Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2025/09/23 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-45985

Blink routers BL-WR9000 V2.4.9 , BL-AC2100AZ3 V1.0.4, BL-X10AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200AT1 v1.0.0, BL-X26AC8 v1.2.8, BLAC450MAE4 v4.0.0 and BL-X26DA3 v1.2.7 were discovered to contain a command injection vulnerability via the bsSetSSIDHide function...

9.8CVSS5.8AI score0.07116EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2025/09/23 12:0 a.m.10 views

VulnCheck KEV: CVE-2025-7414

A vulnerability classified as critical was found in Tenda O3V2 1.0.0.123880. This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument domain leads to os command injection. The attack can be initiated remotely...

8.8CVSS5.6AI score0.1273EPSS
Exploits1References54
VulnCheck KEV
VulnCheck KEV
added 2025/09/23 12:0 a.m.17 views

VulnCheck KEV: CVE-2025-53324

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodeYatri Gutenify gutenify allows Stored XSS.This issue affects Gutenify: from n/a through = 1.5.7...

5.4CVSS5.8AI score0.0021EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/09/22 12:0 a.m.15 views

VulnCheck KEV: CVE-2025-51591

A Server-Side Request Forgery SSRF in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilitie...

9.8CVSS5.8AI score0.11276EPSS
Exploits5References3
VulnCheck KEV
VulnCheck KEV
added 2025/09/22 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-59689

Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. For ESG 5.1 a fix has been released in 5.1.20. For ESG 5.2 a fix has been released in 5.2.31. For ESG 5.4 a fix has been released in 5.4.8. For...

6.1CVSS5.8AI score0.01929EPSS
Exploits0References6
VulnCheck KEV
VulnCheck KEV
added 2025/09/17 12:0 a.m.23 views

VulnCheck KEV: CVE-2024-51324

An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD Bring Your Own Vulnerable Driver attack...

3.8CVSS5.9AI score0.0047EPSS
Exploits1References5
VulnCheck KEV
VulnCheck KEV
added 2025/09/17 12:0 a.m.9 views

VulnCheck KEV: CVE-2025-10585

Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

9.8CVSS5.8AI score0.05419EPSS
Exploits1References10
VulnCheck KEV
VulnCheck KEV
added 2025/09/16 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-37153

An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php...

6.1CVSS5.8AI score0.01393EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/09/15 12:0 a.m.13 views

VulnCheck KEV: CVE-2025-45988

Blink routers BL-WR9000 V2.4.9 , BL-AC2100AZ3 V1.0.4, BL-X10AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200AT1 v1.0.0, BL-X26AC8 v1.2.8, BLAC450MAE4 v4.0.0 and BL-X26DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the cmd parameter in the bsSetCmd function...

9.8CVSS5.8AI score0.10161EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2025/09/15 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-34152

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike othe...

9.4CVSS5.9AI score0.61676EPSS
Exploits5References184
VulnCheck KEV
VulnCheck KEV
added 2025/09/15 12:0 a.m.9 views

VulnCheck KEV: CVE-2023-50381

Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This comman...

7.2CVSS5.9AI score0.03195EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/09/14 12:0 a.m.23 views

VulnCheck KEV: CVE-2018-17254

The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter...

9.8CVSS7.4AI score0.82976EPSS
Exploits5References2
VulnCheck KEV
VulnCheck KEV
added 2025/09/14 12:0 a.m.17 views

VulnCheck KEV: CVE-2023-24733

PMB v7.4.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the query parameter at /admin/convert/exportz3950new.php...

6.1CVSS5.7AI score0.01169EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/09/12 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-21043

Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code...

9.8CVSS6.1AI score0.01435EPSS
Exploits3References7
VulnCheck KEV
VulnCheck KEV
added 2025/09/11 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-11740

The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

7.3CVSS6.2AI score0.01888EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/09/11 12:0 a.m.6 views

VulnCheck KEV: CVE-2016-10367

In Opsview Monitor Pro Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding...

7.5CVSS5.8AI score0.16109EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/09/11 12:0 a.m.17 views

VulnCheck KEV: CVE-2021-37538

Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the idcategory parameter to the...

9.8CVSS6.2AI score0.74489EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
added 2025/09/11 12:0 a.m.8 views

VulnCheck KEV: CVE-2022-0169

The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwgtagidbwgthumbnails0 parameter before using it in a SQL statement via the bwgfrontenddata AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL injection...

9.8CVSS5.9AI score0.74615EPSS
Exploits4References2
VulnCheck KEV
VulnCheck KEV
added 2025/09/09 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-25231

Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests read-only to restricted API endpoints...

7.5CVSS5.7AI score0.19076EPSS
Exploits1References18
VulnCheck KEV
VulnCheck KEV
added 2025/09/06 12:0 a.m.16 views

VulnCheck KEV: CVE-2025-54125

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 1.1 through 16.4.6, 16.5.0-rc-1 through 16.10.4 and 17.0.0-rc-1 through 17.1.0, the XML export of a page in XWiki that can b...

8.7CVSS5.8AI score0.01285EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/09/04 12:0 a.m.8 views

VulnCheck KEV: CVE-2025-46554

XWiki is a generic wiki platform. In versions starting from 1.8.1 to before 14.10.22, from 15.0-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.7.0, anyone can access the metadata of any attachment in the wiki using the wiki attachment REST endpoint...

5.3CVSS5.7AI score0.00986EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/09/04 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-32969

XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend,...

9.8CVSS6.3AI score0.79487EPSS
Exploits1References180
VulnCheck KEV
VulnCheck KEV
added 2025/09/04 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-32970

XWiki is a generic wiki platform. In versions starting from 13.5-rc-1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0, an open redirect vulnerability in the HTML conversion request filter allows attackers to construct URLs on an XWiki instance that...

6.1CVSS5.7AI score0.00539EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/09/04 12:0 a.m.15 views

VulnCheck KEV: CVE-2025-29925

XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, protected pages are listed when requesting the REST endpoints /rest/wikis/wikiName/pages even if the user doesn't have view rights on them. It's particularly true if the entire wiki is protected with "Prevent...

8.7CVSS5.8AI score0.00906EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/09/04 12:0 a.m.13 views

VulnCheck KEV: CVE-2025-42957

SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating...

9.9CVSS6AI score0.01547EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2025/09/04 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-52970

A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges o...

8.1CVSS5.8AI score0.1067EPSS
Exploits4References3
VulnCheck KEV
VulnCheck KEV
added 2025/09/04 12:0 a.m.10 views

VulnCheck KEV: CVE-2025-8311

dotCMS versions 24.03.22 and after, identified a Boolean-based blind SQLi vulnerability in the /api/v1/contenttype endpoint. This endpoint uses the sites query parameter, which accepts a comma-separated list of site identifiers or keys. The vulnerability was triggered via the sites parameter, whi...

9.4CVSS5.8AI score0.01558EPSS
Exploits4References2
VulnCheck KEV
VulnCheck KEV
added 2025/09/03 12:0 a.m.25 views

VulnCheck KEV: CVE-2023-32629

Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovlcopyupmetainodedata skip permission checks when calling ovldosetxattr on Ubuntu kernels...

7.8CVSS6.1AI score0.08894EPSS
Exploits12References2
VulnCheck KEV
VulnCheck KEV
added 2025/09/03 12:0 a.m.11 views

VulnCheck KEV: CVE-2023-50445

Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the getsystemlog and...

7.8CVSS6.2AI score0.09123EPSS
Exploits4References2
VulnCheck KEV
VulnCheck KEV
added 2025/09/03 12:0 a.m.17 views

VulnCheck KEV: CVE-2023-2163

Incorrect verifier pruning in BPF in Linux Kernel =5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape...

10CVSS6.6AI score0.03546EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/09/03 12:0 a.m.9 views

VulnCheck KEV: CVE-2025-53690

Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager XM, Sitecore Experience Platform XP allows Code Injection.This issue affects Experience Manager XM: through 9.0; Experience Platform XP: through 9.0...

9CVSS5.8AI score0.26308EPSS
Exploits3References12
VulnCheck KEV
VulnCheck KEV
added 2025/09/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-47170

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...

7.8CVSS5.9AI score0.00555EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/09/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-47165

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

7.8CVSS5.9AI score0.01768EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
added 2025/09/03 12:0 a.m.9 views

VulnCheck KEV: CVE-2022-20705

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned softwa...

10CVSS6.1AI score0.80031EPSS
Exploits3References2
VulnCheck KEV
VulnCheck KEV
added 2025/09/03 12:0 a.m.10 views

VulnCheck KEV: CVE-2023-50919

An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR30...

9.8CVSS5.8AI score0.47804EPSS
Exploits4References2
VulnCheck KEV
VulnCheck KEV
added 2025/09/03 12:0 a.m.22 views

VulnCheck KEV: CVE-2022-22956

VMware Workspace ONE Access has two authentication bypass vulnerabilities CVE-2022-22955 & CVE-2022-22956 in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework...

9.8CVSS5.8AI score0.50694EPSS
Exploits5References63
VulnCheck KEV
VulnCheck KEV
added 2025/09/03 12:0 a.m.29 views

VulnCheck KEV: CVE-2022-22957

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities CVE-2022-22957 & CVE-2022-22958. A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote...

7.2CVSS6.4AI score0.23084EPSS
Exploits5References2
VulnCheck KEV
VulnCheck KEV
added 2025/09/02 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-24363

TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker on the same network to submit a TDDPRESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password...

8.8CVSS5.8AI score0.20689EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2025/09/01 12:0 a.m.14 views

VulnCheck KEV: CVE-2017-16237

In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file VIAGLT64.SYS contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C...

7.8CVSS5.8AI score0.01467EPSS
Exploits4References2
VulnCheck KEV
VulnCheck KEV
added 2025/09/01 12:0 a.m.26 views

VulnCheck KEV: CVE-2025-38352

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel If an exiting non-autoreaping task has already passed exitnotify and calls handleposixcputimers from IRQ, it can be reaped by its parent or debugger rig...

7.4CVSS5.7AI score0.01345EPSS
Exploits8References7
VulnCheck KEV
VulnCheck KEV
added 2025/09/01 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-48543

In multiple locations, there is a possible way to escape chrome sandbox to attack android systemserver due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS5.9AI score0.00545EPSS
Exploits1References6
VulnCheck KEV
VulnCheck KEV
added 2025/08/29 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-9377

The authenticated remote command execution RCE vulnerability exists in the Parental Control page on TP-Link Archer C7EU V2 and TL-WR841N/NDMS V9. This issue affects Archer C7EU V2: before 241108 and TL-WR841N/NDMS V9: before 241108. Both products have reached the status of EOL end-of-life. It's...

8.6CVSS6AI score0.1745EPSS
Exploits0References7
VulnCheck KEV
VulnCheck KEV
added 2025/08/29 12:0 a.m.13 views

VulnCheck KEV: CVE-2023-50224

TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability...

8.6CVSS5.7AI score0.1745EPSS
Exploits0References9
VulnCheck KEV
VulnCheck KEV
added 2025/08/28 12:0 a.m.8 views

VulnCheck KEV: CVE-2025-57819

FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issu...

10CVSS6.1AI score0.93286EPSS
Exploits20References258
VulnCheck KEV
VulnCheck KEV
added 2025/08/27 12:0 a.m.7 views

VulnCheck KEV: CVE-2024-33434

An issue in tiagorlampert CHAOS v5.0.1 before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the filename argument into the buildStr string without any sanitization or filteri...

9.8CVSS6.2AI score0.01365EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/08/26 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-7775

Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA virtual server OR NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS...

9.8CVSS6AI score0.18973EPSS
Exploits2References17
VulnCheck KEV
VulnCheck KEV
added 2025/08/25 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-48384

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with ...

8CVSS5.8AI score0.02775EPSS
Exploits9References8
VulnCheck KEV
VulnCheck KEV
added 2025/08/24 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-21620

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's...

8.8CVSS6AI score0.00908EPSS
Exploits0References42
VulnCheck KEV
VulnCheck KEV
added 2025/08/23 12:0 a.m.7 views

VulnCheck KEV: CVE-2024-0235

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog...

5.3CVSS5.8AI score0.37957EPSS
Exploits3References50
VulnCheck KEV
VulnCheck KEV
added 2025/08/23 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-28150

Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf with the administrator password and other sensitive data via /backup2.cgi...

5.5CVSS5.8AI score0.02584EPSS
Exploits1References76
Total number of security vulnerabilities4985