Lucene search
K
AttackerkbRecent

74784 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/24 9:35 p.m.5 views

CVE-2026-9773

Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within ToggleState.php...

8.8CVSS6.4AI score0.01126EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:35 p.m.5 views

CVE-2026-9772

Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within FileUpload.php. T...

8.8CVSS6.4AI score0.01114EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:35 p.m.6 views

CVE-2026-50189

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside the container via a Caddy reverse-proxy route at /supervisor/ on the public ingress. Combined with the...

8.9CVSS6.1AI score0.00271EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:32 p.m.5 views

CVE-2026-10642

The Zephyr PL011 UART driver drivers/serial/uartpl011.c contains an unbounded software loop in pl011irqtxenable that repeatedly invokes the interrupt-driven application callback while the TX interrupt mask bit PL011IMSCTXIM is set, to work around the controller's level-transition TX-interrupt...

6.5CVSS5.9AI score0.00185EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:30 p.m.6 views

CVE-2026-53765

Chrome DevTools for agents chrome-devtools-mcp lets your coding agent control and inspect a live Chrome browser. From 0.20.0 until 1.1.0, The chrome-devtools-mcp daemon writes its PID file with fs.writeFileSync to a deterministic runtime path. On typical macOS environments, and on Linux sessions...

6.1CVSS5.9AI score0.00077EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:29 p.m.8 views

CVE-2026-53766

Chrome DevTools for agents chrome-devtools-mcp lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpContext.validatePath enforces workspace roots by checking whether path.resolvefilePath textually falls under one of the configured root paths. path.resolve...

6.1CVSS5.8AI score0.00087EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:26 p.m.6 views

CVE-2026-52794

Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Sentry's event ingestion pipeline, where a regex applied to attacker-controlled fields on incoming events can be made to consume...

7.5CVSS5.8AI score0.00267EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:24 p.m.10 views

CVE-2026-55570

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields name, version, author, description when they are serialized into the data-obj HTML attribute of each marketplace card. Because the attribute is single-quoted and the value is...

9CVSS6AI score0.00327EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:21 p.m.5 views

CVE-2026-54759

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, Lute's HTML sanitizer does not remove elements. Combined with the SiYuan Electron client's permissive security configuration, an attacker can include a malicious in a Bazaar package README that executes arbitrary...

8.7CVSS6.1AI score0.00262EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:21 p.m.5 views

CVE-2026-47110

Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by submitting Tiptap JSON with the attrs.href field set to an array instead of a string, causing an unhandled TypeError in the Link::isAllowedUri functio...

7.1CVSS5.9AI score0.00305EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:20 p.m.7 views

CVE-2026-50551

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting XSS vulnerability in the Attribute View database asset cell renderer that escalates to remote code execution RCE in the Electron desktop client. This vulnerability is fixed...

9.9CVSS6.4AI score0.0044EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:19 p.m.5 views

CVE-2026-54158

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view database cell renderer genAVValueHTML interpolates cell content raw in four of its branches: text, url, phone, and mAsset. A cell value like or " breaks out of its surrounding tag and runs arbitrary...

9.9CVSS6AI score0.00289EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:18 p.m.6 views

CVE-2026-54070

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, renderPackageREADME in kernel/bazaar/readme.go renders a Bazaar package README from Markdown to HTML with the lute engine and SetSanitizetrue. The lute sanitizer is an event-handler blocklist: allowAttr rejects only...

7.1CVSS5.9AI score0.0018EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:17 p.m.5 views

CVE-2026-54069

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan Note's kernel HTTP server unconditionally trusts all chrome-extension:// origins, granting RoleAdministrator access to every installed browser extension without any authentication. Combined with the default empt...

9.2CVSS5.9AI score0.00607EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:15 p.m.6 views

CVE-2026-54068

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the /api/icon/getDynamicIcon endpoint is explicitly excluded from authentication in SiYuan's kernel router router.go, "不需要鉴权" -- no auth needed. When called with type=8 and a valid block id parameter, this endpoint...

5.9CVSS6AI score0.00239EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:14 p.m.7 views

CVE-2026-54067

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, CSS snippet body containing tag when renderSnippet interpolates it via insertAdjacentHTML. A payload like runs arbitrary JavaScript in the renderer. On Electron desktop builds the renderer runs with nodeIntegration:tru...

9.9CVSS6AI score0.00307EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:13 p.m.6 views

CVE-2026-54066

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the patch for CVE-2026-41894 "Path Traversal via Double URL Encoding" sanitized the /export/ route but the identical root cause remains in the /assets/path route. In publish mode anonymous read-only HTTP endpoint,...

7.5CVSS6AI score0.01892EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:8 p.m.5 views

CVE-2026-55762

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, the POST /api/v1/fingerprint REST endpoint enforces authentication authRequired: true but performs no authorization check. Any authenticated user —...

8.1CVSS5.9AI score0.00323EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:7 p.m.6 views

CVE-2026-55759

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, Rocket.Chat's Apple Sign-In handler verifies JWT signatures but skips claims validation. Any Apple-signed JWT with a non-empty iss is accepted...

7.4CVSS5.9AI score0.00243EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:6 p.m.5 views

CVE-2026-55666

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, in apps/meteor/app/apple/server/loginHandler.ts, handleIdentityToken parses a JWT issued by Apple during the OAuth flow. The try block checks for an...

9.3CVSS6AI score0.00295EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:5 p.m.5 views

CVE-2026-49278

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, in the visitors.info endpoint, https://developer.rocket.chat/apidocs/get-visitor-information-by-id-1, token is returned in the response. It...

6.7CVSS5.8AI score0.00243EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:4 p.m.9 views

CVE-2026-49277

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, Rocket.Chat does not revoke OAuth bearer or refresh tokens when a user is deactivated. A deactivated user can continue using an existing OAuth...

2.3CVSS5.9AI score0.00215EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:1 p.m.5 views

CVE-2026-45757

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, Rocket.Chat allows users deactivated through users.deactivateIdle to keep using already-issued login tokens. A user that an administrator has...

2.3CVSS5.8AI score0.00215EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:1 p.m.3 views

CVE-2026-33543

FOSSBilling is a free, open-source billing and client management system. Versions 0.7.2 and prior expose a guest API endpoint, /api/guest/staff/create, intended for initial administrator bootstrap. Due to a flawed admin-existence check, the endpoint remains usable after an administrator already...

9.3CVSS5.8AI score0.00289EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:58 p.m.3 views

CVE-2026-46423

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML service provider implementation silently skips both SAML Response and Assertion signature validation when the configured Id...

9.3CVSS5.9AI score0.00149EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:57 p.m.5 views

CVE-2026-45689

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, an unauthenticated network attacker obtains a valid Rocket.Chat OAuth access token for an arbitrary user by sending a single HTTP POST with...

9.1CVSS6.1AI score0.00308EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:56 p.m.10 views

CVE-2026-45688

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's CAS login handler forwards the client-supplied options.cas.credentialToken value straight into a MongoDB findOneid: ... query...

9.1CVSS5.9AI score0.00289EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:55 p.m.2 views

CVE-2026-45687

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's sendFileMessage DDP method passes the entire attacker-supplied file object into Uploads.updateFileComplete, which merges it...

8.5CVSS5.9AI score0.00205EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:54 p.m.3 views

CVE-2026-45677

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML integration does not verify the signature on inbound LogoutRequest messages. An unauthenticated remote attacker who knows a...

8.7CVSS6AI score0.00451EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:52 p.m.4 views

CVE-2026-33235

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block is vulnerable to a Denial of Service DoS attack. While the backend implements a SandboxedEnvironment to prevent...

7.7CVSS5.8AI score0.0031EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:51 p.m.5 views

CVE-2026-47733

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, the ImageElement component in packages/gazzodown renders user-controlled src values directly into and attributes without protocol sanitization. Unlike the analogous LinkSpan component — which uses...

4.4CVSS6.1AI score0.00118EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:45 p.m.4 views

CVE-2026-32315

motionEye mEye is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contains...

5.5CVSS5.8AI score0.02902EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:39 p.m.5 views

CVE-2026-13208

A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identity namespace/name solely from the request body without validating it against the connection's origin. Each virt-launcher pod connects through a per-VMI...

6.5CVSS5.8AI score0.0009EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:39 p.m.5 views

CVE-2026-13201

A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses OPATH|ONOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve the path via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel...

7.3CVSS6AI score0.00122EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:35 p.m.5 views

CVE-2026-52797

Gogs is an open source self-hosted Git service. Prior to 0.14.0, as an authorized user, an intruder can dictate the value which is passed to the git diff command which, together with bypassing the filtering of the passed value, allows the user to bypass the target directory and write the result o...

8.5CVSS6AI score0.0035EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:33 p.m.5 views

CVE-2026-52813

Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization names containing path traversal sequences ../ are accepted by Gogs, and repositories under them are written to paths following these path traversals. This allows storing/retrieving data for repositories at arbitrary...

10CVSS6.1AI score0.01107EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:32 p.m.6 views

CVE-2026-52812

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git LFS storage is content-addressed by OID alone /// but per-repo authorization lives in the lfsobject table keyed repoid, oid. serveUpload skips re-uploading when the OID file already exists on disk and inserts a new repoid, oid r...

7.1CVSS5.9AI score0.00236EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:31 p.m.5 views

CVE-2026-52811

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Repository.UploadRepoFiles checks for symlinks only on the leaf of the upload target osx.IsSymlinktargetPath. The siblings UpdateRepoFile, DeleteRepoFile, and GetDiffPreview use hasSymlinkInPath, which lstats every component —...

9CVSS5.9AI score0.00474EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:30 p.m.6 views

CVE-2026-52810

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git smart HTTP authorizes POST …/git-receive-pack using the client-supplied service query string so ?service=git-upload-pack is evaluated as read access while routing still runs git receive-pack, allowing push where only read should...

7.1CVSS5.9AI score0.00427EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:29 p.m.5 views

CVE-2026-11998

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS6.1AI score0.00338EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:29 p.m.5 views

CVE-2026-52809

Gogs is an open source self-hosted Git service. Prior to 0.14.3, password-reset tokens are generated using conf.Auth.ActivateCodeLives the account-activation lifetime, not conf.Auth.ResetPasswordCodeLives. The token lifetime is baked into the token itself at generation time and is re-extracted fr...

6.8CVSS5.9AI score0.00202EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:28 p.m.5 views

CVE-2026-31978

motionEye mEye is an online interface for motion software, which is a video surveillance program with motion detection. Versions prior to 0.44.0 are vulnerable to path traversal in the picture and movie API endpoints, suhc as /picture/id/preview/filename. Neither the API handlers, nor the...

6.5CVSS5.9AI score0.00418EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:27 p.m.5 views

CVE-2026-52808

Gogs is an open source self-hosted Git service. Prior to 0.14.3, three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v1/repos/:owner/:repo/wiki, and POST /api/v1/repos/:owner/:repo/mirror-sync — are gated by reqRepoWriter rather than reqRepoAdmin. The equivalent...

7.1CVSS5.9AI score0.00478EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:26 p.m.6 views

CVE-2026-52816

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Jupyter Notebook ipynb sanitizer endpoint at POST /-/api/sanitizeipynb allows arbitrary data: URIs without proper restrictions, potentially leading to Cross-Site Scripting XSS. The endpoint uses bluemonday.UGCPolicy with...

6.4CVSS6AI score0.00677EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:25 p.m.6 views

CVE-2026-52807

Gogs is an open source self-hosted Git service. Prior to 0.14.3, in newform.tmpl, milestone names are rendered with Go's default auto-escaping .Name, which converts to etc. This prevents direct HTML injection. However, when the browser renders the DOM, the text content of the element contains the...

4.8CVSS5.9AI score0.00483EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:22 p.m.5 views

CVE-2026-52805

Gogs is an open source self-hosted Git service. Prior to 0.14.3, a Server-Side Request Forgery SSRF vulnerability exists in the repository migration functionality. The application validates only the initially submitted URL hostname, but git clone --mirror follows HTTP redirects. An authenticated...

8.7CVSS5.9AI score0.00384EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:21 p.m.7 views

CVE-2026-52806

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs allows authenticated users to achieve Remote Code Execution RCE on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the "Rebase before...

9.9CVSS6AI score0.01029EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:20 p.m.5 views

CVE-2026-52804

Gogs is an open source self-hosted Git service. Prior to 0.14.3, a repository admin collaborator can escalate their privileges to owner-level access by exploiting an off-by-one error in the ChangeCollaborationAccessMode function. This vulnerability is fixed in 0.14.3...

7CVSS5.9AI score0.00499EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:19 p.m.6 views

CVE-2026-52799

Gogs is an open source self-hosted Git service. Prior to 0.14.3, GET /attachments/:uuid returns the raw attachment file without verifying whether the requester has view permission for the associated Issue/Comment/Release or the repository. In a test environment with REQUIRESIGNINVIEW = false, we...

7.5CVSS5.9AI score0.00422EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:18 p.m.5 views

CVE-2026-52801

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs Mirror Settings functionality provide an alternative way from the well protected New Migration functionality for any authenticated users to import local repositories. This issue stems from a lack of validation of SaveAddres...

8.1CVSS5.9AI score0.00569EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities74784