Lucene search
K
AttackerkbRecent

74584 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/22 3:20 p.m.4 views

CVE-2026-41046

A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root...

7.3CVSS5.9AI score0.00159EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:20 p.m.3 views

CVE-2026-8934

A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console allows an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects using a specially crafted request. This vulnerability was patched ...

6.9CVSS5.9AI score0.00364EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:18 p.m.4 views

CVE-2026-52725

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/core package allows bypassing script-execution restrictions during dynamic component...

5.3CVSS5.8AI score0.00238EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:18 p.m.3 views

CVE-2026-11942

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name...

4.8CVSS5.7AI score0.00261EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:16 p.m.3 views

CVE-2026-41045

A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user...

8.1CVSS5.9AI score0.00136EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:16 p.m.3 views

CVE-2026-49241

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. Prior to 21.2.4, the client-side Angular Language Service VS Code extension reads the custom TypeScript SDK paths typescript.tsdk and js/ts.tsdk.path directly from workspace configurations...

8.7CVSS5.9AI score0.00154EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:11 p.m.4 views

CVE-2026-50557

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22 and 19.2.22, an issue in the @angular/compiler and @angular/core packages allows bypassing element and attribute...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:59 p.m.3 views

CVE-2026-53550

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:55 p.m.3 views

CVE-2026-53655

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...

6.9CVSS5.9AI score0.00107EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:53 p.m.3 views

CVE-2026-9320

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...

5.9CVSS5.9AI score0.00323EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:47 p.m.4 views

CVE-2026-9071

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...

7.5CVSS5.9AI score0.00314EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:46 p.m.3 views

CVE-2026-9006

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery SSRF with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure...

7.4CVSS5.8AI score0.00221EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:44 p.m.3 views

CVE-2026-8646

IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security...

7.4CVSS5.9AI score0.00338EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:43 p.m.3 views

CVE-2026-10845

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications...

5.9AI score0.00337EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:33 p.m.3 views

CVE-2024-51454

IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:31 p.m.3 views

CVE-2023-33854

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques...

5.3CVSS5.9AI score0.00188EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:22 p.m.3 views

CVE-2026-9610

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the UI but is accessible by directly requesting the URL, bypassing intended access controls...

2.3CVSS5.8AI score0.00189EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:21 p.m.4 views

CVE-2026-9072

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker impersonates backe...

9.8CVSS6.5AI score0.00409EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:17 p.m.3 views

CVE-2026-56104

Chainlit before 2.10.1 contains a session hijacking vulnerability that allows unauthenticated attackers to restore and inherit authenticated user sessions by presenting a valid sessionId during WebSocket session restoration without ownership verification. Attackers can exploit the...

9.1CVSS5.9AI score0.00256EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:16 p.m.4 views

CVE-2026-8858

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted...

8.8CVSS6.5AI score0.0026EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:16 p.m.3 views

CVE-2026-8636

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database...

5.5CVSS5.9AI score0.00146EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:13 p.m.3 views

CVE-2026-8059

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

6.1CVSS5.5AI score0.00169EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:10 p.m.3 views

CVE-2026-7664

IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint...

9.8CVSS5.9AI score0.00277EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:9 p.m.3 views

CVE-2026-11372

IBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

5.4CVSS5.5AI score0.00165EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:55 p.m.4 views

CVE-2026-12549

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading t...

4.8CVSS5.9AI score0.00325EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:55 p.m.4 views

CVE-2026-12725

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...

5.9CVSS6.1AI score0.00403EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:43 p.m.4 views

CVE-2026-12628

IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 could allow a remote attacker to bypass authentication due to the use of a hardcoded credential in the FlashCopy Manager FCM authentication mechanism. The application contains a...

8.1CVSS6AI score0.00357EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:41 p.m.4 views

CVE-2026-8823

Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.. Mattermost Advisory ID: MMSA-2026-00669...

3.8CVSS6AI score0.00231EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:40 p.m.3 views

CVE-2026-6062

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 Fail to validate channel ownership of an existing subscription before applying edits which allows an authenticated attacker to hijack subscriptions from channels they have no access to via a crafted PUT...

6.4CVSS5.9AI score0.00153EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:38 p.m.11 views

CVE-2026-6673

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to authenticate Atlassian Connect installed callbacks, allowing a remote unauthenticated attacker to inject a rogue sharedSecret and disrupt the Jira integration via POST to /ac/installed during the...

6.4CVSS6AI score0.00177EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:37 p.m.7 views

CVE-2026-8074

Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to enforce bot-specific permission checks on the user active status endpoint, which allows a User Manager with user management write access but no Integrations access to deactivate bot accounts via the PUT /api/v4/users/id/active API...

3.8CVSS5.9AI score0.00192EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:36 p.m.9 views

CVE-2026-9162

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to invalidate cached authentication state for active WebSocket connections during global session revocation, which allows a user with an existing WebSocket connection to remain authenticated and continu...

4.3CVSS5.9AI score0.00202EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:34 p.m.3 views

CVE-2026-5139

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to enforce administrator authorization on the setDefaultInstance call within the /gitlab connect command handler, which allows any authenticated user to overwrite the global default GitLab instance...

5.4CVSS5.9AI score0.0017EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:22 p.m.3 views

CVE-2026-10561

IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise...

10CVSS6.4AI score0.00502EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:20 p.m.3 views

CVE-2026-28381

The Snowflake datasource allows for GET/PUT commands, which can allow any user with access to run queries against the data source to read/write files between the local grafana server and the connected Snowflake host...

9.6CVSS5.9AI score0.00205EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:20 p.m.6 views

CVE-2025-33128

IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

5.4CVSS5.5AI score0.00139EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:18 p.m.3 views

CVE-2025-2669

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation...

6CVSS5.8AI score0.00197EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:18 p.m.4 views

CVE-2026-9029

A user with Editor permissions can place a malicious script in the attribution field of a Geomap panel's XYZ tile layer via a template variable. The script then executes in the browser of any user who views the affected dashboard stored cross-site scripting...

7.3CVSS6AI score0.0025EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:18 p.m.86 views

CVE-2026-10601

A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the...

5.4CVSS6.1AI score0.00258EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:18 p.m.10 views

CVE-2026-42129

A user with Viewer permissions can use a path traversal in the Loki data source plugin to reach administrative Loki endpoints and read sensitive backend configuration and internal service information...

7.7CVSS6.1AI score0.00394EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:15 p.m.3 views

CVE-2024-54178

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:5 p.m.4 views

CVE-2026-12888

An HTML injection vulnerability exists in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links. This issue affects Canarytokens: from Docker tag sha-4aef1db90...

5.1CVSS5.9AI score0.00286EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:2 p.m.3 views

CVE-2026-56450

AIL did not restrict repeated failed attempts to verify a two-factor authentication OTP code. An attacker who had reached the 2FA verification step, such as after successfully completing the password-authentication stage, could submit an unlimited number of OTP guesses. This could enable...

5.1CVSS5.9AI score0.0033EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 12:54 p.m.5 views

CVE-2026-56448

A path traversal vulnerability exists in AIL Framework before the release containing commit 0041456af25da0cdea1c1c4624e46baff2731d8f. An authenticated AIL user can supply crafted object identifiers through the investigation workflow to cause file paths to resolve outside the intended image,...

8.3CVSS6AI score0.00292EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 12:50 p.m.3 views

CVE-2026-7167

The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass...

6.9CVSS5.8AI score0.00357EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 12:47 p.m.2 views

CVE-2026-7166

Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on...

9.2CVSS5.9AI score0.00384EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 12:46 p.m.3 views

CVE-2026-7165

The vulnerability is present in the ‘/addJugador’ endpoint: The 'keyJugador' and 'keyJugadorObjectiu' parameters allow the modification of other users’ information without requiring prior authorization validation. This could enable an authenticated attacker to alter any user’s ID and change their...

9.4CVSS6AI score0.0029EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 12:46 p.m.2 views

CVE-2026-54100

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture...

8.3CVSS5.9AI score0.00181EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 12:46 p.m.4 views

CVE-2026-54099

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...

8.8CVSS5.8AI score0.00075EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 12:40 p.m.15 views

CVE-2026-6653

Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper entity resolution handling...

8.3CVSS5.9AI score0.00289EPSS
Exploits1References3Affected Software1
Total number of security vulnerabilities74584