Lucene search
+L
AttackerkbRecent

75202 matches found

attackerkb
attackerkb
•added 2026/07/01 2:56 p.m.•7 views

CVE-2026-24246

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS5.8AI score0.00169EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
•added 2026/07/01 2:55 p.m.•8 views

CVE-2026-24245

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS5.9AI score0.00154EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
•added 2026/07/01 2:54 p.m.•7 views

CVE-2026-58033

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/InfoAction.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

5.3CVSS5.8AI score0.00413EPSS
Exploits0References2
attackerkb
attackerkb
•added 2026/07/01 2:53 p.m.•8 views

CVE-2026-24244

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS5.9AI score0.00154EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
•added 2026/07/01 2:52 p.m.•12 views

CVE-2026-8480

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 included, 4.4.0 to 4.8.15 included , 5.0.2 EA to 5.0.5 included A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to...

4.3CVSS5.8AI score0.00087EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
•added 2026/07/01 2:51 p.m.•6 views

CVE-2026-58037

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Language/Language.Php, includes/Logging/BlockLogFormatter.Php, includes/Logging/LogFormatter.Php,...

5.8AI score0.0027EPSS
Exploits0References2
attackerkb
attackerkb
•added 2026/07/01 2:49 p.m.•7 views

CVE-2026-24243

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS5.9AI score0.00175EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
•added 2026/07/01 2:48 p.m.•7 views

CVE-2026-24242

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to information disclosure...

7.8CVSS5.8AI score0.00148EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
•added 2026/07/01 2:48 p.m.•7 views

CVE-2026-58036

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryAllUsers.Php, includes/Api/ApiQueryUsers.Php, includes/Permissions/PermissionManager.Php,...

2.1CVSS5.8AI score0.00243EPSS
Exploits0References2
attackerkb
attackerkb
•added 2026/07/01 2:43 p.m.•6 views

CVE-2026-24240

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS5.9AI score0.00165EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
•added 2026/07/01 2:41 p.m.•7 views

CVE-2026-58127

PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj and UIRemoteObj, without any authentication requirement. By exploiting the MarshalByRefObject object unmarshalling technique and implementing .NET...

9.8CVSS6.5AI score0.00985EPSS
Exploits1References4Affected Software1
attackerkb
attackerkb
•added 2026/07/01 2:39 p.m.•7 views

CVE-2025-23351

NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function VF access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device...

9CVSS6.4AI score0.00269EPSS
Exploits0References4
attackerkb
attackerkb
•added 2026/07/01 2:39 p.m.•10 views

CVE-2026-58126

PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary files by exploiting an exposed .NET Remoting TCP service on port 22222 via PGImageExchQueue.exe without any authentication requirement. Attackers can...

9.8CVSS6.5AI score0.00963EPSS
Exploits1References4Affected Software1
attackerkb
attackerkb
•added 2026/07/01 2:38 p.m.•6 views

CVE-2025-15646

HTML::Gumbo versions before 0.19 for Perl disclose heap memory via type confusion. Support for the element was added to libgumbo 0.10.0 in 2015, but the walktree function in lib/HTML/Gumbo.xs was not updated to support it. The element was treated as a text-node, where strlen over-reads the heap...

9.8CVSS5.8AI score0.00663EPSS
Exploits0References4
attackerkb
attackerkb
•added 2026/07/01 2:36 p.m.•6 views

CVE-2025-23350

NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function VF access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device...

9CVSS6.4AI score0.00269EPSS
Exploits0References4
attackerkb
attackerkb
•added 2026/07/01 2:34 p.m.•7 views

CVE-2026-24260

NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering...

8.5CVSS5.8AI score0.00489EPSS
Exploits0References4
attackerkb
attackerkb
•added 2026/07/01 2:34 p.m.•7 views

CVE-2026-58024

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiUserrights.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

5.1CVSS5.8AI score0.00369EPSS
Exploits0References2
attackerkb
attackerkb
•added 2026/07/01 2:32 p.m.•7 views

CVE-2026-13707

Session fixation vulnerability in Wikimedia Foundation OAuth. This vulnerability is associated with program files src/Backend/MWOAuthServer.Php. This issue affects OAuth: from through 1.46.0, 1.45.4, 1.44.6, 1.43.9...

5.8AI score0.00217EPSS
Exploits0References2
attackerkb
attackerkb
•added 2026/07/01 2:29 p.m.•7 views

CVE-2026-13706

Improper input validation vulnerability in Wikimedia Foundation UrlShortener. This vulnerability is associated with program files includes/UrlShortenerUtils.Php...

5.8AI score0.00328EPSS
Exploits0References2
attackerkb
attackerkb
•added 2026/07/01 2:25 p.m.•7 views

CVE-2026-58399

@acastellon/auth is an authentication control system for microservices. Versions prior to 2.3.0 appear to allow an unauthenticated authentication bypass in validateToken through spoofable auth-user and Host request headers. The validateToken middleware contains a service-to-service bypass for...

8.7CVSS5.8AI score0.00543EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
•added 2026/07/01 2:24 p.m.•5 views

CVE-2026-58031

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from...

5.8AI score0.00133EPSS
Exploits0References2
attackerkb
attackerkb
•added 2026/07/01 2:21 p.m.•6 views

CVE-2026-58034

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser.TempAccounts/components/blockConnectedTempAccountsField.Vue. This issue affects...

5.8AI score0.00142EPSS
Exploits0References2
attackerkb
attackerkb
•added 2026/07/01 2:19 p.m.•5 views

CVE-2026-6283

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from v.4.8.2.23 before v.4.8.3.1...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
•added 2026/07/01 2:17 p.m.•6 views

CVE-2026-58035

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Block/SpecialBlock.Vue...

5.8AI score0.00142EPSS
Exploits0References2
attackerkb
attackerkb
•added 2026/07/01 2:12 p.m.•5 views

CVE-2026-5220

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from 4.8.2.23 before v.4.8.3.1...

6.4CVSS5.8AI score0.00148EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
•added 2026/07/01 2:9 p.m.•4 views

CVE-2026-14330

Multiple unbounded alloca calls in the PulseAudio protocol server...

5.5CVSS5.8AI score0.001EPSS
Exploits0References3
attackerkb
attackerkb
•added 2026/07/01 2:9 p.m.•5 views

CVE-2026-14324

RAOP module accepts unbounded Content-Length values and does not check the pwarrayadd return...

6.5CVSS5.8AI score0.00175EPSS
Exploits0References3
attackerkb
attackerkb
•added 2026/07/01 2:8 p.m.•7 views

CVE-2026-2891

The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...

8.2CVSS5.8AI score0.00253EPSS
Exploits0References2
attackerkb
attackerkb
•added 2026/07/01 2:8 p.m.•5 views

CVE-2026-5138

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References7
attackerkb
attackerkb
•added 2026/07/01 2:8 p.m.•5 views

CVE-2026-5135

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS5.7AI score0.00242EPSS
Exploits0References7
attackerkb
attackerkb
•added 2026/07/01 2:7 p.m.•5 views

CVE-2026-5142

A flaw was found in foreman. Authenticated users with 'viewkeypairs' permission can bypass taxonomy scoping, allowing them to download private SSH Secure Shell keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant...

6.5CVSS5.7AI score0.00253EPSS
Exploits0References7
attackerkb
attackerkb
•added 2026/07/01 2:7 p.m.•6 views

CVE-2026-12374

Improper certificate validation and a time-of-check time-of-use TOCTOU race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root via a self-signed certificate that bypasses the XPC caller...

7.3CVSS5.8AI score0.00055EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
•added 2026/07/01 2:1 p.m.•7 views

CVE-2026-6688

FatFs R0.16 and earlier contains a downstream-caller vulnerability pattern associated with FatFs long filename handling. With LFN enabled, fno.fname can be up to 255 characters; many callers copy it into short fixed buffers without bounds checks, causing overflow. This maps to CWE-120 Buffer Copy...

7.6CVSS5.8AI score0.0021EPSS
Exploits2References5
attackerkb
attackerkb
•added 2026/07/01 1:57 p.m.•6 views

CVE-2026-6687

FatFs R0.16 and earlier contains a stack overflow bug in fgetlabel because exFAT label length XDIRNumLabel is trusted without enforcing spec maximums. This maps to CWE-121 Stack-based Buffer Overflow. Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 7.6, High. The estimate...

7.6CVSS5.8AI score0.00232EPSS
Exploits2References5
attackerkb
attackerkb
•added 2026/07/01 1:55 p.m.•6 views

CVE-2026-6686

FatFs R0.16 and earlier contains an uninitialized cluster exposure when flseek extends files beyond EOF without zero-filling newly allocated clusters. This maps to CWE-908 Use of Uninitialized Resource. Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 4.6, Medium. The...

4.6CVSS5.8AI score0.00177EPSS
Exploits2References5
attackerkb
attackerkb
•added 2026/07/01 1:49 p.m.•5 views

CVE-2026-23537

A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...

9.1CVSS6.2AI score0.00568EPSS
Exploits0References4
attackerkb
attackerkb
•added 2026/07/01 1:47 p.m.•5 views

CVE-2026-6685

FatFs R0.16 and earlier exhibits a stale dirty-cache skip via unsigned-subtraction wrap in fread / fwrite fp-sect - sect cc during interleaved read/write on fragmented filesystems. This maps to CWE-191 Integer Underflow. Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 6.1...

6.1CVSS5.8AI score0.00205EPSS
Exploits2References5
attackerkb
attackerkb
•added 2026/07/01 1:45 p.m.•6 views

CVE-2026-13602

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data: The payment integration plugins Stripe included in the core system, pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect,...

9.4CVSS6AI score0.00239EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
•added 2026/07/01 1:45 p.m.•7 views

CVE-2026-6684

FatFs prior to R0.16 that use GPT scanning with 'FFLBA64 = 1' contains an issue where an unbounded loop count derived from GPT header field GPTHPtNum, enabling extremely long or effectively infinite mount-time scans. This maps to CWE-835 Loop with Unreachable Exit Condition. Estimated CVSS v3.1...

4.6CVSS5.8AI score0.00205EPSS
Exploits2References5
attackerkb
attackerkb
•added 2026/07/01 1:41 p.m.•7 views

CVE-2026-6683

FatFs R0.16 and earlier contains a divide-by-zero in exFAT sync logic bug when crafted metadata causes nfatent - 2 to be zero during write/sync operations. This maps to CWE-369 Divide By Zero. Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 4.6, Medium. Network-delivered...

4.6CVSS5.8AI score0.00205EPSS
Exploits2References5
attackerkb
attackerkb
•added 2026/07/01 1:36 p.m.•7 views

CVE-2026-6682

In FatFS R0.16 and earlier contains a FAT32 integer overflow bug in mountvolume where fasize = fs-nfats can wrap, leading to attacker-controlled file-size metadata and unsafe read lengths in downstream callers. This maps to CWE-190 Integer Overflow or Wraparound. Estimated CVSS v3.1 vector:...

7.6CVSS5.9AI score0.0021EPSS
Exploits2References5
attackerkb
attackerkb
•added 2026/07/01 1:34 p.m.•7 views

CVE-2026-57692

Incorrect Privilege Assignment vulnerability in LCweb PrivateContent allows Privilege Escalation. This issue affects PrivateContent: from n/a through 9.9.2...

9.8CVSS5.8AI score0.00292EPSS
Exploits0References2
attackerkb
attackerkb
•added 2026/07/01 1:32 p.m.•6 views

CVE-2026-53354

In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Mitigate TLBI errata on various Arm CPUs A number of CPUs developed by Arm suffer from errata whereby a broadcast TLBI;DSB sequence may complete before the global observation of writes which are translated by an...

9.1CVSS6.2AI score0.0053EPSS
Exploits0References10Affected Software1
attackerkb
attackerkb
•added 2026/07/01 1:32 p.m.•7 views

CVE-2026-53352

In the Linux kernel, the following vulnerability has been resolved: signal: clear JOBCTLPENDINGMASK for caller in zapotherthreads When a multi-threaded process receives a stop signal e.g., SIGSTOP, dosignalstop sets JOBCTLSTOPPENDING and JOBCTLSTOPCONSUME on all threads and sets...

5.7AI score0.00164EPSS
Exploits0References9Affected Software1
attackerkb
attackerkb
•added 2026/07/01 1:32 p.m.•7 views

CVE-2026-53353

In the Linux kernel, the following vulnerability has been resolved: hsr: Remove WARNONCE in hsraddrisself. syzbot reported the warning 0 in hsraddrisself, whose assumption is simply wrong. hsr-selfnode is cleared in hsrdelselfnode, which is called from hsrdellink. Since dev-rtnllinkops-dellink is...

5.7AI score0.00156EPSS
Exploits0References6Affected Software1
attackerkb
attackerkb
•added 2026/07/01 1:32 p.m.•6 views

CVE-2026-53351

In the Linux kernel, the following vulnerability has been resolved: riscv/ptrace: Use USERREGSETNOTETYPE for REGSETCFI Fixes a warning while dumping core: 54983.546369 C7 WARNING: !notename fs/binfmtelf.c:1771 at elfcoredump+0x910/0xf68, CPU7: abort01/31982...

5.8AI score0.00145EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
•added 2026/07/01 1:32 p.m.•5 views

CVE-2026-53350

In the Linux kernel, the following vulnerability has been resolved: ASoC: wmadsp: Fix NULL dereference when removing firmware controls In wmadspcontrolremove check that the priv pointer is not NULL before attempting to cleanup what it points to. When csdsp creates a control it calls...

5.7AI score0.00161EPSS
Exploits0References7Affected Software1
attackerkb
attackerkb
•added 2026/07/01 1:32 p.m.•7 views

CVE-2026-53349

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrack: destroy stale expectfn expectations on unregister NAT helpers such as nfnath323 store a raw pointer to module text in exp-expectfn e.g. ipnatq931expect. nfcthelperexpectfnunregister only unlinks the callba...

5.8AI score0.00161EPSS
Exploits0References7Affected Software1
attackerkb
attackerkb
•added 2026/07/01 1:32 p.m.•10 views

CVE-2026-53347

In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix driver removal with disabled KMS DRM atomic and modesetting aren't initialized if virtio-gpu driver built with disabled KMS, leading to access of uninitialized data on driver removal/unbinding and crashing kernel...

5.8AI score0.00156EPSS
Exploits0References6Affected Software1
attackerkb
attackerkb
•added 2026/07/01 1:32 p.m.•5 views

CVE-2026-53348

In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: fix NULL pointer dereference in sdcadevunregisterfunctions sdcadevunregisterfunctions iterates over all SDCA function descriptors and calls sdcadevunregister on each funcdev without checking for NULL. When a function...

5.8AI score0.00145EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities75202