Lucene search
K
AttackerkbRecent

74794 matches found

ATTACKERKB
ATTACKERKB
•added 2026/07/06 8:10 a.m.•7 views

CVE-2026-49086

Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel DAPR component. The camel-dapr Dapr Pub/Sub consumer DaprPubSubConsumer copied two fields from each inbound CloudEvent - its Pub/Sub component name and its topic - into the...

6AI score0.00426EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 8:9 a.m.•7 views

CVE-2026-48206

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel JIRA component. The camel-jira producers read their operation parameters - the issue key, project key, transition id, summary, type, assignee, components, watchers, link type, work-log minute...

6.1AI score0.00349EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 8:8 a.m.•6 views

CVE-2026-48205

Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel DNS component. The camel-dns producers read DNS operation parameters - the resolver to query, the name or domain to look up, the record type and class, and the search term - from Exchange message headers who...

6.1AI score0.0037EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 8:6 a.m.•6 views

CVE-2026-48204

Improper Input Validation, Improper Access Control vulnerability in Apache Camel in Camel Mongodb Gridfs component. The camel-mongodb-gridfs producer selects the GridFS operation to perform from the gridfs.operation Exchange header when the endpoint's operation parameter is not set - which is the...

6AI score0.00452EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 8:6 a.m.•6 views

CVE-2026-48203

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel Solr component. The camel-solr producer copies Exchange message headers whose names begin with the SolrParam...

6.1AI score0.0037EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 8:5 a.m.•6 views

CVE-2026-46726

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Vertx Websocket component. The camel-vertx-websocket consumer mapped inbound WebSocket query and path parameters into the Camel Exchange header...

6AI score0.00536EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 8:4 a.m.•7 views

CVE-2026-46592

Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel CXF SOAP component. The camel-cxf producer selects which SOAP operation to invoke on the backend service from the operationName and operationNamespace Exchange header, whose constant values...

6AI score0.00396EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 8:4 a.m.•6 views

CVE-2026-46591

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component. The camel-neo4j producer builds the Cypher WHERE clause for its match/retrieve and delete operations from the CamelNeo4jMatchProperties map. CVE-2025-66169 addressed Cypher injection...

6.1AI score0.00329EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 8:3 a.m.•7 views

CVE-2026-46590

Deserialization of Untrusted Data vulnerability in Apache Camel PQC component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. HashicorpVaultKeyLifecycleManager and AwsSecretsManagerKeyLifecycleManager read that metadat...

6.4AI score0.00485EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 8:3 a.m.•9 views

CVE-2026-46585

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Lucene Component. The camel-lucene producer reads the search phrase from an Exchange header LuceneConstants.HEADERQUERY whose value was the plain string QUERY and RETURNLUCENEDOCS for...

6AI score0.00399EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 8:2 a.m.•7 views

CVE-2026-46584

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer MailProducer.getSender scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present...

6AI score0.00378EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 7:57 a.m.•5 views

CVE-2026-46457

Improper Input Validation vulnerability in Apache Camel NATS component. The camel-nats component maps inbound NATS message headers into the Camel Exchange but defaulted its headerFilterStrategy to a bare new DefaultHeaderFilterStrategy with no inbound rules configured NatsConfiguration. With no...

6.1AI score0.00423EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 7:56 a.m.•6 views

CVE-2026-46456

Improper Input Validation vulnerability in Apache Camel AWS2-SQS Component. The camel-aws2-sqs component map inbound message attributes into the Camel Exchange through a component-specific HeaderFilterStrategy. Sqs2HeaderFilterStrategy configured only an outbound filter setOutFilterPattern, which...

6AI score0.00472EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 7:56 a.m.•10 views

CVE-2026-46455

Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-keycloak security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks... with only the subject-exists check and the realm-URL issuer check. Keycloak's...

6AI score0.00411EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 7:56 a.m.•7 views

CVE-2026-46454

Improper Input Validation vulnerability in Apache Camel Cometd Component. The camel-cometd component maps inbound Bayeux CometD message headers into the Camel Exchange without applying a HeaderFilterStrategy. CometdBinding.populateExchangeFromMessage copies the entire ext.CamelHeaders map supplie...

6.1AI score0.00487EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 7:55 a.m.•6 views

CVE-2026-46453

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel ElasticSearch Rest Client. The camel-elasticsearch-rest-client component reads several Exchange headers to control its behaviour - SEARCHQUERY an advanced query body, OPERATION which...

6AI score0.00451EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 7:55 a.m.•5 views

CVE-2026-43865

Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component. The camel-hazelcast component creates and manages Hazelcast instances using a default configuration that applies no Java deserialization filter. When Camel builds the Hazelcast Config itself - that is, when no...

6.3AI score0.00804EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 7:55 a.m.•6 views

CVE-2026-42527

Deserialization of Untrusted Data vulnerability in Apache Camel. The default ObjectInputFilter pattern shipped with several Apache Camel components for defense-in-depth deserialization filtering 'java.;javax.;org.apache.camel.;!', or the no-'javax.' variant in the aggregation-repository component...

6AI score0.00546EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 7:54 a.m.•6 views

CVE-2026-40859

Deserialization of Untrusted Data vulnerability in Apache Camel. The camel-vertx-http component deserializes HTTP response bodies carrying the Content-Type application/x-java-serialized-object using a raw java.io.ObjectInputStream, without applying any ObjectInputFilter...

6.7AI score0.00724EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 7:46 a.m.•5 views

CVE-2026-40047

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Camel Docling component. The camel-docling component invokes the external docling command-line tool by assembling an argument list in DoclingProducer and executing it through...

5.9AI score0.01569EPSS
Exploits2References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 7:21 a.m.•4 views

CVE-2026-14809

Prog Management System developed by PROG MIS has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

8.7CVSS6.2AI score0.00437EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/06 7:18 a.m.•6 views

CVE-2026-14808

Prog Management System developed by PROG MIS has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain the database account and password...

9.8CVSS6AI score0.00507EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/06 7:9 a.m.•5 views

CVE-2026-14807

ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and password...

9.8CVSS6.1AI score0.00463EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/06 6:30 a.m.•7 views

CVE-2026-14802

A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The...

7.5CVSS6.7AI score0.01324EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 6:15 a.m.•5 views

CVE-2026-14801

A security vulnerability has been detected in GPAC 26.03-DEV-rev342-g80071f700-master. The impacted element is the function txtinprobeduration of the file src/filters/loadtext.c of the component TeXML File Handler. Such manipulation of the argument txmltimescale leads to divide by zero. An attack...

4.8CVSS5.4AI score0.00112EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
•added 2026/07/06 6:0 a.m.•8 views

CVE-2026-14800

A weakness has been identified in imhamzaazam ecommerceFlask up to cb7d9e24c30a99379651b7493b32048126ef402b. The affected element is an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been made available to the public an...

5.3CVSS5.5AI score0.00159EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
•added 2026/07/06 6:0 a.m.•6 views

CVE-2026-6382

The FileOrganizer WordPress plugin before 1.1.9, Advanced File Manager WordPress plugin before 5.4.12, File Manager Pro WordPress plugin before 2.1.1, File Manager WordPress plugin before 8.0.4 do not properly escape a parameter before passing it to a shell command when processing image operation...

9.1CVSS6AI score0.00902EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 6:0 a.m.•6 views

CVE-2026-12083

The Admin and Site Enhancements ASE WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a role-restoration request handler, allowing unauthenticated attackers to restore a previously demoted...

8.1CVSS6AI score0.00295EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 6:0 a.m.•5 views

CVE-2026-10830

The AllCoach WordPress plugin before 1.0.2 does not verify that an email address submitted to a public account-registration endpoint is not already associated with an existing user before overwriting that user's password, allowing unauthenticated attackers to reset the password of arbitrary...

8.8CVSS6AI score0.00257EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 6:0 a.m.•9 views

CVE-2026-11962

The FileOrganizer WordPress plugin before 1.2.0 does not validate the file type on several of its file-management operations, allowing authenticated users who have been granted file-manager access — which its premium add-on can extend to sub-administrator roles — to upload arbitrary PHP files and...

8.8CVSS6.3AI score0.00435EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 6:0 a.m.•5 views

CVE-2024-6228

The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated users with subscriber-level access and above to include and execute arbitrary local PHP files on t...

7.5CVSS6.2AI score0.00318EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 6:0 a.m.•6 views

CVE-2026-11855

The Simple Membership WordPress plugin before 4.7.5 does not verify the authenticity of Stripe webhook requests when no signing secret is configured, nor escape a value taken from them before outputting it in an administrator notice, allowing unauthenticated attackers to inject arbitrary web...

8.8CVSS6.1AI score0.00301EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 6:0 a.m.•7 views

CVE-2026-11766

The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user profiles, allowing authenticated users with Subscriber-level access and above to store JavaScript that executes when any user, includin...

8CVSS6AI score0.00247EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 5:45 a.m.•6 views

CVE-2026-14799

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/myaccount.php?mywishlist. The manipulation of the argument deletewishlist results in sql injection. The attack can be launched remotely. The exploit has been released to t...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 5:0 a.m.•5 views

CVE-2026-14798

A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. This issue affects some unknown processing of the file /apartment-visitor/visitor-entry.php. The manipulation of the argument visname leads to sql injection. The attack can be initiated remotely. The exploit is...

6.5CVSS6.6AI score0.002EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 4:45 a.m.•6 views

CVE-2026-14797

A vulnerability was determined in CodeAstro Apartment Visitor Management System 1.0. This vulnerability affects unknown code of the file /apartment-visitor/edit-apartment.php. Executing a manipulation of the argument editid can lead to sql injection. It is possible to launch the attack remotely...

6.5CVSS6.6AI score0.002EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 4:15 a.m.•7 views

CVE-2026-14796

A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. This affects an unknown part of the file /apartment-visitor/report.php. Performing a manipulation of the argument fromdate results in sql injection. It is possible to initiate the attack remotely. The exploit has been...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 4:0 a.m.•10 views

CVE-2026-14795

A vulnerability has been found in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/action-visitor.php. Such manipulation of the argument remark leads to sql injection. The attack may be performed from remote. Th...

6.5CVSS6.4AI score0.002EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 3:45 a.m.•7 views

CVE-2026-14794

A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 3:30 a.m.•6 views

CVE-2026-14793

A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to versio...

5.3CVSS5.7AI score0.00224EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 3:0 a.m.•7 views

CVE-2026-14792

A security vulnerability has been detected in Formbricks 5.0.0. This impacts an unknown function of the file apps/web/modules/survey/link/actions.ts of the component Survey Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. Upgrading to...

6.9CVSS6.1AI score0.00366EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
•added 2026/07/06 2:30 a.m.•6 views

CVE-2026-14791

A weakness has been identified in crater-invoice-inc crater up to 6.0.6. This affects the function getFormattedString of the file app/Http/Requests/InvoicesRequest.php of the component Invoice Note Handler. Executing a manipulation of the argument notes can lead to cross site scripting. The attac...

5.1CVSS4.1AI score0.00203EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 2:15 a.m.•6 views

CVE-2026-14790

A flaw has been found in GPAC 26.02.0. This affects the function nhmldumpsendframe of the file src/filters/writenhml.c of the component Media File Handler. Executing a manipulation can lead to null pointer dereference. The attack requires local access. The exploit has been published and may be...

4.8CVSS5.5AI score0.00115EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
•added 2026/07/06 2:0 a.m.•6 views

CVE-2026-14789

A vulnerability was detected in radareorg radare2 up to 6.1.6. Affected by this issue is some unknown functionality of the file libr/bin/format/mdmp/mdmp.c of the component Memory64ListStream Parser. Performing a manipulation results in stack-based buffer overflow. The attack requires a local...

4.8CVSS6.2AI score0.00153EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 1:45 a.m.•9 views

CVE-2026-14788

A security vulnerability has been detected in radareorg radare2 up to 6.1.6. Affected by this vulnerability is the function rcorebinload of the file libr/core/cfile.c. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and...

4.8CVSS5.2AI score0.00135EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 1:34 a.m.•8 views

CVE-2026-14803

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...

6AI score0.0033EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/06 1:30 a.m.•11 views

CVE-2026-14787

A weakness has been identified in radareorg radare2 up to 6.1.6. Affected is the function cmdprint in the library libr/core/cmdprint.inc of the component pb Print Command Handler. This manipulation causes integer overflow. The attack needs to be launched locally. The exploit has been made availab...

4.8CVSS5.5AI score0.00136EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 1:0 a.m.•12 views

CVE-2026-14786

A security flaw has been discovered in radareorg radare2 up to 6.1.6. This impacts the function rstrwordget0set of the file libr/util/str.c. The manipulation results in integer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be use...

5.5CVSS5.7AI score0.00129EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 12:0 a.m.•13 views

CVE-2026-14784

A vulnerability was identified in vxcontrol PentAGI up to 2.1.0. This affects an unknown function of the file backend/pkg/docker/client.go of the component Docker API. The manipulation leads to sandbox issue. The attack may be initiated remotely. The pull request to fix this issue awaits acceptan...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 12:0 a.m.•6 views

CVE-2026-38973

mrubyc through release3.4.1 was found to contain an out-of-bounds read in builtin missing-method lookup inside mrbcfindmethod...

5.9AI score0.00116EPSS
Exploits0References4
Total number of security vulnerabilities74794