Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-1221

The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting...

6.1CVSS5.8AI score0.02002EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-47105

exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication...

8.6CVSS6AI score0.01669EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-16996

In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/productadmin.class.php via the admin/?n=product&c=productadmin&a=dopara&apptype=shop id parameter...

7.2CVSS5.9AI score0.12443EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-17538

Jiangnan Online Judge aka jnoj 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring...

7.5CVSS5.8AI score0.11648EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2016-2389

Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence xMII component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. dot dot in the Path parameter to /Catalog, aka SAP Security Note 2230978...

7.8CVSS5.9AI score0.4145EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-43360

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61...

9.8CVSS5.9AI score0.06222EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.2 views

VulnCheck KEV: CVE-2008-2398

Cross-site scripting XSS vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter...

4.3CVSS5.9AI score0.06232EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.5 views

VulnCheck KEV: CVE-2019-10232

Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlocktasks.php...

9.8CVSS5.9AI score0.23211EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-46507

Yeti is vulnerable to an authentication bypass using a hardcoded JWT secret with a known username that exploits a server side template injection vulnerability...

5.8AI score0.03919EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-46938

An issue was discovered in Sitecore Experience Platform XP, Experience Manager XM, and Experience Commerce XC 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files...

7.5CVSS5.9AI score0.46077EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.5 views

VulnCheck KEV: CVE-2012-3153

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU...

6.4CVSS7.3AI score0.9822EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-6655

A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /wselfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the...

9.8CVSS5.5AI score0.03766EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-27292

Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the...

7.5CVSS7.2AI score0.69486EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-2096

Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the buildnow endpoint, resulting in a reflected XSS vulnerability...

6.1CVSS5.8AI score0.89434EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.7 views

VulnCheck KEV: CVE-2014-2383

dompdf.php in dompdf before 0.6.1, when DOMPDFENABLEPHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the inputfile parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in...

6.8CVSS5.9AI score0.39374EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-0027

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none...

5.8AI score
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-20300

SQL injection vulnerability in the wpwhere function in WeiPHP 5.0...

9.8CVSS5.9AI score0.08752EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-5082

A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2. This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1...

7.1CVSS5.8AI score0.01956EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.6 views

VulnCheck KEV: CVE-2002-1131

Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via 1 addressbook.php, 2 options.php, 3 search.php, or 4 help.php...

7.5CVSS5.9AI score0.25754EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-40856

Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring...

7.5CVSS5.8AI score0.5106EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-8318

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST...

9CVSS6.2AI score0.06408EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-52763

A cross-site scripting XSS vulnerability in the component /graphallperiods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter...

5.4CVSS5.9AI score0.00628EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-2748

The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178...

6.1CVSS5.8AI score0.59066EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-39290

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the...

8CVSS5.8AI score0.05444EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-34026

Versa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs...

9.2CVSS5.8AI score0.83479EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-28367

mojoPortal =2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this vulnerability to access the Web.Config file and obtain the MachineKey...

6.5CVSS7.3AI score0.02128EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-24827

The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue...

9.8CVSS5.9AI score0.13285EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-46604

An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution...

8.8CVSS6AI score0.08627EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2013-3827

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0...

5CVSS5.8AI score0.32441EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-16836

Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI...

9.8CVSS6AI score0.61437EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-46732

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to reflected cross-site scripting RXSS via the rev parameter that is used in the content of the content menu without escaping. If an attacker can convince a user to...

9.6CVSS5.7AI score0.02191EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-33629

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm...

7.2CVSS5.8AI score0.04353EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-0434

The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the postids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks...

9.8CVSS5.9AI score0.14783EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-29306

An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component...

9.8CVSS6.2AI score0.43655EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-48084

Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool...

9.8CVSS5.9AI score0.3374EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-20440

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected...

7.5CVSS5.9AI score0.51466EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2007-0885

Cross-site scripting XSS vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen Rainbow.Zen extension allows remote attackers to inject arbitrary web script or HTML via the id parameter...

6.8CVSS5.9AI score0.05472EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-2392

Under certain conditions SAP Internet Graphics Server IGS 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server IGS to become unavailable...

7.5CVSS5.8AI score0.40591EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-37299

An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php...

6.5CVSS5.9AI score0.02829EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-47501

Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07...

7.5CVSS5.8AI score0.1018EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-29972

UNSUPPORTED WHEN ASSIGNED The command injection vulnerability in the CGI program "remotehelp-cgi" in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS...

9.8CVSS5.9AI score0.89218EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-48728

A cross-site scripting xss vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

9.6CVSS5.8AI score0.02268EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/06 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-47916

Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller file: /applications/core/modules/front/system/themeeditor.php, where a protected method named customCss can be invoked by...

10CVSS6.4AI score0.84803EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/06 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-24442

The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the dateanswers POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks...

9.8CVSS6AI score0.46921EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/05 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-0285

Various Paragon Software products contain an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to perform privilege escalation exploits...

7.8CVSS5.9AI score0.0031EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/05 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-0286

Various Paragon Software products contain an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to execute arbitrary code on the victim machine...

8.4CVSS6.2AI score0.00359EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/05 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-28365

Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostnames, system architecture, and...

5.3CVSS5.8AI score0.08359EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/05 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-31728

Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 allows a non-privileged process to open a handle to .\ZemanaAntiMalware, register itself with the driver by sending IOCTL 0x80002010, allocate executable memory using a flaw in IOCTL 0x80002040, install a...

7.8CVSS5.8AI score0.03239EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/05 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-0287

Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation...

5.1CVSS6.1AI score0.00344EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/05 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-28363

Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability XSS in the /goform/loginprocess username parameter via GET. No authentication is required...

6.1CVSS5.7AI score0.04267EPSS
Exploits3References1
Total number of security vulnerabilities4985