Lucene search
K
AttackerkbRecent

74872 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/04 11:54 a.m.20 views

CVE-2026-53361

In the Linux kernel, the following vulnerability has been resolved: afunix: Set gcinprogress to true in unixgc. Igor Ushakov reported that unixgc could run with gcinprogress being false if the work is scheduled while running: Thread 1 Thread 2 Thread 3 -------- -------- -------- unixschedulegc...

5.8AI score0.00171EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/04 11:53 a.m.10 views

CVE-2026-53360

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scratch area to reside in the GHCB's shared buffer. Note, things like Page State Change PSC requests rely...

6AI score0.00267EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/04 11:51 a.m.8 views

CVE-2026-53359

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad "KVM: x86: Fix shadow paging use-after-free due to unexpected GFN" fixed a shadow paging mismatch between stored and computed GFNs; the bug...

5.8AI score0.00176EPSS
Exploits5References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/04 11:33 a.m.6 views

CVE-2026-12195

myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the vftpuser parameter when deleting FTP usernames. This could result in the execution of commands as the admin user or takevoer of the admin user in myVest...

8.5CVSS6.7AI score0.00656EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/04 11:30 a.m.7 views

CVE-2026-14625

A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exec of the file tuigateway/server.py. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to...

6.5CVSS6.2AI score0.00224EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/04 10:15 a.m.8 views

CVE-2026-14624

A vulnerability was identified in omec-project amf up to 2.0.2/2.1.1. Impacted is an unknown function of the file /go/src/amf/ngap/handler.go of the component NGSetupRequest Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit is public...

5.3CVSS5.4AI score0.00317EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/04 9:45 a.m.7 views

CVE-2026-14623

A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been publicly disclos...

5.3CVSS5.5AI score0.00522EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/04 8:45 a.m.9 views

CVE-2026-14622

A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajaxfiles of the component AJAX Endpoint. Performing a manipulation results in missing authentication. The attack is...

7.5CVSS6.6AI score0.00517EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/04 8:15 a.m.10 views

CVE-2026-14621

A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java of the component OSX Broker. Such manipulation of the argument...

3.1CVSS5.1AI score0.00299EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/04 6:54 a.m.9 views

CVE-2026-12194

PHPIPAM is affected by an authenticated local file inclusion vulnerability that allows users with access to the API to execute/include arbitrary PHP files on the web server's file system. The API is not enabled by default on installations...

2.3CVSS6.1AI score0.00378EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/04 6:30 a.m.9 views

CVE-2026-14619

A flaw has been found in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /medicine.php. This manipulation of the argument editid causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and ma...

6.5CVSS6.4AI score0.002EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/04 6:0 a.m.9 views

CVE-2026-14618

A vulnerability was detected in Open5GS up to 2.7.7. Affected by this vulnerability is the function amfnnrfhandlenfdiscover of the file src/amf/nnrf-handler.c of the component AMF. The manipulation results in denial of service. The attack may be launched remotely. The exploit is now public and ma...

5.3CVSS5.6AI score0.00316EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.11 views

CVE-2025-71380

The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or...

8.8CVSS6.2AI score0.00413EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.12 views

CVE-2025-71375

picklescan before 0.0.34 fails to detect the operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using operator.methodcaller that evade detection and execute arbitrary code when loaded by pickle.load...

8.1CVSS6.3AI score0.00365EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.10 views

CVE-2025-71373

picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads using operator.methodcaller that execute arbitrary code when loaded, compromising systems relying on...

8.1CVSS6.3AI score0.00444EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.10 views

CVE-2025-71369

picklescan before 0.0.28 fails to detect malicious pickle files that use torch.utils.data.datapipes.utils.decoder.basichandlers in reduce methods, allowing attackers to bypass safety checks. Remote attackers can embed undetected malicious code in pickle files that executes during deserialization,...

8.1CVSS6.3AI score0.00445EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.12 views

CVE-2025-71372

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle reduce methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded, bypassing Picklescan's safety checks and enabling...

8.1CVSS6.3AI score0.00379EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.11 views

CVE-2025-71367

picklescan before 0.0.34 fails to detect operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using operator.attrgetter in reduce methods to execute arbitrary code when pickle.load processes the file...

8.1CVSS6.3AI score0.00445EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.8 views

CVE-2025-71366

picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.main.runcprofile function calls in pickle files, allowing attackers to bypass safety checks. Remote attackers can embed undetected code in pickle files to achieve arbitrary code execution when victims load the files...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.6 views

CVE-2025-71364

picklescan before 0.0.30 fails to detect the asyncio.unixevents.UnixSubprocessTransport.start function in pickle reduce methods, allowing remote code execution. Attackers can craft malicious pickle files embedding this built-in function that evade detection but execute arbitrary commands when...

8.1CVSS6.5AI score0.00555EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.9 views

CVE-2025-71362

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources...

8.1CVSS6.1AI score0.003EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.6 views

CVE-2025-71360

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.calltip.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

8.1CVSS6.1AI score0.003EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.5 views

CVE-2025-71356

picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symbolicshapes.ShapeEnv.evaluateguardsexpression function calls in pickle files. Attackers can embed undetected code in pickle files that executes remote code when loaded by victims...

8.1CVSS6.2AI score0.003EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.6 views

CVE-2025-71359

picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load...

8.1CVSS6.3AI score0.00427EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.5 views

CVE-2025-71353

picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch.dynamo.guards.GuardBuilder.get function in reduce methods. Attackers can craft pickle files with embedded code that evades picklescan detection and executes arbitrary commands when loaded...

8.1CVSS6.1AI score0.003EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.8 views

CVE-2025-71347

picklescan before 0.0.33 fails to detect malicious pickle files using numpy.f2py.crackfortran.parameval function in reduce methods, allowing attackers to bypass security checks. Remote attackers can embed undetected code in pickle files that executes during deserialization, enabling arbitrary cod...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.6 views

CVE-2025-71345

picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.main.runautogradprof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remote code execution...

8.1CVSS6.3AI score0.00427EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.6 views

CVE-2025-71343

picklescan before 0.0.30 fails to detect malicious pickle files that exploit lib2to3.pgen2.pgen.ParserGenerator.makelabel function in the reduce method. Attackers can craft malicious pickle files with embedded code that evades detection but executes arbitrary commands when pickle.load is called...

8.1CVSS6.1AI score0.003EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.6 views

CVE-2025-71342

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes during pickle.load, enabling remote code execution in PyTorch models and supply chain attacks...

8.1CVSS6.6AI score0.00427EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/04 12:58 a.m.5 views

CVE-2026-12252

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

7.8CVSS7.7AI score0.00158EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/07/04 12:45 a.m.5 views

CVE-2026-54424

An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance o...

8.4CVSS6AI score0.00245EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/07/03 9:45 p.m.11 views

CVE-2026-14617

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected is the function GatewayStreamConsumer.filterandaccumulate of the file gateway/streamconsumer.py of the component Streaming Reasoning Tag Filter. The manipulation leads to improper handling of case...

3.1CVSS5.1AI score0.00237EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/03 9:26 p.m.6 views

CVE-2026-58523

Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network...

6.5CVSS5.9AI score0.00475EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/03 9:0 p.m.8 views

CVE-2026-14611

A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory Handler. Such manipulation of the argument workspacePath leads to exposure of resource. The attac...

5.3CVSS5.5AI score0.00253EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:57 p.m.7 views

CVE-2026-14355

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS6.1AI score0.00306EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:54 p.m.6 views

CVE-2026-58426

Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write...

9.6CVSS5.9AI score0.00177EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:54 p.m.7 views

CVE-2026-58423

LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories...

7.7CVSS5.9AI score0.0031EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:54 p.m.9 views

CVE-2026-58422

Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts...

5.9AI score0.00343EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:54 p.m.6 views

CVE-2026-58424

Permanent Fork PR Workflow Approval Gate Bypass...

8.9CVSS5.9AI score0.00201EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:54 p.m.7 views

CVE-2026-58419

Notification API leaks private issue metadata after access revocation...

5.9AI score0.00298EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:54 p.m.6 views

CVE-2026-58421

Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service...

5.9AI score0.00331EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:54 p.m.6 views

CVE-2026-58418

SSRF via HTTP Redirect in Repository Migration...

6.5CVSS5.9AI score0.00243EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:45 p.m.6 views

CVE-2026-14610

A flaw has been found in Open Asset Import Library Assimp up to 6.0.5. Impacted is the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. This manipulation causes heap-based buffer overflow. The attack is restricted to local...

5.3CVSS6AI score0.00128EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:36 p.m.7 views

CVE-2026-12481

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

8.8CVSS6.6AI score0.00397EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:35 p.m.7 views

CVE-2026-58291

Operation on a resource after expiration or release in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...

6.1CVSS5.9AI score0.00586EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:35 p.m.6 views

CVE-2026-45489

Microsoft Edge Chromium-based Spoofing Vulnerability...

6.5CVSS5.9AI score0.00475EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:35 p.m.8 views

CVE-2026-58597

Insufficient ui warning of dangerous operations in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

4.3CVSS6AI score0.00398EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:35 p.m.7 views

CVE-2026-58524

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

5.4CVSS6AI score0.0024EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:35 p.m.7 views

CVE-2026-58300

Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally...

6.2CVSS5.8AI score0.00337EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:35 p.m.6 views

CVE-2026-58298

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

7.2CVSS6AI score0.0024EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities74872