4:13 p.m.9 views

CVE-2026-48316

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS7.9AI score0.01396EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 4:13 p.m.5 views

CVE-2026-40141

A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...

9.9CVSS6AI score0.00478EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 4:13 p.m.4 views

CVE-2026-40140

BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting...

8.7CVSS6AI score0.00561EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 4:13 p.m.3 views

CVE-2026-40139

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts...

9.8CVSS6AI score0.00653EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 4:12 p.m.4 views

CVE-2026-40138

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...

9.2CVSS6AI score0.00417EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 3:42 p.m.5 views

CVE-2026-43825

Untrusted Java Deserialization in Apache OpenNLP SvmDoccatModel Versions Affected: before 3.0.0-M4 libsvm document categorization module; introduced in OPENNLP-1808 and only present on the 3.x line Description: SvmDoccatModel.deserializeInputStream reads an attacker-controlled stream with...

7.3CVSS6.7AI score0.08786EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 3:25 p.m.8 views

CVE-2026-5268

An authentication bypass vulnerability exists in the default SFTP server component utilized across the Ciena products listed. This vulnerability allows a remote, unauthenticated attacker to bypass security controls and gain unauthorized access to the underlying filesystem. Successful exploitation...

9.1CVSS6AI score0.0042EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 3:21 p.m.6 views

CVE-2026-59195

pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies section and uses those names directly when creating config dependency symlinks under nodemodules/.pnpm-config. A malicious repository can commit a crafted pnpm-lock.yaml who...

8.2CVSS6AI score0.00257EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 3:18 p.m.5 views

CVE-2026-59196

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted lockfile alias could be joined directly under a hoisted nodemodules directory. Traversal aliases could escape that directory, while reserved aliases such as .bin or .pnpm could overwrite pnpm-owned layout. This vulnerability is fix...

7.1CVSS5.9AI score0.00262EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 3:17 p.m.7 views

CVE-2025-53830

Anti-Virus for ownCloud is an anti-virus application for file storage, synchronization, and sharing application ownCloud. Versions of Anti-Virus for ownCloud before 1.2.3 are vulnerable to Server-Side Request Forgery SSRF. This corresponds to versions of ownCloud 10 prior to 10.15.3. Upgrade...

9.1CVSS6AI score0.00257EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/07/06 3:16 p.m.5 views

CVE-2026-59194

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted patch entry could resolve outside the configured patches directory and cause pnpm patch-remove to delete an arbitrary reachable file. This vulnerability is fixed in 10.34.4 and 11.7.0...

7.1CVSS6AI score0.00257EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 2:46 p.m.8 views

CVE-2025-53829

ownCloud is a file storage, synchronization, and sharing application. In ownCloud 10 prior to version 10.15.3, an attacker with administrative privileges can exploit a path traversal vulnerability in the system to execute arbitrary code. Upgrade ownCloud 10 to version 10.15.3 or later to receive ...

8CVSS6.2AI score0.00335EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 2:41 p.m.6 views

CVE-2025-53828

SharePoint for ownCloud is an application for using SharePoint with the file storage, synchronization, and sharing application ownCloud Classic. In SharePoint for ownCloud prior to version 0.4.1, which corresponds to ownCloud 10 prior to 10.15.3, an attacker with administrative privileges can use...

8.5CVSS6.4AI score0.00232EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/07/06 2:32 p.m.12 views

CVE-2026-13122

OpenVPN version 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled...

5.9CVSS6AI score0.00487EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 2:31 p.m.5 views

CVE-2025-53827

ownCloud Core is the server-side component of the file storage, synchronization, and sharing application ownCloud Classic. In versions prior to 10.15.3, the Updater on ownCloud 10 before 10.15.3 has an exposed dangerous method or function. Attackers with administrative privileges may leverage...

9.1CVSS6.1AI score0.00342EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities74784