Lucene search
K
AttackerkbRecent

74775 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/25 12:0 a.m.5 views

CVE-2026-38640

A reachable unwrap in the assertfail function /assert/mod.rs of relibc commit 61f42d allows attackers to cause a Denial of Service DoS via a crafted string...

5.9AI score0.00446EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/25 12:0 a.m.8 views

CVE-2025-60464

A use-after-free in the gfseiloadfromstateinternal function /filters/seiload.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG-2 TS file...

5.9AI score0.00144EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/06/25 12:0 a.m.3 views

CVE-2026-37149

GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0 was discovered to contain a SQL injection vulnerability in the scost parameter in /grocery/searchproducts.php. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

5.9AI score0.00215EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/25 12:0 a.m.3 views

CVE-2026-37453

Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSISERVICE2 pipe...

5.9AI score0.00398EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 12:0 a.m.7 views

CVE-2026-37452

Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSIAPService.exe component...

5.9AI score0.00398EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 12:0 a.m.5 views

CVE-2026-38637

An issue in the pthreadrwlockattrsetpshared function of relibc commit 61f42d allows attackers to cause a Denial of Service DoS via a crafted input...

5.9AI score0.00446EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/25 12:0 a.m.6 views

CVE-2026-37454

Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the 3DES-ECB encryption...

5.9AI score0.00262EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:56 p.m.2 views

CVE-2026-8663

OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the repo, key, or name parameters due to insufficient input sanitization in shell command construction...

6CVSS6.2AI score0.00833EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:30 p.m.5 views

CVE-2025-8106

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.7AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:26 p.m.4 views

CVE-2026-40079

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand function. The escapecommand function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built ...

8.6CVSS5.8AI score0.01113EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:15 p.m.4 views

CVE-2026-7569

Quest NetVault Backup viewclient Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must vis...

8.8CVSS6.8AI score0.0067EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:15 p.m.4 views

CVE-2026-9787

Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS7.8AI score0.01373EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:15 p.m.4 views

CVE-2026-9786

Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS7.8AI score0.00689EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:14 p.m.5 views

CVE-2026-9785

Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS7.8AI score0.00689EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:14 p.m.6 views

CVE-2026-9784

Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS7.8AI score0.00689EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:14 p.m.6 views

CVE-2026-9783

Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS7.8AI score0.00689EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:14 p.m.5 views

CVE-2026-39951

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graphnameregexp in the Reports feature. This issue has been fixed in version 1.2.31...

7.6CVSS5.9AI score0.00221EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:14 p.m.6 views

CVE-2026-9782

Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS7.8AI score0.00689EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:14 p.m.5 views

CVE-2026-9781

Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS7.8AI score0.00689EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:13 p.m.5 views

CVE-2026-9780

Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must vis...

8.8CVSS6.8AI score0.0067EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:13 p.m.8 views

CVE-2026-7570

Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS7.8AI score0.00689EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:6 p.m.7 views

CVE-2026-39948

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv rather than gfrv with FILTERVALIDATEISREGEX validation and concatenated directly into RLIKE SQL clauses in lib/htmlgraph.php and...

9.3CVSS5.9AI score0.00456EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 10:49 p.m.7 views

CVE-2026-39955

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...

9.8CVSS5.9AI score0.00315EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 10:41 p.m.6 views

CVE-2026-39938

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31...

9.8CVSS5.7AI score0.00436EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 10:37 p.m.5 views

CVE-2026-39900

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the authprofile.php JavaScript context. This issue has been fixed in version 1.2.31...

5.3CVSS5.7AI score0.00155EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 10:33 p.m.5 views

CVE-2026-39899

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in packageimport.php. This issue has been fixed in version 1.2.31...

6.9CVSS5.7AI score0.00261EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 10:30 p.m.5 views

CVE-2026-47093

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.7AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 10:0 p.m.5 views

CVE-2026-39897

Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the htmlauthfooter. This issue has been fixed in version 1.2.31...

5.3CVSS5.7AI score0.00155EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:55 p.m.6 views

CVE-2026-39894

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

2.9CVSS5.8AI score0.00104EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:45 p.m.7 views

CVE-2026-39893

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization. The endpoint does not require authentication graph viewing supports guest access via the configured guest...

9.8CVSS5.9AI score0.00363EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:43 p.m.5 views

CVE-2026-2050

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

7.8CVSS7.6AI score0.00552EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:38 p.m.5 views

CVE-2026-49979

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This completely bypasses...

5.1CVSS5.9AI score0.00218EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:38 p.m.5 views

CVE-2026-55454

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has no authentication by default — is bound on 0.0.0.0:2019 inside the container. While this listener is not directly published to the host by...

9.9CVSS5.9AI score0.00328EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:37 p.m.5 views

CVE-2026-9779

ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The...

7.2CVSS6.4AI score0.00376EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:37 p.m.11 views

CVE-2026-9778

ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

7.2CVSS6.4AI score0.01477EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:36 p.m.6 views

CVE-2026-9777

ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the restoreDB...

7.2CVSS6.4AI score0.01477EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:36 p.m.5 views

CVE-2026-9776

ATEN Unizon writeFileToHttpServletResponse Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ATEN Unizon. Authentication is not required to exploit this vulnerability. The specific fl...

7.5CVSS5.8AI score0.0158EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:36 p.m.5 views

CVE-2026-9775

ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the uploadSSL...

5.5CVSS6.1AI score0.01195EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:36 p.m.7 views

CVE-2026-9774

ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

5.5CVSS6.1AI score0.01195EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:36 p.m.5 views

CVE-2026-55455

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the outbound HTTP host filter applied by WebClientUtils used by the REST API and GraphQL datasource plugins validates hosts against an exact-match string denylist. The comprehensive address-class check...

5.3CVSS6AI score0.0022EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:36 p.m.5 views

CVE-2026-10043

MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MosaicML Composer. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS6.4AI score0.00294EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:35 p.m.5 views

CVE-2026-9773

Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within ToggleState.php...

8.8CVSS6.4AI score0.01126EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:35 p.m.5 views

CVE-2026-9772

Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within FileUpload.php. T...

8.8CVSS6.4AI score0.01114EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:35 p.m.6 views

CVE-2026-50189

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside the container via a Caddy reverse-proxy route at /supervisor/ on the public ingress. Combined with the...

8.9CVSS6.1AI score0.00271EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:32 p.m.5 views

CVE-2026-10642

The Zephyr PL011 UART driver drivers/serial/uartpl011.c contains an unbounded software loop in pl011irqtxenable that repeatedly invokes the interrupt-driven application callback while the TX interrupt mask bit PL011IMSCTXIM is set, to work around the controller's level-transition TX-interrupt...

6.5CVSS5.9AI score0.00185EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:30 p.m.6 views

CVE-2026-53765

Chrome DevTools for agents chrome-devtools-mcp lets your coding agent control and inspect a live Chrome browser. From 0.20.0 until 1.1.0, The chrome-devtools-mcp daemon writes its PID file with fs.writeFileSync to a deterministic runtime path. On typical macOS environments, and on Linux sessions...

6.1CVSS5.9AI score0.00077EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:29 p.m.8 views

CVE-2026-53766

Chrome DevTools for agents chrome-devtools-mcp lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpContext.validatePath enforces workspace roots by checking whether path.resolvefilePath textually falls under one of the configured root paths. path.resolve...

6.1CVSS5.8AI score0.00087EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:26 p.m.6 views

CVE-2026-52794

Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Sentry's event ingestion pipeline, where a regex applied to attacker-controlled fields on incoming events can be made to consume...

7.5CVSS5.8AI score0.00267EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:24 p.m.10 views

CVE-2026-55570

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields name, version, author, description when they are serialized into the data-obj HTML attribute of each marketplace card. Because the attribute is single-quoted and the value is...

9CVSS6AI score0.00327EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:21 p.m.5 views

CVE-2026-54759

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, Lute's HTML sanitizer does not remove elements. Combined with the SiYuan Electron client's permissive security configuration, an attacker can include a malicious in a Bazaar package README that executes arbitrary...

8.7CVSS6.1AI score0.00262EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities74775