Lucene search
K
AttackerkbRecent

75081 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/02 2:49 p.m.9 views

CVE-2026-55110

A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing CORS misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session...

7.5CVSS5.7AI score0.00141EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:49 p.m.7 views

CVE-2026-54405

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi Network Application to execute a Denial of Service DoS attack on the application...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:49 p.m.7 views

CVE-2026-54407

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints...

8.6CVSS5.8AI score0.00291EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:49 p.m.14 views

CVE-2026-54409

A malicious actor with access to the network and under certain conditions could exploit an Improper Initialization vulnerability found in UniFi Protect Application to bypass authentication in UniFi Protect Cameras...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:49 p.m.7 views

CVE-2026-54403

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to bypass authentication of such UniFi OS devices or instances...

8.6CVSS5.8AI score0.00457EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:49 p.m.8 views

CVE-2026-54404

A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances...

8.8CVSS5.8AI score0.00249EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:49 p.m.7 views

CVE-2026-50748

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host device...

9.9CVSS5.8AI score0.00889EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:49 p.m.10 views

CVE-2026-50746

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device...

10CVSS5.8AI score0.00922EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:49 p.m.6 views

CVE-2026-54400

A malicious actor with access to the network and high privileges could exploit an Improper Access Control vulnerability found in UniFi Access Application to escalate privileges on the host device...

9.1CVSS5.8AI score0.00291EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:49 p.m.7 views

CVE-2026-54408

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication for data streaming...

8.6CVSS5.8AI score0.0028EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:36 p.m.6 views

CVE-2026-12168

An improper validation vulnerability for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to escalate privileges to SYSTEM and execute arbitrary code in kernel mode via crafted messages sent through a Minifilter communication port...

7.8CVSS6.1AI score0.00169EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:36 p.m.6 views

CVE-2026-12166

A NULL pointer dereference vulnerability for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to cause a denial of service via crafted requests that trigger a system crash...

7.8CVSS5.8AI score0.00169EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:35 p.m.8 views

CVE-2026-12167

The Minifilter communication port for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to access privileged driver functionality via a communication interface that lacks appropriate access restrictions...

7.8CVSS5.8AI score0.00169EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:3 p.m.8 views

CVE-2026-8079

In Progress Flowmon versions prior to 12.5.9 and 13.0.11, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation process that results in operations being performed with the privileges of another user, potentially leading to unauthorized...

8.7CVSS5.8AI score0.00182EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:2 p.m.9 views

CVE-2026-9272

In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System ADS may send specially crafted requests that could result in unauthorized access to application data and its...

8.7CVSS5.8AI score0.00247EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 1:43 p.m.7 views

CVE-2026-53357

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix UAF in l2capsockcleanuplisten vs l2capconndel btacceptdequeue unlinks a not-yet-accepted child from the parent accept queue and releasesocks it before returning, so the returned sk has no caller reference and is...

5.8AI score0.00165EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 1:43 p.m.8 views

CVE-2026-53358

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: use chan timer to close channels in cleanuplisten l2capchanclose removes the channel from conn-chanl, which must be done under conn-lock. cleanuplisten runs under the parent sklock, so acquiring conn-lock would...

5.7AI score0.00165EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 1:12 p.m.8 views

CVE-2026-4767

Missing authentication for critical function vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Authentication Abuse. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117...

9.8CVSS5.8AI score0.00333EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 12:50 p.m.12 views

CVE-2026-4772

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Stored XSS. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 12:37 p.m.10 views

CVE-2026-4770

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows DOM-Based XSS. This issue affects Web Application Firewall: from v1.0.42.239 before v1.4.0.117...

4.6CVSS5.8AI score0.00133EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 12:34 p.m.9 views

CVE-2026-5524

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS6AI score0.00542EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/02 12:34 p.m.9 views

CVE-2026-58653

PraisonAI before 0.1.7 fails to validate that projectid in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...

5.3CVSS5.8AI score0.00158EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/02 12:28 p.m.9 views

CVE-2026-58652

luci-app-travelmate and the travelmate package contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the travelmate configuration. While the LuCI UI restricts the auto-login script picker to...

7.7CVSS6.1AI score0.00482EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:47 a.m.8 views

CVE-2026-14449

u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components...

6.4CVSS5.8AI score0.00269EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:33 a.m.9 views

CVE-2026-57760

Missing Authorization vulnerability in Sendcloud Sendcloud Shipping allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sendcloud Shipping: from n/a through 1.0.29...

5.3CVSS5.8AI score0.00184EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:32 a.m.10 views

CVE-2026-57678

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemePunch Slider Revolution allows Reflected XSS. This issue affects Slider Revolution: from 7.0.0 through 7.0.16...

7.1CVSS5.8AI score0.00155EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:30 a.m.9 views

CVE-2026-56037

Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3...

8.8CVSS5.8AI score0.00309EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:16 a.m.11 views

CVE-2026-57766

Unauthenticated Cross Site Request Forgery CSRF in WPIDE – File Manager & Code Editor = 3.5.6 versions...

8.8CVSS5.8AI score0.00142EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:16 a.m.11 views

CVE-2026-57765

Contributor SQL Injection in WP EasyCart = 5.9.0 versions...

8.5CVSS5.8AI score0.0022EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:16 a.m.10 views

CVE-2026-57764

Contributor Cross Site Scripting XSS in Surbma | Yoast SEO Breadcrumb Shortcode = 1.2 versions...

6.5CVSS5.8AI score0.00139EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:16 a.m.12 views

CVE-2026-57763

Contributor Cross Site Scripting XSS in Structured Content = 1.7.0 versions...

6.5CVSS5.8AI score0.00139EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:16 a.m.11 views

CVE-2026-57762

Author Cross Site Scripting XSS in Simple URLs = 151 versions...

5.9CVSS5.8AI score0.00148EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:16 a.m.10 views

CVE-2026-57761

Unauthenticated Cross Site Request Forgery CSRF in SEOWP = 3.12.2 versions...

7.1CVSS5.8AI score0.00094EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:16 a.m.10 views

CVE-2026-57759

Unauthenticated Cross Site Request Forgery CSRF in ProfileGrid = 5.9.9.7 versions...

8.8CVSS5.8AI score0.00142EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:16 a.m.10 views

CVE-2026-57758

Unauthenticated Cross Site Request Forgery CSRF in Permalink Manager for WooCommerce = 1.0.8.2 versions...

7.1CVSS5.8AI score0.00094EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.12 views

CVE-2026-57757

Unauthenticated Cross Site Request Forgery CSRF in pCloud WP Backup = 2.0.2 versions...

7.1CVSS5.8AI score0.00116EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.13 views

CVE-2026-57756

Contributor SQL Injection in nicen-localize-image = 1.4.9 versions...

8.5CVSS5.8AI score0.0022EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.13 views

CVE-2026-57755

Contributor Cross Site Scripting XSS in Mosaic Gallery - Advanced Gallery = 1.2.0 versions...

6.5CVSS5.8AI score0.00139EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.12 views

CVE-2026-57754

Contributor Cross Site Scripting XSS in Livemesh Addons for WPBakery Page Builder = 3.9.4 versions...

6.5CVSS5.8AI score0.00139EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.9 views

CVE-2026-57753

Unauthenticated Sensitive Data Exposure in Kit formerly ConvertKit for WooCommerce = 2.1.5 versions...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.8 views

CVE-2026-57752

Contributor SQL Injection in iNET Webkit 1.2.4 versions...

8.5CVSS5.8AI score0.0029EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.10 views

CVE-2026-57751

Unauthenticated Cross Site Request Forgery CSRF in Heateor Social Login = 1.1.39 versions...

8.1CVSS5.8AI score0.00139EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.10 views

CVE-2026-57750

Unauthenticated Broken Access Control in ez Form Calculator Premium = 2.14.1.2 versions...

5.3CVSS5.8AI score0.00184EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.8 views

CVE-2026-57748

Contributor Local File Inclusion in Shopify = 1.0.0 versions...

7.5CVSS5.8AI score0.00284EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.8 views

CVE-2026-57749

Contributor Local File Inclusion in SportsPress Pro = 2.7.29 versions...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.8 views

CVE-2026-57747

Unauthenticated Cross Site Request Forgery CSRF in Booked = 3.0.0 versions...

6.5CVSS5.8AI score0.00124EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.11 views

CVE-2026-57746

Subscriber Broken Access Control in Booked = 3.0.0 versions...

7.1CVSS5.8AI score0.00235EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.8 views

CVE-2026-57731

Contributor Broken Access Control in Flatsome = 3.20.5 versions...

6.5CVSS5.8AI score0.0021EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.9 views

CVE-2026-57730

Subscriber Broken Access Control in Flatsome = 3.20.5 versions...

4.3CVSS5.8AI score0.00222EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.8 views

CVE-2026-57690

Unauthenticated Cross Site Request Forgery CSRF in Werkstatt = 4.7.2 versions...

4.3CVSS5.8AI score0.00104EPSS
Exploits0References2
Total number of security vulnerabilities75081