Lucene search
+L
Vulncheck KevMost viewed

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2025/03/26 12:0 a.m.5 views

VulnCheck KEV: CVE-2019-9875

Sitecore CMS and Experience Platform XP contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter CSRFTOKEN...

8.8CVSS7.7AI score0.14154EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/24 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-30154

reviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps exposed secrets to Github Actions Workflow Logs...

8.6CVSS5.8AI score0.02296EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-2609

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is...

8.2CVSS5.7AI score0.01089EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-30349

Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute that may use base64-encoded JavaScript code, as exploited in the wild in March 2025...

7.2CVSS5.8AI score0.30164EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/19 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-5932

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'givetitle' parameter. This makes it possible for unauthenticated attackers to inject a...

10CVSS5.8AI score0.74283EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/19 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-22120

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection...

9.1CVSS7.5AI score0.76618EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/11 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-24984

Microsoft Windows New Technology File System NTFS contains an insertion of sensitive Information into log file vulnerability that allows an unauthorized attacker to disclose information with a physical attack. An attacker who successfully exploited this vulnerability could potentially read...

4.6CVSS5.7AI score0.01831EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/07 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-3928

Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells...

8.8CVSS7.3AI score0.01997EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/04 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-28218

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability...

7CVSS7.3AI score0.12298EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/03 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-43769

Hitachi Vantara Pentaho BA Server contains a special element injection vulnerability that allows an attacker to inject Spring templates into properties files, allowing for arbitrary command execution...

8.8CVSS7.4AI score0.9767EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/27 12:0 a.m.5 views

VulnCheck KEV: CVE-1999-0526

An X server's access control is disabled e.g. through an "xhost +" command and allows anyone to connect to the server...

10CVSS5.8AI score0.20978EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/27 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-8425

The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwbwgmpreviewmail' and 'mwbwgmwoocommerceaddcartitemdata' functions in all versions up to, and including, 2.9.2. This makes it possible for...

9.8CVSS5.9AI score0.03858EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/27 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-20439

Cisco Smart Licensing Utility contains a static credential vulnerability that allows an unauthenticated, remote attacker to log in to an affected system and gain administrative credentials...

9.8CVSS5.8AI score0.92062EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/26 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-0582

A memory leak flaw was found in the Linux kernel’s iouring functionality in how a user registers a buffer ring with IORINGREGISTERPBUFRING, mmap it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system...

7.8CVSS7.4AI score0.12836EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/26 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-21447

Windows Authentication Elevation of Privilege Vulnerability...

7.8CVSS7.3AI score0.01372EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/24 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-20953

Oracle Agile Product Lifecycle Management PLM contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the system...

8.8CVSS7.3AI score0.03405EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/19 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-24989

Microsoft Power Pages contains an improper access control vulnerability that allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control...

9.8CVSS7.3AI score0.01722EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/18 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-0111

Palo Alto Networks PAN-OS contains an external control of file name or path vulnerability. Successful exploitation enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user...

7.1CVSS5.8AI score0.01927EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/06 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-0994

Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services IIS web server...

8.8CVSS7.8AI score0.31309EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/04 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-0411

7-Zip contains a protection mechanism failure vulnerability that allows remote attackers to bypass the Mark-of-the-Web security feature to execute arbitrary code in the context of the current user...

7CVSS7.5AI score0.67071EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/04 12:0 a.m.5 views

VulnCheck KEV: CVE-2018-19410

Paessler PRTG Network Monitor contains a local file inclusion vulnerability that allows a remote, unauthenticated attacker to create users with read-write privileges including administrator...

9.8CVSS5.8AI score0.8646EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/28 12:0 a.m.5 views

VulnCheck KEV: CVE-2019-3980

The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run...

10CVSS6AI score0.0518EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/28 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-40890

Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute OS commands via a crafted HTTP request...

8.8CVSS5.9AI score0.22421EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/28 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-40891

Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS commands via Telnet...

8.8CVSS5.9AI score0.21996EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/17 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-23209

Craft CMS contains a code injection vulnerability caused by improper validation of the database backup path, ultimately enabling remote code execution...

8.1CVSS7.5AI score0.04714EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/14 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-55591

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module...

9.8CVSS7.3AI score0.98259EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/14 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-21333

Microsoft Windows Hyper-V NT Kernel Integration VSP contains a heap-based buffer overflow vulnerability that allows a local attacker to gain SYSTEM privileges...

7.8CVSS6AI score0.09798EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/14 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-21334

Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges...

7.8CVSS5.8AI score0.0153EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/08 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-0283

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution...

7CVSS6.5AI score0.17108EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/12/24 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-47643

SuiteCRM is a Customer Relationship Management CRM software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and understand the...

5.3CVSS5.8AI score0.03002EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/12/20 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-42912

FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands...

9CVSS5.8AI score0.10865EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/12/19 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-52163

Digiever DS-2105 Pro contains a missing authorization vulnerability which could allow for command injection via timetzsetup.cgi...

8.8CVSS7.3AI score0.96979EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/12/12 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-38653

XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server...

8.2CVSS5.9AI score0.91984EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/12/11 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-55550

Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated,...

9.1CVSS7.3AI score0.98067EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/12/10 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-55956

Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload vulnerability that could allow an unauthenticated user to import and execute arbitrary bash or PowerShell commands on the host system by leveraging the default settings of the...

9.8CVSS7.5AI score0.93804EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/12/10 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-49138

Microsoft Windows Common Log File System CLFS driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges...

7.8CVSS7.5AI score0.25414EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/12/06 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-31248

Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; nftchainlookupbyid failed to check whether a chain was active and CAPNETADMIN is in any user or network namespace...

7.8CVSS6.7AI score0.0205EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/12/05 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-52276

User Interface UI Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. 1. Displayed version does not show the layer flattened version, which is provided when the "Print" option is used. 2. Displayed version does not show the layer flattened version, which...

8.2CVSS5.8AI score0.00353EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/12/05 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-52270

User Interface UI Misrepresentation of Critical Information vulnerability in DropBox SignHelloSign allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed e.g. via Google Chrome - Examine the print preview: Will render the...

8.2CVSS5.8AI score0.00191EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/12/05 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-52271

User Interface UI Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed e.g. via Google Chrome - Examine the print preview: Will render the vulnerability only, not...

8.2CVSS5.8AI score0.00208EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/26 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-41295

ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and execute CRUD commands GET, POST, PUT, DELETE to perform arbitrary operations in the system...

8.8CVSS6AI score0.00415EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/20 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-14756

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Core Components. Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

9.8CVSS7.3AI score0.74753EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/18 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-9474

Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls and VPN concentrators...

7.2CVSS7.3AI score0.94766EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/12 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-43451

Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a file open operation. The attacker could then leverage this hash to impersonate that user...

6.5CVSS7.3AI score0.81817EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/12 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-49039

Microsoft Windows Task Scheduler contains a privilege escalation vulnerability that can allow an attacker-provided, local application to escalate privileges outside of its AppContainer, and access privileged RPC functions...

8.8CVSS7.2AI score0.13719EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/12 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-9465

Palo Alto Networks Expedition contains a SQL injection vulnerability that allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the...

9.2CVSS7.5AI score0.99609EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/07 12:0 a.m.5 views

VulnCheck KEV: CVE-2014-2120

Cisco Adaptive Security Appliance ASA contains a cross-site scripting XSS vulnerability in the WebVPN login page. This vulnerability allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter...

6.1CVSS7.3AI score0.14029EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/01 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-28769

The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17ABYO.1C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service DoS conditions on a vulnerable device...

9.8CVSS7.7AI score0.0542EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/01 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-45440

A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17ABPC.3C0, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vulnerability to access the root file system by creating a...

4.4CVSS5.8AI score0.00249EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/30 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-21894

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution...

9.8CVSS5.8AI score0.18987EPSS
Exploits0References1
Total number of security vulnerabilities4985