Lucene search
K
AttackerkbRecent

74967 matches found

ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•6 views

CVE-2026-58289

Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

9CVSS6.1AI score0.00438EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•7 views

CVE-2026-58286

Improper access control in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

8.1CVSS6AI score0.00312EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•8 views

CVE-2026-58288

Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

8.3CVSS6.1AI score0.00438EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•8 views

CVE-2026-58285

Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

8.3CVSS6.1AI score0.00438EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•8 views

CVE-2026-58284

Improper authorization in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

8.3CVSS6.1AI score0.00405EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•6 views

CVE-2026-58278

Server-side request forgery ssrf in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

5.4CVSS6AI score0.00282EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•6 views

CVE-2026-58276

Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

7.5CVSS6.1AI score0.00429EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•7 views

CVE-2026-57991

Improper link resolution before file access 'link following' in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...

7.4CVSS5.9AI score0.00745EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•8 views

CVE-2026-57986

Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

7.5CVSS6.1AI score0.00429EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•8 views

CVE-2026-57981

Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

8.8CVSS6.1AI score0.00556EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•8 views

CVE-2026-57974

Integer overflow or wraparound in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

8.8CVSS6.1AI score0.00556EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•7 views

CVE-2026-57977

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

7.1CVSS6AI score0.00397EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•7 views

CVE-2026-45488

User interface ui misrepresentation of critical information in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

5.4CVSS6AI score0.00249EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•7 views

CVE-2026-58522

Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally...

6.8CVSS5.8AI score0.00323EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•6 views

CVE-2026-58287

Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

8.3CVSS6.1AI score0.00438EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•8 views

CVE-2026-58299

Time-of-check time-of-use toctou race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network...

7.5CVSS6.1AI score0.0027EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•6 views

CVE-2026-58283

Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

8.1CVSS6AI score0.00329EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•7 views

CVE-2026-58282

Improper access control in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

8.1CVSS6AI score0.00312EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•7 views

CVE-2026-56646

Exposure of sensitive information to an unauthorized actor in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

6.5CVSS5.9AI score0.00651EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•7 views

CVE-2026-57993

Server-side request forgery ssrf in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

7.4CVSS6AI score0.00603EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•7 views

CVE-2026-57992

Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

7.5CVSS6.1AI score0.00429EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•7 views

CVE-2026-57988

Relative path traversal in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

7.1CVSS6.1AI score0.00532EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•10 views

CVE-2026-57987

Server-side request forgery ssrf in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

6.5CVSS6AI score0.00617EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•6 views

CVE-2026-57985

Improper input validation in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

7.6CVSS6.1AI score0.00479EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•6 views

CVE-2026-57983

Improper authorization in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...

8.7CVSS5.9AI score0.00463EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•14 views

CVE-2026-57984

Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

7.5CVSS6.1AI score0.00429EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•5 views

CVE-2026-57975

Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

7.5CVSS6.1AI score0.00429EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•8 views

CVE-2026-56645

Heap-based buffer overflow in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

8.8CVSS6.3AI score0.00556EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:35 p.m.•6 views

CVE-2026-55945

Concurrent execution using shared resource with improper synchronization 'race condition' in Microsoft Edge Chromium-based allows an authorized attacker to disclose information locally...

4.2CVSS6AI score0.00145EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•7 views

CVE-2026-28744

Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks...

8.1CVSS5.9AI score0.00343EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•6 views

CVE-2026-28705

Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths...

6AI score0.00369EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•6 views

CVE-2026-28740

Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access...

7.1CVSS5.9AI score0.00323EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•6 views

CVE-2026-28737

Gitea versions from 1.25.0 before 1.26.0 allow stored cross-site scripting through the extensionsRequired field in glTF files rendered by the 3D file viewer...

8.7CVSS5.8AI score0.00336EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•6 views

CVE-2026-28699

Gitea versions up to and including 1.26.1 allow OAuth2 access token scope enforcement to be bypassed through HTTP Basic authentication...

8.1CVSS5.8AI score0.00566EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•7 views

CVE-2026-27783

Gitea versions up to and including 1.26.1 do not enforce repository-unit authorization on issue-template API endpoints...

4.3CVSS5.9AI score0.00283EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•7 views

CVE-2026-27775

Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access...

5.9AI score0.00523EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•5 views

CVE-2026-27779

Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation...

5.9AI score0.00431EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•5 views

CVE-2026-27780

Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks...

6AI score0.00472EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•6 views

CVE-2026-27771

Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information...

8.2CVSS7.3AI score0.40738EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•6 views

CVE-2026-27761

Gitea versions up to and including 1.26.2 allow repository RSS and Atom feed endpoints to bypass API access token scope checks, exposing private repository commit data to tokens without the required repository scope...

4.3CVSS5.9AI score0.00367EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•7 views

CVE-2026-27660

Gitea versions before 1.25.5 allow draft release data or attachments to be accessed without the required write permission...

5.9AI score0.00345EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•7 views

CVE-2026-26292

Gitea versions before 1.25.5 do not use the migration HTTP transport for LFS push and sync mirror operations, bypassing the configured migration transport protections for those LFS requests...

5.9AI score0.00482EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•6 views

CVE-2026-26307

Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources...

6AI score0.00466EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•15 views

CVE-2026-27657

Gitea versions before 1.25.5 allow a user to change another user's primary email address...

5.9AI score0.00345EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•7 views

CVE-2026-26232

Gitea versions before 1.25.5 do not consistently enforce OAuth2 authorization code expiry and single-use behavior during token exchange...

6AI score0.00379EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•5 views

CVE-2026-26231

Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write...

8.5CVSS5.9AI score0.00291EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•8 views

CVE-2026-26247

Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check...

5.9AI score0.00379EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•9 views

CVE-2026-25718

Gitea versions before 1.25.5 mishandle path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths...

5.9AI score0.00428EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•5 views

CVE-2026-25782

Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue...

5.9AI score0.00286EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•5 views

CVE-2026-25779

Gitea versions up to and including 1.25.4 allow redirect bypasses through raw or percent-encoded backslashes in redirectto values...

5.9AI score0.00248EPSS
Exploits0References6
Total number of security vulnerabilities74967