Lucene search
K
AttackerkbRecent

75103 matches found

ATTACKERKB
ATTACKERKB
•added 2026/07/01 3:33 a.m.•6 views

CVE-2026-7840

UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. The functions wisenderr and wireplyhdr in repeater/webgui/webutils.c write the caller-supplied HTTP request URI into a fixed 1000-byte global buffer hdrbuf via unchecked sprintf calls...

9.8CVSS6.6AI score0.01439EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/01 3:33 a.m.•8 views

CVE-2026-7839

UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpyssavedpassword, 64,...

9.1CVSS5.8AI score0.00374EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/01 3:33 a.m.•7 views

CVE-2026-7838

UltraVNC viewer through 1.8.2.2 contains an integer overflow leading to a heap buffer overflow in the RFB protocol failure-response parsing path. In vncviewer/ClientConnection.cpp, the 4-byte network-supplied reasonLen field type CARD32 is passed as reasonLen+1 to CheckBufferSize. Because both...

8.8CVSS6.6AI score0.01403EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/01 3:33 a.m.•6 views

CVE-2026-7831

UltraVNC viewer through 1.8.2.2 contains an off-by-one stack buffer overflow in the RFB ServerInit message handler. In vncviewer/ClientConnection.cpp, when the server-supplied nameLength equals exactly 2024 the code declares a 2024-byte stack buffer dn2024 and calls ReadStringdn, 2024. ReadString...

7.6CVSS6.1AI score0.00525EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/01 3:33 a.m.•7 views

CVE-2026-7830

UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNCMsLogonIIAuth. In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer DHMAXBITS controls the prime size. A 64-bit DH key can be brok...

7.4CVSS5.8AI score0.0022EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/01 3:33 a.m.•4 views

CVE-2026-7829

UltraVNC repeater through 1.8.2.2 contains a post-authentication out-of-bounds write in the allow/deny rule parser. In repeater/webgui/settings.c:225-272, after strncpys copies a rule token into temp1rule1 25-byte destination or temp2/temp3 16-byte destination, the code unconditionally writes a N...

7.2CVSS6.3AI score0.00571EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/01 3:33 a.m.•4 views

CVE-2026-7828

UltraVNC repeater through 1.8.2.2 contains an integer overflow in the HTTP request logging path. In repeater/webgui/settings.c:336, the winlog function allocates list nodes via mallocsizeofstruct LIST + strlenline, where line is derived from HTTP request URIs. If strlenline is sufficiently large,...

5.3CVSS6.2AI score0.01057EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/01 3:33 a.m.•6 views

CVE-2026-44040

UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes function seeds libc rand with time0 + getpid + rand and generates a 16-byte challenge. The combined seed space is...

4.8CVSS5.8AI score0.00283EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/01 3:33 a.m.•6 views

CVE-2026-44041

UltraVNC through 1.8.2.2 contains an out-of-bounds read in the wide-string to multibyte conversion helper. In rfb/dh.cpp:204, the vncWc2Mb function passes a caller-supplied WCHAR pointer to wcslen before any bounds check. If the caller provides a wide-character buffer that is not properly...

4.3CVSS5.9AI score0.00316EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/01 3:33 a.m.•5 views

CVE-2026-44042

UltraVNC repeater through 1.8.2.2 contains an off-by-one error in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, the wiuudecode function checks whether the input length exceeds the output buffer with a strict greater-than comparison , while the...

3.7CVSS6AI score0.00388EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/01 12:11 a.m.•3 views

CVE-2026-53488

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via ...

9.4CVSS6AI score0.00203EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/07/01 12:0 a.m.•7 views

CVE-2026-52190

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub448384 component...

5.8AI score0.00452EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/01 12:0 a.m.•7 views

CVE-2026-36910

An access violation in the BaseSplitterFile::Read function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

5.8AI score0.00113EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/01 12:0 a.m.•5 views

CVE-2026-51947

An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip fixed in Pivotal CRM 6.6.5.10 and PatchCWE50220260316.zip allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. NOTE: this issue exists because of ...

8.1CVSS6.2AI score0.0113EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/07/01 12:0 a.m.•8 views

CVE-2026-52186

SQL Injection vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to execute arbitrary code via the gohead/sub463bbc component...

6.2AI score0.00527EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/01 12:0 a.m.•6 views

CVE-2026-38142

An unauthenticated command injection vulnerability in the /goform/fastsettinginternetset endpoint of Tenda AC18 v15.03.05.05 allows attackers to execute arbitrary commands via a crafted payload injected into the mac parameter...

6.5CVSS6.1AI score0.00685EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/07/01 12:0 a.m.•6 views

CVE-2026-36909

A NULL pointer dereference in the AP4TkhdAtom::GetTrackId function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

5.8AI score0.0012EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/01 12:0 a.m.•5 views

CVE-2026-38891

An improper input validation in the gazeborosdiffdrive.cpp component of gazeboplugins v3.9.0 allows attackers to cause a Denial of Service DoS via supplying a crafted geometrymsgs::Twist message...

5.8AI score0.00343EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/01 12:0 a.m.•5 views

CVE-2026-51946

SQL Injection vulnerability in GoAdminGroup GoAdmin last release v1.2.26 allows a remote attacker to execute arbitrary code and obtain sensitive information via the the sorttype URL parameter on all /admin/info/table endpoints...

6.5CVSS6.2AI score0.00336EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/07/01 12:0 a.m.•5 views

CVE-2026-36911

A division-by-zero vulnerability in the CStreamSwitcherOutputPin::DecideBufferSize function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

5.8AI score0.00111EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/07/01 12:0 a.m.•5 views

CVE-2026-36912

A NULL pointer dereference in the AP4AtomSampleTable::GetSample function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

5.8AI score0.00343EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:56 p.m.•5 views

CVE-2026-55223

c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.getConnection and ConnectionPoolDataSource.getPooledConnection match the getXXX form, so JavaBean...

6.3CVSS5.7AI score0.00284EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:54 p.m.•5 views

CVE-2026-50110

Storage Concentrator SC & SCVM contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services,...

9.3CVSS5.8AI score0.00128EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:50 p.m.•6 views

CVE-2026-56413

Storage Concentrator SC & SCVM contains a command injection vulnerability in the msservice.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An unauthenticated remote attacker can send a specially crafted packet containing a...

10CVSS6.2AI score0.03081EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:40 p.m.•6 views

CVE-2026-56415

Storage Concentrator SC & SCVM contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a specially crafted HTTP request containing a malicious payload that is processed without adequate input sanitization,...

10CVSS6.2AI score0.03074EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:39 p.m.•4 views

CVE-2026-14152

Out of bounds read and write in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.0023EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:39 p.m.•5 views

CVE-2026-14150

Insufficient validation of untrusted input in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00152EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:39 p.m.•6 views

CVE-2026-14148

Type Confusion in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.8AI score0.00221EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:39 p.m.•8 views

CVE-2026-14149

Use after free in Audio in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...

6.2AI score0.00316EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:39 p.m.•5 views

CVE-2026-14140

Insufficient validation of untrusted input in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00202EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:39 p.m.•7 views

CVE-2026-14137

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.2CVSS5.8AI score0.00187EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:39 p.m.•7 views

CVE-2026-14133

Race in History Embeddings in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00149EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:39 p.m.•6 views

CVE-2026-14135

Insufficient validation of untrusted input in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.0018EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:39 p.m.•6 views

CVE-2026-14131

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.0018EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:39 p.m.•6 views

CVE-2026-14125

Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.8AI score0.00265EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:39 p.m.•6 views

CVE-2026-14122

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Low...

6AI score0.00239EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:39 p.m.•4 views

CVE-2026-14121

Use after free in Chromoting in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium security severity: Low...

6.2AI score0.00339EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:39 p.m.•7 views

CVE-2026-14117

Insufficient validation of untrusted input in DevTools in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:39 p.m.•6 views

CVE-2026-14119

Type Confusion in Bluetooth in Google Chrome on Windows prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. Chromium security severity: Low...

6.5CVSS5.8AI score0.00116EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:39 p.m.•4 views

CVE-2026-14115

Insufficient validation of untrusted input in Cast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00241EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:39 p.m.•6 views

CVE-2026-14116

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00214EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:39 p.m.•5 views

CVE-2026-14113

Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00244EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:39 p.m.•8 views

CVE-2026-14111

Use after free in WebProtect in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Low...

6.1AI score0.00306EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:39 p.m.•8 views

CVE-2026-14108

Use after free in PDFium in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...

6.2AI score0.00259EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:38 p.m.•8 views

CVE-2026-13884

Integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a local attacker to execute arbitrary code via malicious network traffic. Chromium security severity: Medium...

6.2AI score0.00204EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:38 p.m.•9 views

CVE-2026-13883

Type Confusion in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00306EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:38 p.m.•6 views

CVE-2026-13882

Race in USB in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00224EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:38 p.m.•8 views

CVE-2026-13880

Use after free in USB in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.0028EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:38 p.m.•7 views

CVE-2026-13881

Inappropriate implementation in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00211EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/06/30 10:38 p.m.•7 views

CVE-2026-13878

Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.0028EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities75103