Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2025/06/20 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-25037

An information disclosure vulnerability exists in Aquatronica Controller System firmware versions = 5.1.6 and web interface versions = 2.0. The tcp.php endpoint fails to restrict unauthenticated access, allowing remote attackers to issue crafted POST requests and retrieve sensitive...

9.3CVSS5.8AI score0.01443EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-25038

An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attacker can exploit this vulnerability to...

9.8CVSS5.8AI score0.05324EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/20 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-34023

A path traversal vulnerability exists in the Karel IP1211 IP Phone's web management panel. The /cgi-bin/cgiServer.exx endpoint fails to properly sanitize user input to the page parameter, allowing remote authenticated attackers to access arbitrary files on the underlying system by using crafted...

8.5CVSS6AI score0.01409EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/20 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-34024

An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can inject shell commands using shell...

9.4CVSS5.8AI score0.03859EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/20 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-25034

A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the restdata parameter before passing it to the...

9.3CVSS5.8AI score0.02971EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-34022

A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/getfile.php script in the “Download Archive in Storage” page...

9.3CVSS5.8AI score0.00715EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/20 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-34021

A server-side request forgery SSRF vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate user-supplied input in JSON...

7.8CVSS5.8AI score0.00526EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-34029

An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell...

9.4CVSS6AI score0.0347EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/19 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-49132

Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code...

10CVSS6.2AI score0.13105EPSS
Exploits28References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/18 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-42045

Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28...

6.7CVSS5.8AI score0.00555EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/18 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-1486

A vulnerability classified as problematic was found in Lespeed WiseCleaner Wise Force Deleter 1.5.3.54. This vulnerability affects the function 0x220004 in the library WiseUnlock64.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is...

7.1CVSS5.1AI score0.00511EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/18 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-1562

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the installoractivateaddonplugins function and a weak nonce hash...

9.8CVSS5.9AI score0.02904EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/17 12:0 a.m.8 views

VulnCheck KEV: CVE-2023-0386

Linux Kernel contains an improper ownership management vulnerability, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping...

7.8CVSS7.2AI score0.0788EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/17 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-3515

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.3.8.9. This makes it possible for unauthenticated attackers to bypass the plugin's blacklist...

9.8CVSS5.9AI score0.0509EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/17 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-46229

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function usbpaswd.asp. This vulnerability allows attackers to execute arbitrary commands via the name parameter...

9.8CVSS6.1AI score0.03909EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/16 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-47176

'.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally...

7.8CVSS5.9AI score0.00648EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/16 12:0 a.m.4 views

VulnCheck KEV: CVE-2009-1558

Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. encoded dot dot or an absolute pathname in the nextfile parameter...

7.8CVSS6AI score0.28806EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/16 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-33538

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...

8.8CVSS5.8AI score0.41874EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/11 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-12998

A reflected Cross-site scripting XSS vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to...

6.1CVSS5.8AI score0.98463EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/11 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-43200

Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link...

4.2CVSS5.8AI score0.01009EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/10 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-21407

Windows Hyper-V Remote Code Execution Vulnerability...

8.1CVSS5.9AI score0.16384EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/10 12:0 a.m.7 views

VulnCheck KEV: CVE-2019-12263

Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component issue 4 of 4. There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition...

8.1CVSS5.8AI score0.03189EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/10 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-33053

Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribute of Internet Shortcut files...

8.8CVSS7.3AI score0.81558EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/10 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-0600

The WP Visitor Statistics Real Time Traffic WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks...

9.8CVSS6AI score0.04234EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/10 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-20188

A vulnerability in the Out-of-Band Access Point AP Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, remote attacker to upload arbitrary files to an affected...

10CVSS5.9AI score0.17894EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/10 12:0 a.m.9 views

VulnCheck KEV: CVE-2019-12255

Wind River VxWorks has a Buffer Overflow in the TCP component issue 1 of 4. This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow...

9.8CVSS5.8AI score0.7525EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/09 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-29085

SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount?zkClusterKey component...

9.8CVSS6.3AI score0.28338EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/09 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-1391

The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues...

9.8CVSS5.8AI score0.13592EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/09 12:0 a.m.5 views

VulnCheck KEV: CVE-2018-16670

An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html...

5.3CVSS5.8AI score0.24753EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/09 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-32433

Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution RCE. By exploiting a flaw in how SSH protocol...

10CVSS7.9AI score0.97673EPSS
Exploits36References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-50498

Improper Control of Generation of Code 'Code Injection' vulnerability in Ajit Bohra WP Query Console wp-query-console allows Code Injection.This issue affects WP Query Console: from n/a through = 1.0...

9.8CVSS5.8AI score0.5364EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-52301

Laravel is a web application framework. When the registerargcargv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7,...

8.7CVSS5.8AI score0.37981EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-32870

Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info name, version and parameters can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. There are...

5.8CVSS5.7AI score0.00731EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-41599

An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal...

5.3CVSS5.9AI score0.11215EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-16139

A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better...

7.8CVSS5.8AI score0.7977EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.8 views

VulnCheck KEV: CVE-2021-27692

Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.179502CN or v15.11.0.169024CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the "formSetUSBPartitionUmount" function executes the...

10CVSS6.2AI score0.03282EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-30150

PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php...

9.8CVSS5.9AI score0.03849EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-26793

The Web GUI configuration panel of Hirsch formerly Identiv and Viscount Enterphone MESH through 2024 ships with default credentials username freedom, password viscount. The administrator is not prompted to change these credentials on initial configuration, and changing the credentials...

10CVSS5.8AI score0.02303EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-31984

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/takeaction.php?id=...

7.2CVSS5.9AI score0.04863EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-46982

Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router this does not affect the app router. When this crafted request is sent it could coerce...

7.5CVSS5.8AI score0.58768EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-29390

Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character...

10CVSS5.9AI score0.36672EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-21136

Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications component: Security. Supported versions that are affected are 19.0.5, 20.0.3, 20.0.4, 22.0.0 and 23.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

8.6CVSS7.3AI score0.01783EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-25488

Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php...

9.8CVSS5.9AI score0.07148EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2016-10924

The ebook-download plugin before 1.2 for WordPress has directory traversal...

7.5CVSS7.3AI score0.11662EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.7 views

VulnCheck KEV: CVE-2020-22208

SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajaxstreet.php...

9.8CVSS5.9AI score0.09743EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-3804

A vulnerability, which was classified as critical, has been found in Vesystem Cloud Desktop up to 20240408. This issue affects some unknown processing of the file /Public/webuploader/0.1.5/server/fileupload2.php. The manipulation of the argument file leads to unrestricted upload. The attack may...

6.5CVSS5.4AI score0.00471EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-24498

The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page via php/edit.php, leading to a reflected Cross-Site Scripting issue...

6.1CVSS5.8AI score0.03065EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-6567

The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

9.8CVSS5.9AI score0.51394EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-0868

A vulnerability, that could result in Remote Code Execution RCE, has been found in DocsGPT. Due to improper parsing of JSON data using eval an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.. This issue affects DocsGPT: from 0.8.1 through 0.12.0...

9.3CVSS7.4AI score0.15099EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-23063

Cellinx NVT v1.0.6.002b was discovered to contain a local file disclosure vulnerability via the component /cgi-bin/GetFileContent.cgi...

7.5CVSS5.8AI score0.02431EPSS
Exploits1References1
Total number of security vulnerabilities4985