Lucene search
K
AttackerkbRecent

74190 matches found

ATTACKERKB
ATTACKERKB
added 2 days ago1 views

CVE-2026-15492

A security vulnerability has been detected in igweze wizgrade up to b1d55f22b90cd7e7a6e5002f006d7c649e8086d6. This vulnerability affects unknown code of the file dashboard/studentConductManager.php. Such manipulation leads to cross site scripting. The attack may be performed from remote. The...

5.3CVSS4.6AI score0.00422EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-15490

A security flaw has been discovered in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this issue is some unknown functionality of the file proses/add.php. The manipulation of the argument kodeproduk/kdcs results in sql injection. The attack can be executed...

7.5CVSS6.7AI score0.00393EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-15488

A vulnerability was determined in hcr707305003 shiroiAdmin 1.1/1.3. Affected is the function FileController::upload of the file app/common/controller/FileController.php. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit...

7.5CVSS6.7AI score0.00291EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-15486

A vulnerability has been found in TRENDnet TEW-821DAP 1.11B03. This affects the function sub42026C of the file /goform/toolsddns of the component Firmware Update Handler. Such manipulation of the argument hostname/username/password leads to os command injection. The attack can be launched remotel...

6.5CVSS6.4AI score0.0105EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-15484

A vulnerability was detected in TRENDnet TEW-821DAP 1.12B01. The affected element is the function sub41EC14 of the file /goform/toolsnslookup of the component ssi. The manipulation results in buffer overflow. It is possible to launch the attack remotely. The vendor explains: "We are unable to...

9CVSS7.2AI score0.00463EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-15482

A weakness has been identified in Aster Telecom Azcall 10/11. This issue affects some unknown processing of the file /azcall/adm/gestaoloja/sis.php?t=consultar of the component HTTP Handler. Executing a manipulation of the argument nome/perfil/status can lead to sql injection. The attack may be...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-15480

A vulnerability was identified in Trendnet TEW-635BRM up to 1.00.03. This affects the function starthttpd of the file /sbin/rc of the component Web Service. Such manipulation of the argument devicename leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is...

9CVSS7.4AI score0.00463EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-15478

A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a manipulation of the argument employeeList can lead to sql injection. The attack can be launched...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-15477

A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results in sql injection. The attack can be initiated remotely...

6.5CVSS6.4AI score0.00319EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-15476

A security vulnerability has been detected in QILING Disk Master 6.0.0.0. The impacted element is an unknown function in the library diskbckp.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack can only be performed from a local environment. The...

5.3CVSS5.8AI score0.00103EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-15474

A security flaw has been discovered in Eleveo Call Recording Software 9.7.0. Impacted is an unknown function of the file /callrec/audio.jsp of the component Call Recording Handler. The manipulation of the argument callId results in improper authorization. The attack may be performed from remote...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-15473

A vulnerability was identified in Eleveo Call Recording Software 9.7.0. This issue affects some unknown processing of the file /callrec/restoreCallAction.do of the component Recorded Calls Page. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. T...

6.5CVSS6.2AI score0.00201EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-15472

A vulnerability was determined in Eleveo Call Recording Software 9.7.0. This vulnerability affects unknown code of the file /callrec/composeEmailAction.do. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been publicly disclosed and...

5.3CVSS5.9AI score0.00207EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-15471

A vulnerability was found in Eleveo Call Recording Software 9.7.0. This affects an unknown part of the file /callrec/pcidssstatus.jsp. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. Th...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 3 days ago2 views

CVE-2026-15470

A vulnerability has been found in Eleveo Call Recording Software 9.7.0. Affected by this issue is some unknown functionality of the file /callrec/group.jsp. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may...

5.3CVSS5.7AI score0.00207EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 3 days ago2 views

CVE-2026-10660

The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bapbroadcastassistant.c reassembled remote Broadcast Receive State data into a single file-static netbufsimple attbuf, BTATTMAXATTRIBUTELEN = 512 bytes shared by all connection instances, while the BUSY flag, long-read...

6.4CVSS6.2AI score0.00159EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 3 days ago2 views

CVE-2026-61861

ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling pointer to reference freed memory, potentially enabling denial of service or code execution...

6.3CVSS6.2AI score0.00277EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 3 days ago2 views

CVE-2026-61870

ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers can trigger allocation failures by processing specially crafted VIFF images to exhaust available memory and cause denial of service...

2.9CVSS6.1AI score0.00104EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 3 days ago2 views

CVE-2026-61857

ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes...

6.3CVSS6.1AI score0.00226EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 3 days ago2 views

CVE-2026-61454

The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...

8.7CVSS6.1AI score0.00239EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-61447

PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent.executepython that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment...

10CVSS6.7AI score0.00544EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-61448

Parse Server is affected by a stored cross-site scripting XSS vulnerability in versions = 9.0.0, 9.10.0-alpha.2 and = 8.6.83. When an uploaded file's extension is not recognized by the mime package, Parse Server preserves the client-supplied Content-Type. A malformed Content-Type that is not a...

2.1CVSS6AI score0.00245EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-61442

PraisonAI Platform praisonai-platform before 0.1.9 fails to enforce owner/admin authorization on the PATCH routes for projects, issues, and agents, which only require workspace-member role. A workspace member can modify owner-created records; for projects, a member can reassign leadid to their ow...

7.1CVSS6.1AI score0.00256EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-61428

PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to inject messages with spoofed sender addresses. Attackers can POST crafted message.received events to the webhook endpoint to inject arbitrary content into the agent and...

7.3CVSS6.2AI score0.00246EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 3 days ago2 views

CVE-2026-60088

PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allowing attackers to read files outside the workspace. Attackers can include path traversal sequences like @../outsidesecret.txt or absolute paths in project command files to exfiltrate process-readable...

6.8CVSS6.1AI score0.00147EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 3 days ago2 views

CVE-2026-56303

Capgo before 12.128.2 contains an information disclosure vulnerability in the findapikeybyvalue PostgreSQL function marked SECURITY DEFINER and executable by the anon role. Unauthenticated attackers can call this function via the /rest/v1/rpc/findapikeybyvalue endpoint to retrieve sensitive API k...

8.7CVSS6.1AI score0.00302EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 3 days ago2 views

CVE-2026-56240

Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the planvalid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gates. Attackers can exploit the divergence between the plugin hot-path planvalid expression and the...

5.3CVSS6.1AI score0.00182EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 3 days ago2 views

CVE-2026-57827

The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS6.1AI score0.00287EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 3 days ago2 views

CVE-2026-57828

The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE...

9CVSS6.1AI score0.00256EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-15010

The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.5 via the Topic Form Additional Fields feature. This is due to insufficient input sanitization in bsptopicfieldsformsave which writes $POST'bsptopicfieldslabeln' directly to...

6.4CVSS6.2AI score0.00208EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 3 days ago1 views

CVE-2026-6939

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'approvalcode' parameter in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

7.2CVSS6.2AI score0.00324EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 3 days ago2 views

CVE-2026-12994

The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.7.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attacker...

5.3CVSS6.2AI score0.00361EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 3 days ago2 views

CVE-2026-11591

The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level...

4.4CVSS6.2AI score0.00251EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-6801

The Context Blog theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the contextblogmodalpopup. This makes it possible for unauthenticated attackers to extract the content of password-protected posts...

5.3CVSS6.1AI score0.00239EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 3 days ago2 views

CVE-2026-13378

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 Form Field in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

7.2CVSS6.2AI score0.00259EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-15096

The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Module 'bwidthmap' Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-7559

The Affilia – Affiliate Program & Referral Tracking for WordPress plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.3.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS6.1AI score0.00304EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 3 days ago2 views

CVE-2026-9738

The Print, PDF, Email by PrintFriendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'contentpositioncss' parameter in all versions up to, and including, 5.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS6.2AI score0.00208EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 3 days ago2 views

CVE-2026-3576

The Planyo Online Reservation System plugin for WordPress is vulnerable to Server-Side Request Forgery leading to Local File Inclusion in all versions up to, and including, 3.0. The ulap.php file acts as an AJAX proxy and is directly accessible without WordPress bootstrapping or any authenticatio...

7.2CVSS6.2AI score0.00357EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 3 days ago1 views

CVE-2026-3552

The SurfLink - Ultimate Link Manager plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the ajaximport410 function in all versions up to 2.6.0. This is due to a missing capability check currentusercan and missing nonce verification...

4.3CVSS6.1AI score0.00213EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-7620

The Notification for Telegram plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.5.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS6AI score0.00272EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 3 days ago1 views

CVE-2026-7544

The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideoenqueuesettingsscript. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data...

4.3CVSS6.1AI score0.00237EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-15072

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

6.5CVSS6.1AI score0.00281EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 3 days ago2 views

CVE-2026-8678

The MyParcel plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.25.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...

4.3CVSS6.2AI score0.00232EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 3 days ago2 views

CVE-2026-13756

The WP Grid Builder plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.3.3. This is due to missing authorization and meta key validation in the update handler for the /wp-json/wpgb/v2/metadata REST endpoint. This makes it possible for authenticated...

8.8CVSS6.1AI score0.00309EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 4 days ago1 views

CVE-2026-14480

OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename progfile directly into the Programs.File database field and later uses this value as the destination path for an...

9.9CVSS6.2AI score0.00616EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-44383

Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend...

8.7CVSS6.1AI score0.00563EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 4 days ago1 views

CVE-2026-11913

vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions:...

9.8CVSS6.1AI score0.00153EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago1 views

CVE-2026-11914

vulnerability in Drupal Composer allows . This issue affects Composer versions:...

5.9CVSS6.1AI score0.00153EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago1 views

CVE-2026-11915

vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions:...

5.9CVSS6.1AI score0.00153EPSS
Exploits0References2
Total number of security vulnerabilities74190