Lucene search
K
AttackerkbRecent

75017 matches found

ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•6 views

CVE-2026-25714

Gitea versions up to and including 1.26.1 do not apply public-only token filtering consistently to the user organization API, leaving an incomplete fix for CVE-2025-68941...

4.3CVSS5.9AI score0.00271EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•6 views

CVE-2026-25038

Gitea 1.26.2 allows unauthorized users to access labels of private organizations...

5.9AI score0.00482EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•5 views

CVE-2026-24451

Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized...

5.9AI score0.00482EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•6 views

CVE-2026-24690

Gitea versions before 1.25.5 have insufficient permission checks for updating or rebasing pull request branches...

6AI score0.00322EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•7 views

CVE-2026-22874

Gitea versions up to and including 1.26.2 have incomplete SSRF protection in webhook and migration allow-list filtering...

9.6CVSS5.9AI score0.00464EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•7 views

CVE-2026-22547

Gitea versions before 1.25.5 lack validation constraints for repository creation fields, including length-limited template fields and trust model or object format values...

5.9AI score0.00373EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•7 views

CVE-2026-22555

Gitea versions before 1.26.0 allow API users to fork a repository into an organization without first passing the CanCreateOrgRepo check, which can expose organization secrets...

8.1CVSS5.9AI score0.00304EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•7 views

CVE-2026-20779

Gitea versions from 1.5.0 before 1.26.3 have a TOTP single-use enforcement defect that allows a valid TOTP code to be accepted more than once across web two-factor authentication flows and the Basic Auth X-Gitea-OTP path...

7.1CVSS6AI score0.00481EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•8 views

CVE-2026-20909

Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries...

6AI score0.00286EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•7 views

CVE-2026-20896

Gitea Docker image versions up to and including 1.26.2 use REVERSEPROXYTRUSTEDPROXIES= by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers such as X-WEBAUTH-USER are enabled...

9.8CVSS5.9AI score0.00783EPSS
Exploits4References5
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:19 p.m.•7 views

CVE-2026-20706

Gitea versions up to and including 1.26.1 allow repository archive downloads to bypass token scope checks on the web archive download endpoint...

5.9AI score0.00403EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:15 p.m.•7 views

CVE-2026-14609

A vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This issue affects some unknown processing. The manipulation results in session fixiation. The attack can be executed remotely. The attack requires a high level of complexity. The...

6.3CVSS5.4AI score0.00321EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 8:0 p.m.•6 views

CVE-2026-14608

A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=viewstudent of the component POST Handler. The manipulation of the argument ID leads to authorization...

5.3CVSS5.6AI score0.00223EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 7:45 p.m.•6 views

CVE-2026-14607

A weakness has been identified in RT-Thread up to 5.0.2. This affects the function sysgetaddrinfo of the file components/lwp/lwpsyscall.c. Executing a manipulation of the argument aiaddr can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to...

6.8CVSS5.4AI score0.00119EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
•added 2026/07/03 7:30 p.m.•7 views

CVE-2026-14606

A security flaw has been discovered in RT-Thread up to 5.0.2. Affected by this issue is the function CANReceive in the library bsp/synwit/libraries/SWM341CSL/CMSIS/DeviceSupport/SWM341.h of the component SWM341 CAN Handler. Performing a manipulation results in stack-based buffer overflow. The...

8.5CVSS6AI score0.00141EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
•added 2026/07/03 7:15 p.m.•6 views

CVE-2026-14605

A vulnerability was identified in RT-Thread up to 5.0.2. Affected by this vulnerability is the function recvmsg in the library bsp/loongson/ls1cdev/libraries/ls1ccan.h of the component ls1c CAN Handler. Such manipulation leads to stack-based buffer overflow. Local access is required to approach...

8.5CVSS6.2AI score0.00141EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
•added 2026/07/03 6:30 p.m.•8 views

CVE-2026-14604

A vulnerability was determined in Open Asset Import Library Assimp up to 6.0.4. Affected is the function Assimp::Exporter::ExportToBlob of the file code/AssetLib/Ply/PlyLoader.cpp of the component PLY Model Handler. This manipulation causes double free. The attack can be initiated remotely. The...

6.5CVSS5.6AI score0.00233EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 6:29 p.m.•6 views

CVE-2026-58379

A flaw was found in GIMP's Paint Shop Pro PSP file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service DoS by tricking a user into opening a specially crafted PSP image file. The vulnerability occurs because the...

7.3CVSS6.7AI score0.00233EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
•added 2026/07/03 5:23 p.m.•7 views

CVE-2026-14631

webpack-dev-server versions 5.2.5 and earlier terminate the whole Node.js process when an unauthenticated peer sends either a normal HTTP request with a malformed Host header or a WebSocket upgrade to the default /ws endpoint with a malformed Origin header. The malformed value causes an uncaught...

5.3CVSS6AI score0.00308EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/03 5:0 p.m.•10 views

CVE-2026-14620

webpack-dev-server versions 5.2.5 and earlier expose two internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, that perform state-changing actions on any GET request without verifying that the request originated from the dev server's own page. Any websi...

4.7CVSS6.1AI score0.00116EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/03 3:47 p.m.•10 views

CVE-2026-14615

A flaw was found in the Fine-Grained Admin Permissions FGAP v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a...

4.3CVSS5.9AI score0.00172EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/03 3:33 p.m.•8 views

CVE-2026-14614

A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...

5.4CVSS5.9AI score0.00146EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/03 3:16 p.m.•10 views

CVE-2026-14613

A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions FGAP v2 are turned on, an administrator who is allowed to see a specific "role" can...

4.3CVSS6AI score0.00172EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/03 3:11 p.m.•7 views

CVE-2026-14612

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS6AI score0.00142EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/03 2:18 p.m.•8 views

CVE-2026-49813

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command 'OS...

6.7CVSS6AI score0.0046EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/07/03 2:14 p.m.•10 views

CVE-2026-14460

Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection. This issue affects pardus-software: from = 1.0.4 before 1.0.5...

8.8CVSS5.9AI score0.00163EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 2:13 p.m.•7 views

CVE-2026-49814

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper Neutralization of Special Elements used in an OS Command 'OS...

7.2CVSS6.1AI score0.01216EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/07/03 2:9 p.m.•8 views

CVE-2026-14459

Improper neutralization of argument delimiters in a command 'argument injection' vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection. This issue affects pardus-software: from = 1.0.4 before 1.0.5...

8.8CVSS5.9AI score0.00198EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 2:9 p.m.•7 views

CVE-2026-49815

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command 'OS...

7.2CVSS6.2AI score0.01096EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/07/03 2:3 p.m.•8 views

CVE-2026-53478

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command 'OS...

7.2CVSS6AI score0.01216EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/07/03 1:42 p.m.•10 views

CVE-2026-46463

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an integer overflow or wraparound vulnerability. An unauthenticated attacker...

6.5CVSS6AI score0.00243EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/07/03 1:32 p.m.•8 views

CVE-2026-46464

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access 'Link following' vulnerabilit...

4.9CVSS6AI score0.00422EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/07/03 1:16 p.m.•8 views

CVE-2026-46465

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of externally-controlled format string vulnerability. A high privileg...

5.5CVSS6AI score0.00238EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/07/03 1:10 p.m.•7 views

CVE-2026-46466

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of less trusted source vulnerability. A high privileged attacker with...

2.7CVSS6AI score0.00109EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/07/03 1:4 p.m.•8 views

CVE-2026-46467

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an insertion of sensitive information into log file vulnerability. A low...

5.8CVSS5.9AI score0.00085EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/07/03 12:58 p.m.•7 views

CVE-2026-46468

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access 'Link following' vulnerabilit...

4.4CVSS5.9AI score0.00133EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/07/03 12:56 p.m.•9 views

CVE-2026-56015

Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length. add passes the prefix string to the trie builder addPrefixToTrie without checking it against the address width. addPrefixToTrie then walks the prefix buffer by prefixlength bits, reading...

6AI score0.00537EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/03 12:54 p.m.•9 views

CVE-2026-46730

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect authorization vulnerability. A high privileged attacker with...

4.2CVSS6AI score0.00116EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/07/03 12:47 p.m.•9 views

CVE-2026-59234

Authorization Bypass Through User-Controlled Key CWE-639 in CalendarDeleteEventController app/Http/Controllers/Calendar/CalendarDeleteEventController.php, exposed at GET /calendar/event/delete/id, in Prospero Flow CRM before 5.5.3 allows a remote, authenticated attacker to delete arbitrary calend...

6.9CVSS6AI score0.00403EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 12:46 p.m.•7 views

CVE-2026-56085

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of uninitialized resource vulnerability. A low privileged attacker wi...

3.3CVSS5.9AI score0.00095EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/07/03 12:41 p.m.•7 views

CVE-2026-26355

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command 'OS...

6.5CVSS6AI score0.01052EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/07/03 12:34 p.m.•6 views

CVE-2026-54483

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command 'OS...

6.7CVSS6AI score0.00451EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/07/03 12:25 p.m.•7 views

CVE-2026-41123

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in the RBAC. A low privileged...

4.3CVSS6AI score0.00152EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/07/03 12:19 p.m.•6 views

CVE-2026-41124

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper limitation of a pathname to a restricted directory 'path...

2.3CVSS5.9AI score0.00127EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/07/03 12:15 p.m.•7 views

CVE-2026-44268

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect permission Assignment for critical resource vulnerability. A hi...

4.4CVSS6AI score0.00104EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/07/03 12:9 p.m.•7 views

CVE-2026-44269

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access 'link following' vulnerabilit...

4.4CVSS5.9AI score0.00133EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/07/03 11:16 a.m.•10 views

CVE-2026-50238

Rejected reason: Red Hat Product Security has concluded that this CVE is not required. The reported issue has been classified as a regular bug and will be addressed through the standard bug-fixing process...

5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 10:30 a.m.•10 views

CVE-2026-10055

In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs the HTTP request server-side, and returns the full response body to the caller. Because the...

8.5CVSS6AI score0.00297EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/03 10:19 a.m.•10 views

CVE-2026-13341

A vulnerability exists in the Kong Konnect Model Context Protocol MCP server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests...

7.4CVSS6.1AI score0.00258EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/07/03 10:11 a.m.•8 views

CVE-2026-10054

In affected versions of Eclipse Theia 1.8.1 and later, the browser backend exposes privileged terminal RPC over WebSocket /services/shell-terminal, /services/terminals/:id without service-level authentication. WebSocket origin validation in @theia/core is fail-open: connections are accepted when...

8.8CVSS6.2AI score0.00159EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities75017