Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2025/07/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-47204

An issue was discovered in post.php in bootstrap-multiselect aka Bootstrap Multiselect 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting XSS vulnerability...

6.1CVSS6AI score0.00424EPSS
Exploits0References63
VulnCheck KEV
VulnCheck KEV
added 2025/07/21 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-47188

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 R6.4.0.4006, and the 6970 Conference Unit through 6.4 SP4 R6.4.0.4006 or version V1 R0.1.0, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient paramete...

6.5CVSS6.1AI score0.48492EPSS
Exploits0References50
VulnCheck KEV
VulnCheck KEV
added 2025/07/21 12:0 a.m.6 views

VulnCheck KEV: CVE-2018-13350

SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter...

9.8CVSS6AI score0.16661EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/21 12:0 a.m.11 views

VulnCheck KEV: CVE-2025-4123

A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...

7.6CVSS6AI score0.97809EPSS
Exploits6References91
VulnCheck KEV
VulnCheck KEV
added 2025/07/21 12:0 a.m.8 views

VulnCheck KEV: CVE-2022-28908

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg...

10CVSS5.8AI score0.02492EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/21 12:0 a.m.41 views

VulnCheck KEV: CVE-2022-38840

cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity XXE issue via XML file upload, which leads to local file disclosure...

7.5CVSS5.7AI score0.09803EPSS
Exploits4References82
VulnCheck KEV
VulnCheck KEV
added 2025/07/20 12:0 a.m.7 views

VulnCheck KEV: CVE-2022-1006

The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks...

7.2CVSS5.9AI score0.01461EPSS
Exploits2References104
VulnCheck KEV
VulnCheck KEV
added 2025/07/19 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-54313

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows...

7.5CVSS5.9AI score0.04146EPSS
Exploits2References7
VulnCheck KEV
VulnCheck KEV
added 2025/07/18 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-49706

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network...

9.8CVSS7.1AI score0.99982EPSS
Exploits41References55
VulnCheck KEV
VulnCheck KEV
added 2025/07/18 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-53770

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this...

9.8CVSS7.2AI score0.99982EPSS
Exploits41References187
VulnCheck KEV
VulnCheck KEV
added 2025/07/18 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-0674

Multiple Elber products are affected by an authentication bypass vulnerability which allows unauthorized access to the password management functionality. Attackers can exploit this issue by manipulating the endpoint to overwrite any user's password within the system. This grants them unauthorized...

9.8CVSS5.8AI score0.03523EPSS
Exploits1References156
VulnCheck KEV
VulnCheck KEV
added 2025/07/18 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-54309

CrushFTP 10 before 10.8.5 and 11 before 11.3.423, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025...

9.8CVSS5.8AI score0.92034EPSS
Exploits7References71
VulnCheck KEV
VulnCheck KEV
added 2025/07/18 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-53771

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network...

9.8CVSS7.1AI score0.99982EPSS
Exploits41References59
VulnCheck KEV
VulnCheck KEV
added 2025/07/18 12:0 a.m.28 views

VulnCheck KEV: CVE-2024-10586

The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbtpullimage function and missing file type validation in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to to create arbitrary files...

10CVSS6.1AI score0.02085EPSS
Exploits2References24
VulnCheck KEV
VulnCheck KEV
added 2025/07/18 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-6184

Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting...

7.2CVSS5.8AI score0.4661EPSS
Exploits0References27
VulnCheck KEV
VulnCheck KEV
added 2025/07/18 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-49704

Improper control of generation of code 'code injection' in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

9.8CVSS7.3AI score0.99982EPSS
Exploits41References223
VulnCheck KEV
VulnCheck KEV
added 2025/07/17 12:0 a.m.7 views

VulnCheck KEV: CVE-2024-50334

Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorised access to sensitive configuration data. Furthermore, PUT...

8.7CVSS5.7AI score0.01008EPSS
Exploits0References58
VulnCheck KEV
VulnCheck KEV
added 2025/07/17 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-5287

The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

7.5CVSS5.9AI score0.02101EPSS
Exploits4References76
VulnCheck KEV
VulnCheck KEV
added 2025/07/16 12:0 a.m.8 views

VulnCheck KEV: CVE-2025-7673

A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50ABOM.5C0 could allow an unauthenticated attacker to cause denial-of-service DoS conditions and potentially execute arbitrary code by sending a specially crafted HTTP...

9.8CVSS6.4AI score0.00545EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/16 12:0 a.m.13 views

VulnCheck KEV: CVE-2025-30567

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WP01 WP01 wp01 allows Path Traversal.This issue affects WP01: from n/a through = 2.6.2...

7.5CVSS5.8AI score0.02628EPSS
Exploits0References62
VulnCheck KEV
VulnCheck KEV
added 2025/07/16 12:0 a.m.7 views

VulnCheck KEV: CVE-2023-20085

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. This vulnerability is due to...

6.1CVSS6.1AI score0.00737EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/16 12:0 a.m.9 views

VulnCheck KEV: CVE-2025-50031

Missing Authorization vulnerability in syedamirhussain91 DB Backup db-backup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DB Backup: from n/a through = 6.0...

6.5CVSS5.8AI score0.00294EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/15 12:0 a.m.8 views

VulnCheck KEV: CVE-2025-6558

Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.09185EPSS
Exploits0References10
VulnCheck KEV
VulnCheck KEV
added 2025/07/14 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-34068

An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the “Tech Support” diagnostic functionality. The command1 and command2 POST or GET parameters accept arbitrary shell commands that are...

9.3CVSS6.2AI score0.00895EPSS
Exploits0References64
VulnCheck KEV
VulnCheck KEV
added 2025/07/14 12:0 a.m.21 views

VulnCheck KEV: CVE-2011-4085

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...

6.8CVSS6.5AI score0.79415EPSS
Exploits31References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/13 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-20281

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to...

10CVSS6.2AI score0.96732EPSS
Exploits10References136
VulnCheck KEV
VulnCheck KEV
added 2025/07/13 12:0 a.m.8 views

VulnCheck KEV: CVE-2022-28906

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg...

10CVSS5.8AI score0.02492EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2025/07/13 12:0 a.m.14 views

VulnCheck KEV: CVE-2022-28907

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost...

10CVSS5.8AI score0.02492EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2025/07/13 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-4581

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows a pre-authentication blind SSRF vulnerability in the...

8.6CVSS5.9AI score0.00344EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2025/07/13 12:0 a.m.16 views

VulnCheck KEV: CVE-2020-27387

An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker with access to the FileManager to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload which will receiv...

8.8CVSS6.1AI score0.18461EPSS
Exploits4References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/13 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-38627

Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a SQL injection vulnerability via the idt parameter...

9.8CVSS5.9AI score0.0427EPSS
Exploits2References92
VulnCheck KEV
VulnCheck KEV
added 2025/07/13 12:0 a.m.100 views

VulnCheck KEV: CVE-2024-9001

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be initiated remotely. The...

8.8CVSS5.5AI score0.04035EPSS
Exploits1References6
VulnCheck KEV
VulnCheck KEV
added 2025/07/13 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-28036

TOTOLINK A950RG V4.1.2cu.5161B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

9.8CVSS6AI score0.01052EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2025/07/13 12:0 a.m.14 views

VulnCheck KEV: CVE-2024-0297

A vulnerability was found in Totolink N200RE 9.3.5u.6139B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be initiated remotely. The...

9.8CVSS5.5AI score0.03834EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2025/07/13 12:0 a.m.14 views

VulnCheck KEV: CVE-2024-0292

A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to launch the attack remotely. The explo...

9.8CVSS5.5AI score0.04909EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2025/07/11 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-25257

An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability CWE-89 vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an unauthenticated attacker to execu...

9.8CVSS6.1AI score0.9671EPSS
Exploits35References370
VulnCheck KEV
VulnCheck KEV
added 2025/07/11 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-7451

The iSherlock developed by Hgiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. This vulnerability has already been exploited. Please update immediately...

9.8CVSS6.1AI score0.0141EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/11 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-34160

AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/startservice accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is...

10CVSS6.5AI score0.00759EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2025/07/10 12:0 a.m.10 views

VulnCheck KEV: CVE-2025-6851

The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajaxblinks function which ultimately calls the checkurlstatuscode function. This makes it possible for unauthenticated attackers to make web requests to...

7.2CVSS5.8AI score0.00623EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/10 12:0 a.m.11 views

VulnCheck KEV: CVE-2025-47812

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service root or SYSTEM by default. This is thu...

10CVSS8AI score0.95343EPSS
Exploits23References353
VulnCheck KEV
VulnCheck KEV
added 2025/07/09 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-51977

An unauthenticated attacker who can access either the HTTP service TCP port 80, the HTTPS service TCP port 443, or the IPP service TCP port 631, can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mntinfo.csv can be accessed via a GET request and no...

5.3CVSS5.8AI score0.7656EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2025/07/07 12:0 a.m.8 views

VulnCheck KEV: CVE-2019-5418

There is a File Content Disclosure vulnerability in Action View 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed...

7.5CVSS7.3AI score0.98507EPSS
Exploits18References5
VulnCheck KEV
VulnCheck KEV
added 2025/07/07 12:0 a.m.7 views

VulnCheck KEV: CVE-2014-3931

fastping.c in MRLG aka Multi-Router Looking Glass before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption...

9.8CVSS5.9AI score0.26572EPSS
Exploits1References5
VulnCheck KEV
VulnCheck KEV
added 2025/07/03 12:0 a.m.46 views

VulnCheck KEV: CVE-2025-29891

Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel: from 4.10.0 before 4.10.2, from 4.8.0 before 4.8.5, from 3.10.0 before 3.22.4. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases. This vulnerability is...

10CVSS7.2AI score0.99945EPSS
Exploits50References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/02 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-34067

An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an...

10CVSS8AI score0.18666EPSS
Exploits0References59
VulnCheck KEV
VulnCheck KEV
added 2025/07/02 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-34057

An information disclosure vulnerability exists in Ruijie NBR series routers known to affect NBR2000G, NBR1300G, and NBR1000 models via the /WEBVMS/LEVEL15/ endpoint. By crafting a specific POST request with modified Cookie headers and specially formatted parameters, an unauthenticated attacker ca...

8.7CVSS5.8AI score0.06444EPSS
Exploits0References57
VulnCheck KEV
VulnCheck KEV
added 2025/07/02 12:0 a.m.12 views

VulnCheck KEV: CVE-2014-1677

Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information...

7.5CVSS5.8AI score0.18171EPSS
Exploits11References8
VulnCheck KEV
VulnCheck KEV
added 2025/07/02 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-53944

An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUIv1.0.1802.10.08P4 and LT21B devices through M7628xUSAxUIv2v1.0.1481.15.02P0. A unauthenticated remote attacker with network access can exploit a command injection vulnerability. The /goform/formJsonAjaxReq...

9.8CVSS6.1AI score0.39247EPSS
Exploits0References137
VulnCheck KEV
VulnCheck KEV
added 2025/07/02 12:0 a.m.9 views

VulnCheck KEV: CVE-2025-29063

An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/sethidessidcfg is not handled properly...

9.8CVSS6.2AI score0.01003EPSS
Exploits1References156
VulnCheck KEV
VulnCheck KEV
added 2025/07/01 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-34059

An SQL injection vulnerability exists in the Dahua Smart Cloud Gateway Registration Management Platform via the username parameter in the /index.php/User/doLogin endpoint. The application fails to properly sanitize user input, allowing unauthenticated attackers to inject arbitrary SQL statements...

8.7CVSS5.9AI score0.00425EPSS
Exploits0References61
Total number of security vulnerabilities4985