Lucene search
K
AttackerkbRecent

74190 matches found

ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-15087

vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions:...

5.9CVSS6.1AI score0.00236EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago3 views

CVE-2026-15086

vulnerability in Drupal Raw Formatter Meta Tag Formatter allows . This issue affects Raw Formatter Meta Tag Formatter versions:...

5.9CVSS6.1AI score0.00236EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago1 views

CVE-2026-15089

vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions:...

9.1CVSS6.1AI score0.00236EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago3 views

CVE-2026-55808

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0....

5.4CVSS6.1AI score0.0015EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-55807

Server-Side Request Forgery SSRF vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0., from 0.0.0 to 11.1...

3.1CVSS6.1AI score0.00133EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-55804

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.,...

5.9CVSS6.1AI score0.00161EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago1 views

CVE-2026-55806

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0., from 0.0.0 to 11.1...

5.9CVSS6.1AI score0.00133EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-55803

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.,...

5.9CVSS6.1AI score0.00161EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago1 views

CVE-2026-15085

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: from 0.0.0 to 1.1.3...

5.4CVSS6.1AI score0.00254EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-15084

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal UI Patterns SDC in Drupal UI allows Stored XSS. This issue affects UI Patterns SDC in Drupal UI versions: from 2.0.0 to 2.0.17...

5.4CVSS6.1AI score0.00254EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-15083

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal ECA: Event - Condition - Action allows Object Injection. This issue affects ECA: Event - Condition - Action versions: from 0.0.0 to 2.1.20, from 3.0.0 to 3.0.12, from 3.1.0 to 3.1.4...

4.2CVSS6.1AI score0.002EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago3 views

CVE-2026-15082

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Siteimprove Analytics allows Cross-Site Scripting XSS. This issue affects Siteimprove Analytics versions: from 0.0.0 to 2.0.1...

5.4CVSS6.1AI score0.00186EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago3 views

CVE-2026-15081

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Location Selector allows SQL Injection. This issue affects Location Selector versions: from 0.0.0 to 1.3.0...

7.4CVSS6.1AI score0.00194EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-58591

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox allows Cross-Site Scripting XSS. This issue affects Colorbox versions: from 0.0.0 to 2.1.5, from 0.0.0 to 2.2.0...

5.4CVSS6.1AI score0.00204EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago3 views

CVE-2026-58590

Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0...

5.4CVSS6.1AI score0.0018EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago1 views

CVE-2026-58589

Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0...

5.4CVSS6.1AI score0.0018EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-58588

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...

6.1AI score0.00204EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-58587

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...

6.1AI score0.00204EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-13244

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Tealium iQ Tag Management allows Object Injection. This issue affects Tealium iQ Tag Management versions: from 0.0.0 to 2.4.0...

6.1AI score0.00417EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-13243

Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...

6.1AI score0.00097EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-13242

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Geolocation Field allows SQL Injection. This issue affects Geolocation Field versions: from 0.0.0 to 3.15.0...

6.1AI score0.00157EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-13240

Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0...

6.1AI score0.00132EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-13241

Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0...

6.1AI score0.00132EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-13239

Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affects WissKI versions: from 0.0.0 to 4.2.0...

6.1AI score0.00132EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-13238

Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2...

6.1AI score0.0018EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-13237

Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...

6.1AI score0.00142EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-13236

Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...

6.1AI score0.00142EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-13235

Missing Authorization vulnerability in Drupal AI Artificial Intelligence allows Forceful Browsing. This issue affects AI Artificial Intelligence versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3...

6.1AI score0.00142EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago3 views

CVE-2026-13234

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI Artificial Intelligence allows Cross-Site Scripting XSS. This issue affects AI Artificial Intelligence versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3...

6.1AI score0.00161EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-13233

Server-Side Request Forgery SSRF vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2...

6.1AI score0.00142EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-13232

Incorrect Authorization vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Forceful Browsing. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

6.1AI score0.00142EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-13231

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Stored XSS. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

6.1AI score0.00161EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-55810

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Plotly.js Graphing allows Object Injection. This issue affects Plotly.js Graphing versions: from 0.0.0 to 3.0.2...

6.1AI score0.00161EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-55809

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Flag attendance field allows Object Injection. This issue affects Flag attendance field versions: from 0.0.0 to 1.2...

6.1AI score0.00173EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-55187

Mailpit is an email testing tool and API for developers. Prior to 1.30.2, the remediation shipped for CVE-2026-27808 is incomplete because the tools.IsInternalIP deny-list in internal/tools/net.go relies on Go's standard library classification helpers and does not block IPv6 transition mechanisms...

5.8CVSS6.1AI score0.00282EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago3 views

CVE-2026-12535

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Formatter Field allows Object Injection. This issue affects Formatter Field versions: from 0.0.0 to 2.0.0...

6.1AI score0.00173EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago3 views

CVE-2026-11909

Missing Authorization vulnerability in Drupal Examples for Developers allows Forceful Browsing. This issue affects Examples for Developers versions: from 0.0.0 to 4.0.6...

6.1AI score0.00142EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago1 views

CVE-2026-52747

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and...

8.6CVSS6AI score0.0046EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago1 views

CVE-2026-55882

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.19.5 through 0.37.3, the Tilt HUD server mounts Go net/http/pprof handlers under /debug with no access control. When the HUD or apiserver listener is network-exposed, an unauthenticated caller can read process memor...

8.3CVSS6.2AI score0.00384EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-55884

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.20.8 through 0.37.3, the Tilt HUD HTTP server registers handlers on a gorilla/mux router with no authenticating middleware. When the HUD is bound to a non-loopback address, an unauthenticated network caller can...

9.2CVSS6.2AI score0.00397EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-49213

TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in packages/lib/src/ssrf/validateHttpReqUrl.ts can be bypassed with the IPv6 unspecified address :: because validateIPAddress blocks local, metadata, and private ranges but does not block :: or its expanded form. ...

8.1CVSS6.1AI score0.00319EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago1 views

CVE-2026-59155

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to 2.2.5, the GET /api/v1/ddns and GET /api/v1/notification endpoints return full resource objects including plaintext third-party API credentials, including Cloudflare API tokens, TencentCloud...

6.9CVSS6.1AI score0.00304EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago3 views

CVE-2026-49394

Frappe is a full-stack web application framework. Prior to 16.19.0, authorization bypass was possible via the updatepage endpoint in Workspace because public workspaces did not receive the required Workspace Manager edit check. This issue is fixed in version 16.19.0...

7.1CVSS6.1AI score0.00307EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-41482

Frappe is a full-stack web application framework. Prior to 16.18.3, possible path traversal and local file inclusion were possible through secure local resource access in the Chrome PDF Generator. This issue is fixed in version 16.18.3...

7.1CVSS6.1AI score0.00338EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-47199

Frappe is a full-stack web application framework. Prior to 16.18.3 and 15.108.0, checksafesqlquery permitted SELECT INTO OUTFILE queries, which could potentially work on self-hosted sites if database permissions are not well aligned and MySQL FILE privileges are available. This issue is fixed in...

2.3CVSS6.1AI score0.00401EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago3 views

CVE-2026-58503

Frappe is a full-stack web application framework. Prior to 16.16.0 and 15.106.0, user enumeration could be performed via the resetpassword endpoint. This issue is fixed in versions 16.16.0 and 15.106.0...

6.9CVSS6.1AI score0.00354EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago3 views

CVE-2026-57584

Phalcon is a high-performance, full-stack PHP framework. Prior to 5.15.0, every Phalcon MVC application built with a default router registers a built-in route whose compiled PCRE pattern contains the nested quantifier /., and the same construct is produced by the /:params placeholder and the CLI...

8.7CVSS6.1AI score0.00419EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-54736

Phalcon is a high-performance, full-stack PHP framework. Prior to 5.14.1, Phalcon\Encryption\Crypt::decrypt compares the attacker-supplied HMAC tag against the freshly computed HMAC using PHP/Zephir identity comparison, which lowers to a byte-wise comparison that returns early on the first...

8.2CVSS6.1AI score0.00147EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago3 views

CVE-2026-55664

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, the GET /forms endpoint read table and column metadata without applying the document's access rules and did not check that the requested section was actually a form. A user with only partial read access, includin...

4.3CVSS6.1AI score0.00243EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-55659

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripting. On the main application page, a document's nam...

7.7CVSS5.8AI score0.00275EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities74190