Lucene search
K
AttackerkbRecent

74190 matches found

ATTACKERKB
ATTACKERKB
added yesterday8 views

CVE-2026-15532

A vulnerability was identified in SourceCodester Online Book Store System 1.0. This issue affects some unknown processing of the component User Management Module. Such manipulation of the argument Name/Username leads to cross site scripting. The attack can be executed remotely. The exploit is...

4.8CVSS4.7AI score0.0021EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday8 views

CVE-2026-15531

A vulnerability has been found in yashbhalgat HashNeRF-pytorch up to 82885e698295982504eb6a26d060a6b2473e3706. Affected by this issue is the function torch.load of the file runnerf.py of the component Checkpoint File Handler. The manipulation of the argument ckptpath leads to deserialization. The...

5.3CVSS5.6AI score0.00121EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added yesterday8 views

CVE-2026-15530

A flaw has been found in WuzhiCMS up to 4.1.0. Affected by this vulnerability is the function config/listimage of the file /index.php?m=attachment&f=index&v=upload of the component Attachment API. Executing a manipulation can lead to information disclosure. The attack can be launched remotely. Th...

6.9CVSS5.8AI score0.00311EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added yesterday8 views

CVE-2026-15529

A vulnerability was detected in yzhao062 pyod 3.5.0/3.5.1/3.5.2. Affected is the function pyod.utils.persistence.load of the file pyod/utils/persistence.py. Performing a manipulation of the argument path results in deserialization. The attack can be initiated remotely. The pull request to fix thi...

6.5CVSS6.5AI score0.00252EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday7 views

CVE-2026-9492

The MBStorage DRAM lighting control module within Gigabyte Control Center GCC developed by GIGABYTE Technology has an Improper Access Control vulnerability. Authenticated local attackers can send specific IOCTL commands through the driver MyPortIOx64.sys bundled with the module, thereby arbitrari...

8.5CVSS6.1AI score0.00109EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-15528

A vulnerability was found in lamaalrajih kicad-mcp up to 3.3.1. This issue affects some unknown processing of the file kicadmcp/utils/pathvalidator.py. Performing a manipulation of the argument projectpath/schematicpath results in protection mechanism failure. Attacking locally is a requirement...

4.8CVSS5.8AI score0.00113EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-15553

Enterprise Cloud Database developed by Ragic has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload malicious files and make them available for users to download...

6.9CVSS6.1AI score0.00251EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-15527

A vulnerability has been found in better-auth better-icons up to 1.0.5. This vulnerability affects unknown code of the component scanprojecticons/syncicon. Such manipulation of the argument iconsfile leads to path traversal. An attack has to be approached locally. The exploit has been disclosed t...

5.3CVSS5.6AI score0.0014EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-15552

Enterprise Cloud Database developed by Ragic has a Stored Cross-Site Scripting vulnerability, allowing unauthenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load...

6.1CVSS6.2AI score0.00205EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-15526

A flaw has been found in augmnt augments-mcp-server 7.1.0. This issue affects the function scanProjectDeps of the file src/tools/v4/scan-project-deps.ts of the component scanprojectdeps. Executing a manipulation of the argument packageJsonPath can lead to path traversal. The attack can only be...

4.8CVSS5.6AI score0.00137EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-7162

Successful exploitation of the integer overflow vulnerability could allow an attacker to achieve system-level access to the affected software...

7.8CVSS6.1AI score0.00103EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-15525

A vulnerability was detected in kLOsk adloop up to 0.9.0. This vulnerability affects the function validateurls of the file src/adloop/ads/write.py. Performing a manipulation of the argument finalurl results in server-side request forgery. The attack may be initiated remotely. The exploit is now...

6.5CVSS6.4AI score0.00214EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-15524

A security vulnerability has been detected in alioshr memory-bank-mcp up to 0.2.1/3.1. This affects an unknown part of the file list-project-files-validation-factory.ts. Such manipulation of the argument projectName leads to path traversal. Local access is required to approach this attack. The...

4.8CVSS5.8AI score0.00137EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-15523

A weakness has been identified in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/dashboard.php. This manipulation of the argument Name causes sql injection. The attack can be initiated remotely. The...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-15522

A security flaw has been discovered in tugcantopaloglu godot-mcp 2.0.0. Affected by this vulnerability is the function validatePath of the file build/index.js of the component runproject. The manipulation of the argument projectPath results in path traversal. Attacking locally is a requirement. T...

5.3CVSS5.9AI score0.00137EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-15520

A vulnerability was determined in GNU LibreDWG 0.13.4-154-g0b573035. This impacts the function decompressR2004section of the file src/decode.c of the component R2004 Section Decompression. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The explo...

5.3CVSS6.1AI score0.00136EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-15518

A vulnerability has been found in AREA 17 Twill CMS up to 3.6.0. The impacted element is the function FileLibraryController::storeFile of the file src/Http/Controllers/Admin/FileLibraryController.php of the component Media Library Insert Page. Such manipulation of the argument qqfilename leads to...

5.8CVSS5.7AI score0.00248EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-15551

Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects...

5.5CVSS6.1AI score0.00081EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-26396

OpenBMB XAgent v1.0.0 and before is vulnerable to path traversal in the file function in XAgent/XAgentServer/application/routers/workspace.py. The input parameter “filename” is user-controllable and is concatenated into the file path to be read without proper validation, leading to a directory...

7.5CVSS6AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday1 views

CVE-2025-45869

LogicalDOC Enterprise Version up to and before v9.1.1 is vulnerable to Server-Side Request Forgery SSRF. An unauthenticated attacker can exploit the ShareFileCallback servlet by manipulating input parameters to trigger a server-side request to an attacker-controlled host...

7.3CVSS6AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-52533

An issue in D-Link DIR-1253 v.1.0.1.250923.142435 allows an attacker to escalate privileges via the etc/shadow component file...

6.1AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-51541

OpENer 2.3.0 commit 76b95cf has an out-of-bounds read issue in CIP message parsing when handling malformed explicit requests with a forged EPath size. An attacker can send a valid ENIP SendRRData frame carrying a very short CIP payload whose pathsize field claims that many more path words are...

6.1AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-51540

OpENer 2.3.0 master branch up to commit 76b95cf is vulnerable to a severe memory corruption issue caused by an integer underflow in the processing of connected explicit messages SendUnitData...

6.1AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-39042

An issue in MikroTIk SIA Mikrotikls, Latvia RouterOS 7.21.x before v.7.21.4 and 7.22.x before v.7.22.2 allows a remote attacker to cause a denial of service via the unflatten function in libumsg.so...

6.1AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday1 views

CVE-2026-51539

A Denial of Service DoS vulnerability exists in the receive loop of libmodbus 3.1.12 when running on Windows. The issue stems from improper timeout management during network read operations...

6.1AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-51821

SQL Injection vulnerability in Shenzhou Shihan Video Conference System v.1.0 allows a remote attacker to execute arbitrary code via the /user/getUserLogin endpoint...

6.4AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-51538

EIPStackGroup OpENer 2.3.0 commit 76b95cf suffers from an Incorrect Access Control vulnerability in its handling of encapsulation sessions. When the server processes critical encapsulation commands, it verifies whether the provided sessionhandle exists in the global session list, but it fails to...

6.1AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-51537

EIPStackGroup OpENer 2.3.0 commit 76b95cf has an out-of-bounds read issue in Connection Manager handling of ForwardOpen requests when processing short malformed packets. An attacker can send a valid ENIP outer frame carrying a malformed CIP ForwardOpen/LargeForwardOpen request, causing the parser...

6.1AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday1 views

CVE-2026-51536

In OpENer 2.3.0 commit 76b95cf when parsing incoming CIP Common Industrial Protocol network packets, the length parameter is inconsistently typed across the call stack. Specifically, an upstream length calculated as an int is passed to a downstream function that expects an EipInt16 a 16-bit signe...

6.1AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-15514

A weakness has been identified in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This vulnerability affects the function RPCService.query of the file /customizemt/xkq/rpc.jsp of the component PHPRPC Remote Call Interface. Executing a manipulation of the argument phprpcargs can lead to sql injection. T...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-15512

A vulnerability was identified in pig-mesh Pig up to 3.9.2. Affected by this issue is some unknown functionality of the file \pig-master\pig-visual\pig-codegen\src\main\java\com\pig4cloud\pig\codegen\service\impl\GeneratorServiceImpl.java of the component pig-codegen. Such manipulation leads to...

6.5CVSS6.3AI score0.00376EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-15510

A vulnerability was found in Leantime up to 3.8.0. Affected is the function Setting::saveSetting of the component API. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early...

6.5CVSS6.2AI score0.00333EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-15508

A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function buildtargeturl of the file ai-gateway/src/dispatcher/service.rs of the component AWS Metadata Service. Executing a manipulation of the argument extractedpathandquery can lead to server-side request forgery...

6.5CVSS5.8AI score0.00333EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2 days ago1 views

CVE-2026-15506

A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. The affected element is an unknown function in the library saappctl.sys of the component Driver. Such manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been...

8.5CVSS6.6AI score0.00184EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-10668

The Nuvoton NuMaker HSUSBD USB device-controller driver drivers/usb/udc/udcnumaker.c armed the control Data IN stage unconditionally base-CEPTXCNT = len in numakerhsusbdeptrigger. Because the HSUSBD hardware cannot disarm a control Data IN already armed for a previous transfer, a USB host that...

2.4CVSS6.1AI score0.00143EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-10666

parseipv4 in subsys/net/ip/utils.c reached via netipaddrparse for strings of the form "a.b.c.d:port" copies the port substring into a fixed 17-byte stack buffer char ipaddrNETIPV4ADDRLEN + 1 using a length of strlen - end - 1, where strlen is the full, unbounded input length and end is only the...

8.1CVSS6.2AI score0.00346EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-10667

Zephyr's dynamic kernel-object tracking kernel/userspace/userspace.c, formerly kernel/userspace.c maintains a doubly-linked list objlist of dynamically allocated kernel objects. Iteration over this list in kobjectwordlistforeach was performed under listslock using the SAFE iterator which caches t...

7.8CVSS6.1AI score0.00103EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-10664

The nRF70 Wi-Fi driver's power-save event handler nrfwifieventprocgetpowersaveinfo in drivers/wifi/nrfwifi/src/wifimgmt.c copied TWT Target Wake Time flow entries from an nrfwifiumaceventpowersaveinfo event into the fixed-size twtflowsWIFIMAXTWTFLOWS 8-element array of a caller-supplied struct...

5CVSS6.1AI score0.00143EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-10665

In Zephyr's WireGuard subsystem subsys/net/lib/wireguard, wgprocessdatamessage in wgcrypto.c linearizes an inbound transport-data payload into a fixed pool buffer of CONFIGWIREGUARDBUFLEN bytes before decryption. The call netbuflinearizebuf-data, datalen, pkt-buffer, ..., datalen passed the...

7.4CVSS6.2AI score0.00367EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-10663

In Zephyr's experimental USB host stack CONFIGUSBHOSTSTACK, usbhdevicedisconnect subsys/usb/host/usbhdevice.c freed the root usbdevice slab object without clearing the cached pointer ctx-root. The bus removal handler devremovedhandler subsys/usb/host/usbhcore.c decides what to tear down solely fr...

6.1CVSS6.1AI score0.00159EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-58596

Untrusted pointer dereference in Microsoft Edge Chromium-based allows an unauthorized attacker to elevate privileges over a network...

8.3CVSS6.1AI score0.00461EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-15502

A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The manipulation of the argument itemnumber results in sql injection. The attack may be performed from remote. The vendor was contacte...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-61874

filebrowser versions before 2.63.17 fail to normalize paths before querying the share index in DeleteWithPathPrefix, allowing authenticated users to leave stale public shares behind. Attackers can delete a shared directory using a trailing-slash path, then recreate the same directory to expose ne...

3.1CVSS6.1AI score0.00198EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-61875

luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScript via UPnP IGD AddPortMapping SOAP requests. Attackers can send malicious HTML in the NewPortMappingDescription field, which miniupnpd stores and luci-app-upnp renders...

8.8CVSS6.1AI score0.00289EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-56313

Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign organizations. Attackers with org.updatesettings permission and an active SSO provider can call...

8.1CVSS6.1AI score0.00276EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-56271

Flowise before 3.1.0 affected versions 3.0.13 and earlier uses weak hardcoded default JWT secrets 'authtoken', 'refreshtoken' and default audience and issuer values 'AUDIENCE', 'ISSUER' in the enterprise passport authentication middleware packages/server/src/enterprise/middleware/passport/index.t...

9.8CVSS6.1AI score0.00396EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-56252

Capgo before 12.128.2 contains a scope isolation vulnerability in the POST /webhooks/test endpoint that allows app-scoped API keys to invoke org-scoped webhook operations. Attackers with app-scoped credentials can trigger signed outbound webhook deliveries for arbitrary organization webhooks...

5.4CVSS6.2AI score0.00169EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-15500

A weakness has been identified in AstrBotDevs AstrBot up to 4.25.2. Affected by this vulnerability is the function getonlineplugins of the file astrbot/dashboard/routes/plugin.py of the component marketlist Endpoint. Executing a manipulation of the argument customregistry can lead to server-side...

6.5CVSS6.4AI score0.00209EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-15498

A vulnerability was identified in sergomanov SmartHomeAdatum up to cf495353d81b680675eb8d9aa14a318aa45ce12c. This impacts an unknown function of the file users.php of the component Login. Such manipulation of the argument Login leads to sql injection. The attack may be launched remotely. This...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-15496

A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java of the component Groovy Script Handler. The manipulation results in os command...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities74190