Lucene search
K
AttackerkbRecent

74190 matches found

ATTACKERKB
ATTACKERKB
•added 4 days ago•1 views

CVE-2026-45203

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but befo...

7.8CVSS6.1AI score0.00116EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 4 days ago•2 views

CVE-2026-57574

Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a vulnerability in Time-based One-Time Password TOTP authentication in UserAuthService where insufficient validation of used tokens allows the reuse of a single-use code within its valid time step. If...

7.4CVSS6.1AI score0.0034EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•1 views

CVE-2026-45196

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a GPU register access which can lead to privilege escalation...

7.8CVSS6.1AI score0.00142EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 4 days ago•2 views

CVE-2026-58499

EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint because the per-message senderid field was not validated as a path-safe identifier, unlike appid and projectid. During user-memory extraction, senderid i...

8.2CVSS6.1AI score0.00356EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•2 views

CVE-2026-7639

Software installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after free, which helps in facilitating unprivileged memory access from a shader code. Triggering failure path in the MMU mapping logic by a malicious code could lead to incomplete...

7.8CVSS6.1AI score0.00155EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 4 days ago•3 views

CVE-2026-57230

OpenReplay is a self-hosted session replay suite. Prior to 1.27.0, the session search and analytics API in enterprise editions with multi-tenancy enabled built ClickHouse queries by inserting user input into the query string, including two positions that took input without escaping, allowing an...

5.4CVSS6.1AI score0.00207EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•3 views

CVE-2026-41154

Software installed and run as a non-privileged user may cause OOB kernel memory reads or writes through GPU API calls. When indexing pages larger than 4kB in the page freeing logic of the sparse memory implementation, incorrect buffer indexing leads to OOB access...

7.8CVSS6.1AI score0.00167EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 4 days ago•2 views

CVE-2026-34196

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an integer overflow and map two GPU virtual addresses to the same physical address. One of these virutal mappings can be freed along with the physical page, allowing for a read/write UAF via the...

7.8CVSS6.1AI score0.0015EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 4 days ago•2 views

CVE-2026-55880

OpenReplay is a self-hosted session replay suite. In 1.27.0 and earlier, three dashboard and note mutation functions ran their SQL without the ownership predicate that their sibling read and edit functions use: notes.delete filtered only on note id and project id, while dashboards.updatewidget an...

7.1CVSS6.1AI score0.00195EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•2 views

CVE-2026-55879

OpenReplay is a self-hosted session replay suite. From 1.24.0 before 1.25.0, the OpenReplay tracking SDK accepts custom event names and captured page URLs from any visitor using a public project key, stores them in ClickHouse without output encoding, and later renders them in the authenticated...

9.3CVSS6.1AI score0.00274EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•2 views

CVE-2026-55229

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.34.0, Gotenberg's /forms/libreoffice/convert endpoint allows a specially crafted document to cause LibreOffice to automatically retrieve external HTTPS resources and local file resources during document conversion, enabling bli...

7.5CVSS6.1AI score0.00355EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•2 views

CVE-2026-57217

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.21, 4.1.11, and 4.2.6, RabbitMQ topic authorization can allow restricted topic writes and binds during metadata-store failures because topic-permission lookup errors from Khepri can collapse to undefined, which the internal backe...

7CVSS6.1AI score0.00269EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•1 views

CVE-2026-57221

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ does not perform authorization checks on passive queue.declare and exchange.declare AMQP 0-9-1 operations, allowing any authenticated user who can connect to a virtual host to enumerate queue and...

5.3CVSS6.1AI score0.00269EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•2 views

CVE-2026-57215

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ allows foreign bindings to amq.rabbitmq.reply-to destinations because volatile direct-reply-to queues can be accepted at bind and route time but are missing from Khepri-backed deletion checks,...

7CVSS6.1AI score0.00245EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•3 views

CVE-2026-57218

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an existing consumer to keep receiving messages after OAuth token expiry or connection.updatesecret refresh to reduced scopes because existing consumers are not canceled or reauthorized at delivery time after...

6.5CVSS6.1AI score0.00269EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•2 views

CVE-2026-57220

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames during authentication and before Tune negotiation, allowing an unauthenticated remote client to declare oversized frame length...

7.5CVSS6.1AI score0.00429EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•2 views

CVE-2026-57211

RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static file handler rabbitmgmtwmstatic can pass URL-encoded backslashes to erlprimloader:readfileinfo before path validation when multiple management extension plugins are enabled,...

6.5CVSS6.1AI score0.00278EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•2 views

CVE-2026-57212

RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmqmanagement HTTP API accepts oversized valid JSON bodies on withdecode and directrequest paths because readcompletebody checks the accumulated size before the final chunk but not the final combin...

7.7CVSS6.1AI score0.00293EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•3 views

CVE-2026-55233

OpenResty is a high performance web platform. From 1.29.2.1 to before 1.29.2.5, an out-of-bounds write vulnerability exists in the upstream PROXY protocol v2 implementation. When OpenResty is configured to send PROXY protocol version 2 headers to upstream servers, constructing the header in the...

7.5CVSS6.1AI score0.00343EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•2 views

CVE-2026-55377

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's Account Center step-up check accepted any active verification record that belonged to the current user and had isVerified === true. A WebAuthn registration verification record for binding a new...

8.1CVSS6.1AI score0.00259EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•2 views

CVE-2026-55789

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's self-hosted SAML application IdP built the signed SAML response and assertion by string-substituting user-controlled profile attributes such as name, email, and custom attribute-mapping values into...

8.5CVSS6.2AI score0.00298EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•2 views

CVE-2026-54714

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, @logto/core reflected the SAML RelayState, SAMLResponse, and actionUrl into a Logto-origin auto-submit HTML form in packages/core/src/saml-application/SamlApplication/utils.ts without HTML-attribute...

6.1CVSS6.1AI score0.00253EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•1 views

CVE-2026-57850

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type FileTransfer, PortForward, ViewCamera, or Terminal can send control messages and login options reserved for a full Remote session. An authenticated remote pe...

8.7CVSS6.1AI score0.00334EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 4 days ago•1 views

CVE-2026-57156

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in updatereaddeltapoints in libfreerdp/core/orders.c when multiplying an attacker-controlled point count by sizeofDELTAPOINT, allowing a malicious RDP pee...

8.6CVSS6.2AI score0.00528EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•2 views

CVE-2026-55475

Snipe-IT is an IT asset/license management system. Prior to 8.6.1, the Importer API endpoint allows a user with CSV import capabilities and a valid API key to overwrite the createdby value of an import file, allowing unauthorized modification of import ownership metadata. This issue is fixed in...

5.7CVSS6.1AI score0.00195EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•1 views

CVE-2026-55466

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UploadFileRequest sanitizes SVG content only when PHP finfo reports image/svg+xml and UploadedFilesController serves attachments inline without using StorageHelper::allowSafeInline, allowing a low-privilege user to upload active...

6.2CVSS6.1AI score0.00351EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•6 views

CVE-2025-30008

HestiaCP before 1.9.5 contains a stored cross-site scripting vulnerability that allows authenticated low-privilege users to inject arbitrary HTML by creating a DNS record with a double-quote followed by a script payload in the value field. The application fails to apply htmlspecialchars encoding ...

5.1CVSS6.2AI score0.00181EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 4 days ago•8 views

CVE-2025-30007

HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege authenticated users to execute arbitrary commands as root by injecting a single-quote character into unvalidated DNS record types. Attackers can exploit insufficient input validation in...

8.8CVSS6.6AI score0.02077EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 4 days ago•1 views

CVE-2026-55472

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scopelocationsfmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location...

4.3CVSS6.1AI score0.00197EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•2 views

CVE-2026-55476

Snipe-IT is an IT asset/license management system. Prior to 8.6.0, POST /account/request/itemType/itemId/cancelbyadmin?/requestingUser? accepts cancelbyadmin as a URL path segment without sufficient authorization, allowing an authenticated user to supply a victim user ID and silently cancel that...

5.3CVSS6.1AI score0.002EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•2 views

CVE-2026-61459

MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools kubectlget, kubectldescribe, kubectldelete that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can...

9.8CVSS6.1AI score0.00421EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
•added 4 days ago•1 views

CVE-2026-53449

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable ...

6CVSS6.2AI score0.00176EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•2 views

CVE-2026-59151

Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow trusted the email domain asserted in a SAMLResponse when deciding which tenant should receive the final token, and the ACS finish logic in api/src/backend/api/v1/views.py recalculated the tenant from...

9.6CVSS6.1AI score0.00296EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•1 views

CVE-2026-56666

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's external identity provider handler checks that the local user's email is verified but does not verify that the external IdP confirmed ownership of the same email before auto-linking by email, allowing a permissive...

4.8CVSS6.1AI score0.00189EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•2 views

CVE-2026-55671

ZITADEL is an open source identity management platform. From 4.0.0-rc.1 through 4.15.1, ZITADEL's HTTP notification channels, OIDC BackChannel Logout, and SAML metadata URL fetches do not consistently validate user-defined URLs against protected denylist handling, allowing server-side requests to...

2.3CVSS6.1AI score0.00252EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•1 views

CVE-2026-55780

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer from the bundle entry Size field, which is only checked for sign and is not validat...

2.4CVSS6.2AI score0.00112EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•1 views

CVE-2026-55782

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's WebAssembly archive handler in NanaZip.Codecs.Archive.WebAssembly.cpp allocates buffers from attacker-controlled 32-bit section and custom-name length fields without validating them against...

2.4CVSS6.1AI score0.00113EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•2 views

CVE-2026-58493

grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, Database::call builds PDO DSN strings by directly concatenating user-configurable YAML values from fields such as host, dbname, charset, server, database, directory, and filename without sanitization or validation, allowing...

5.1CVSS6.1AI score0.00288EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•2 views

CVE-2026-15377

A vulnerability was determined in Eleveo Call Recording Software 9.7.0. Affected by this vulnerability is an unknown functionality of the file /callrec/sendlogfile. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been publicly disclosed and m...

5.3CVSS5.9AI score0.00255EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•3 views

CVE-2026-55885

Grav is a file-based Web platform. Prior to 1.7.53, an authenticated administrator with backup permissions can download a ZIP archive containing the full Grav installation root, including user/accounts/admin.yaml with the administrator password hash and user/config with site configuration, throug...

6.8CVSS6AI score0.00174EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•2 views

CVE-2026-54919

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from 0.33.0 through 0.46.1, when cpp-httplib is built with CPPHTTPLIBMBEDTLSSUPPORT or CPPHTTPLIBWOLFSSLSUPPORT and a...

7.4CVSS5.9AI score0.00264EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•3 views

CVE-2026-39903

Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An authenticated...

7.1CVSS6.1AI score0.00333EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•1 views

CVE-2026-59161

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell...

8.7CVSS6.1AI score0.00524EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•2 views

CVE-2026-15376

A vulnerability was found in Eleveo Call Recording Software 9.7.0. Affected is an unknown function of the file /callrec/statisticReportAction.do. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been made public and could be used. The vendor...

6.5CVSS6.3AI score0.00256EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•2 views

CVE-2026-53657

Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3, on an instance of Lima running with the qemu driver, an arbitrary user in the VM could access /run/lima-guestagent.sock when the guest agent is enabled, which could result in running arbitrary comman...

8.2CVSS6.2AI score0.00197EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•1 views

CVE-2026-56676

9Router is an AI router & token saver. Prior to 0.5.2, 9router validates image URLs by resolving the host before fetching, but open-sse/translator/concerns/image.js performs the later server-side image fetch with a separate DNS resolution. An authenticated attacker with access to the LLM proxy ca...

7.4CVSS6.1AI score0.00154EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•2 views

CVE-2026-15375

A vulnerability has been found in Eleveo Call Recording Software 9.7.0. This impacts an unknown function of the file /callrec/usersldap.jsp of the component LDAP User Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed ...

5.3CVSS5.6AI score0.00203EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•3 views

CVE-2026-8595

A user with Editor permissions can craft a dashboard whose table TableNG panel contains a malicious field name that executes as a script in the browser of any user who views the dashboard stored cross-site scripting...

6.8CVSS6AI score0.00221EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•4 views

CVE-2026-8609

An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance denial of service...

5.3CVSS6.1AI score0.00359EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 4 days ago•4 views

CVE-2026-33382

Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities74190