Lucene search
K
AttackerkbRecent

74872 matches found

ATTACKERKB
ATTACKERKB
•added 2026/07/06 6:0 a.m.•5 views

CVE-2024-6228

The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated users with subscriber-level access and above to include and execute arbitrary local PHP files on t...

7.5CVSS6.2AI score0.00318EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 6:0 a.m.•6 views

CVE-2026-11855

The Simple Membership WordPress plugin before 4.7.5 does not verify the authenticity of Stripe webhook requests when no signing secret is configured, nor escape a value taken from them before outputting it in an administrator notice, allowing unauthenticated attackers to inject arbitrary web...

8.8CVSS6.1AI score0.00301EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 6:0 a.m.•7 views

CVE-2026-11766

The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user profiles, allowing authenticated users with Subscriber-level access and above to store JavaScript that executes when any user, includin...

8CVSS6AI score0.00247EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 5:45 a.m.•6 views

CVE-2026-14799

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/myaccount.php?mywishlist. The manipulation of the argument deletewishlist results in sql injection. The attack can be launched remotely. The exploit has been released to t...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 5:0 a.m.•5 views

CVE-2026-14798

A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. This issue affects some unknown processing of the file /apartment-visitor/visitor-entry.php. The manipulation of the argument visname leads to sql injection. The attack can be initiated remotely. The exploit is...

6.5CVSS6.6AI score0.002EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 4:45 a.m.•6 views

CVE-2026-14797

A vulnerability was determined in CodeAstro Apartment Visitor Management System 1.0. This vulnerability affects unknown code of the file /apartment-visitor/edit-apartment.php. Executing a manipulation of the argument editid can lead to sql injection. It is possible to launch the attack remotely...

6.5CVSS6.6AI score0.002EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 4:15 a.m.•7 views

CVE-2026-14796

A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. This affects an unknown part of the file /apartment-visitor/report.php. Performing a manipulation of the argument fromdate results in sql injection. It is possible to initiate the attack remotely. The exploit has been...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 4:0 a.m.•10 views

CVE-2026-14795

A vulnerability has been found in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/action-visitor.php. Such manipulation of the argument remark leads to sql injection. The attack may be performed from remote. Th...

6.5CVSS6.4AI score0.002EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 3:45 a.m.•7 views

CVE-2026-14794

A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 3:30 a.m.•6 views

CVE-2026-14793

A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to versio...

5.3CVSS5.7AI score0.00224EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 3:0 a.m.•7 views

CVE-2026-14792

A security vulnerability has been detected in Formbricks 5.0.0. This impacts an unknown function of the file apps/web/modules/survey/link/actions.ts of the component Survey Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. Upgrading to...

6.9CVSS6.1AI score0.00366EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
•added 2026/07/06 2:30 a.m.•6 views

CVE-2026-14791

A weakness has been identified in crater-invoice-inc crater up to 6.0.6. This affects the function getFormattedString of the file app/Http/Requests/InvoicesRequest.php of the component Invoice Note Handler. Executing a manipulation of the argument notes can lead to cross site scripting. The attac...

5.1CVSS4.1AI score0.00203EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 2:15 a.m.•6 views

CVE-2026-14790

A flaw has been found in GPAC 26.02.0. This affects the function nhmldumpsendframe of the file src/filters/writenhml.c of the component Media File Handler. Executing a manipulation can lead to null pointer dereference. The attack requires local access. The exploit has been published and may be...

4.8CVSS5.5AI score0.00115EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
•added 2026/07/06 2:0 a.m.•6 views

CVE-2026-14789

A vulnerability was detected in radareorg radare2 up to 6.1.6. Affected by this issue is some unknown functionality of the file libr/bin/format/mdmp/mdmp.c of the component Memory64ListStream Parser. Performing a manipulation results in stack-based buffer overflow. The attack requires a local...

4.8CVSS6.2AI score0.00153EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 1:45 a.m.•9 views

CVE-2026-14788

A security vulnerability has been detected in radareorg radare2 up to 6.1.6. Affected by this vulnerability is the function rcorebinload of the file libr/core/cfile.c. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and...

4.8CVSS5.2AI score0.00135EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 1:34 a.m.•8 views

CVE-2026-14803

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...

6AI score0.0033EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/06 1:30 a.m.•11 views

CVE-2026-14787

A weakness has been identified in radareorg radare2 up to 6.1.6. Affected is the function cmdprint in the library libr/core/cmdprint.inc of the component pb Print Command Handler. This manipulation causes integer overflow. The attack needs to be launched locally. The exploit has been made availab...

4.8CVSS5.5AI score0.00136EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 1:0 a.m.•12 views

CVE-2026-14786

A security flaw has been discovered in radareorg radare2 up to 6.1.6. This impacts the function rstrwordget0set of the file libr/util/str.c. The manipulation results in integer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be use...

5.5CVSS5.7AI score0.00129EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 12:0 a.m.•13 views

CVE-2026-14784

A vulnerability was identified in vxcontrol PentAGI up to 2.1.0. This affects an unknown function of the file backend/pkg/docker/client.go of the component Docker API. The manipulation leads to sandbox issue. The attack may be initiated remotely. The pull request to fix this issue awaits acceptan...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/06 12:0 a.m.•6 views

CVE-2026-38973

mrubyc through release3.4.1 was found to contain an out-of-bounds read in builtin missing-method lookup inside mrbcfindmethod...

5.9AI score0.00116EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/07/06 12:0 a.m.•5 views

CVE-2026-38976

mrubyc through 3.4.1 was found to contain a NULL pointer dereference in src/vm.c in opsuper / OPSUPER due to a missing runtime guard for top-level super...

5.9AI score0.00339EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/07/06 12:0 a.m.•7 views

CVE-2026-38979

ajenti through v2.2.13 has a clickjacking weakness in the browser-facing login and administrative UI. In ajenti-core/aj/http.py, the core HTTP response path initializes an empty header list, forwards handler-added headers verbatim, and finalizes responses through WSGI startresponse without adding...

5.9AI score0.00159EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/05 11:45 p.m.•11 views

CVE-2026-14783

A vulnerability was determined in NousResearch hermes-agent 2026.5.29.2. The impacted element is the function skillview of the file tools/skillstool.py. Executing a manipulation of the argument Name can lead to path traversal. The attack can be launched remotely. The exploit has been publicly...

5.3CVSS5.6AI score0.00333EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/05 11:30 p.m.•6 views

CVE-2026-14778

A security vulnerability has been detected in SourceCodester Onlne Examination & Learning Management System 1.0. This affects an unknown part of the file /ajaxenroll.php of the component Enrollment Management. The manipulation of the argument studentid/scheduleid/action leads to improper...

7.5CVSS6.6AI score0.00294EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/05 11:15 p.m.•9 views

CVE-2026-14777

A weakness has been identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /announcements.php. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has...

6.5CVSS6.4AI score0.00214EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/05 11:0 p.m.•8 views

CVE-2026-14776

A security flaw has been discovered in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this vulnerability is the function pathinfo of the file /uploadfiles.php of the component Filename Extension. Performing a manipulation results in unrestricted upload. Remote...

6.5CVSS6.3AI score0.00214EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/05 10:45 p.m.•15 views

CVE-2026-14775

A vulnerability was identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected is an unknown function of the file /processlesson.php. Such manipulation of the argument userid leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly...

6.5CVSS6.4AI score0.00214EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/05 10:30 p.m.•10 views

CVE-2026-14774

A vulnerability was determined in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /paymentdischarge.php. This manipulation of the argument patientid causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and ma...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/05 10:23 p.m.•10 views

CVE-2026-10657

Zephyr's DNS resolver detects mDNS .local queries in dnsresolvenameinternal subsys/net/lib/dns/resolve.c with memcmpstrrchrquery, '.', ".local", 7, which always reads a fixed 7 bytes from the suffix pointer. When the resolved hostname's final label is shorter than 7 bytes e.g. names ending in .or...

5.3CVSS6.2AI score0.00243EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/05 10:23 p.m.•8 views

CVE-2026-10656

The MAX32xxx USB device controller driver drivers/usb/udc/udcmax32.c, compatible adimax32usbhs dereferenced an endpoint buffer in its OUT and IN transfer-completion handlers without checking it for NULL. udceventxferoutdone called netbufaddbuf, eprequest-actlen immediately after buf =...

4.6CVSS6.1AI score0.00191EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/05 10:15 p.m.•8 views

CVE-2026-14773

A vulnerability was found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /payment.php. The manipulation of the argument patientid results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/05 10:0 p.m.•7 views

CVE-2026-14772

A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The impacted element is an unknown function of the file /editcourse1.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/05 9:44 p.m.•8 views

CVE-2026-59520

Cross-Site Request Forgery CSRF vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16...

4.3CVSS5.9AI score0.001EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/07/05 9:42 p.m.•8 views

CVE-2026-59519

Insertion of Sensitive Information Into Sent Data vulnerability in Softaculous FormLayer allows Retrieve Embedded Sensitive Data. This issue affects FormLayer: from n/a through 1.0.6...

5.3CVSS5.9AI score0.00201EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/07/05 9:36 p.m.•7 views

CVE-2026-59511

Insertion of Sensitive Information Into Sent Data vulnerability in Tim Strifler Exclusive Addons Elementor allows Retrieve Embedded Sensitive Data. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.9...

5.3CVSS5.9AI score0.00201EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/07/05 9:30 p.m.•7 views

CVE-2026-14771

A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The affected element is an unknown function of the file /editexam1.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/05 9:0 p.m.•7 views

CVE-2026-14770

A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /editroom.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may...

7.5CVSS6.9AI score0.00269EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/05 8:15 p.m.•8 views

CVE-2026-14769

A security vulnerability has been detected in code-projects Real State Services 1.0. This issue affects some unknown processing of the file /pay.php. Such manipulation of the argument Bankname leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/05 8:0 p.m.•10 views

CVE-2026-14768

A weakness has been identified in code-projects Real State Services 1.0. This vulnerability affects unknown code of the file /builderHome.php. This manipulation of the argument loc causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/05 7:45 p.m.•8 views

CVE-2026-14767

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/05 6:30 p.m.•8 views

CVE-2026-14766

A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/search-result.php of the component POST Parameter Handler. The manipulation of the argument searchdata leads to sql injection...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/05 5:52 p.m.•8 views

CVE-2026-59510

AIL Framework contains a path traversal vulnerability in its PDF object handling. Prior to commit 14c618fce4d1df02358717c48ea903706abecdf2, the PDF.getfilepath function constructed a file path by joining the configured PDF storage directory with a path derived from a PDF object identifier, withou...

7.1CVSS5.9AI score0.00372EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/07/05 4:30 p.m.•14 views

CVE-2026-14764

A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. This impacts an unknown function of the file /admin/addevent.php of the component Event Management Page. Such manipulation of the argument fdetails leads to sql injection. The attack can be launched remotely. The...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/05 4:15 p.m.•9 views

CVE-2026-14763

A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. This affects an unknown function of the file /admin/tourreserves.php of the component Tour Reservations Page. This manipulation of the argument tour causes sql injection. The attack can be initiated remotely. The exploit ha...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/05 4:0 p.m.•9 views

CVE-2026-14762

A vulnerability was detected in code-projects Hotel and Tourism Reservation 1.0. The impacted element is an unknown function of the file /admin/rooms.php of the component Room Management Page. The manipulation of the argument delete results in sql injection. It is possible to launch the attack...

7.5CVSS6.8AI score0.00269EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/05 3:45 p.m.•9 views

CVE-2026-14761

A security vulnerability has been detected in radareorg radare2 up to 6.1.6. The affected element is the function rstrndup/rstrappend of the file libr/util/str.c. The manipulation leads to integer overflow. An attack has to be approached locally. The exploit has been disclosed publicly and may be...

4.8CVSS5.2AI score0.00131EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/05 3:30 p.m.•12 views

CVE-2026-14760

A weakness has been identified in radareorg radare2 up to 6.1.6. Impacted is the function rcoreseekarchbits of the file libr/core/disasm.c of the component regprofile Handler. Executing a manipulation can lead to use after free. The attack requires local access. The exploit has been made availabl...

4.8CVSS5.5AI score0.00135EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/05 3:15 p.m.•8 views

CVE-2026-14759

A security flaw has been discovered in radareorg radare2 up to 6.1.6. This issue affects the function rbinjavainnerclassesattrcalcsize of the file shlr/java/class.c of the component RBinJava Line Number Table Parser. Performing a manipulation results in heap-based buffer overflow. The attack...

4.8CVSS6.1AI score0.00153EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/05 3:0 p.m.•6 views

CVE-2026-14758

A vulnerability was identified in radareorg radare2 up to 6.1.6. This vulnerability affects the function cmdanalopcode of the file libr/core/cmdanal.inc.c of the component hexpairs Parser. Such manipulation leads to integer overflow. The attack needs to be performed locally. The exploit is public...

4.8CVSS5.6AI score0.00131EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/05 2:48 p.m.•5 views

CVE-2026-6509

Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Privilege Escalation. This issue affects Pardus Update: from =0.6.3 before 0.6.6...

7.8CVSS5.9AI score0.00101EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities74872