Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2025/06/05 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-0288

Various Paragon Software products contain an arbitrary kernel memory vulnerability within biontdrv.sys, facilitated by the memmove function, which does not validate or sanitize user controlled input, allowing an attacker the ability to write arbitrary kernel memory and perform privilege escalatio...

7.8CVSS5.9AI score0.0046EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/05 12:0 a.m.8 views

VulnCheck KEV: CVE-2022-40843

The Tenda AC1200 V-W15Ev2 V15.11.0.101576 router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password...

4.9CVSS5.7AI score0.28802EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/05 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-45422

Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activateprocess "count" parameter via GET. No authentication is required...

6.1CVSS5.7AI score0.03313EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/05 12:0 a.m.7 views

VulnCheck KEV: CVE-2024-42009

RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in messagebody in program/actions/mail/show.php...

9.3CVSS5.7AI score0.82853EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/04 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-49113

RoundCube Webmail contains a deserialization of untrusted data vulnerability that allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php...

9.9CVSS7.7AI score0.89462EPSS
Exploits29References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/04 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-31839

Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component...

4.8CVSS7.1AI score0.08104EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/04 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-3054

The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadfiles function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

8.8CVSS5.9AI score0.00797EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-31161

Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocessexecute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch...

10CVSS5.8AI score0.20446EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-4490

The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

9.8CVSS5.9AI score0.03096EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/03 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-39475

Path Traversal: '.../...//' vulnerability in Frenify Arlo arlo allows PHP Local File Inclusion.This issue affects Arlo: from n/a through = 6.0.3...

8.1CVSS5.8AI score0.00443EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-39312

The True Ranker plugin = 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the /admin/vendor/datatables/examples/resources/examples.php file...

7.5CVSS5.8AI score0.78431EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/02 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-21480

Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands...

8.6CVSS6AI score0.00361EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/02 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-5419

Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...

8.8CVSS5.8AI score0.06463EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/02 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-21479

Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands...

8.6CVSS6AI score0.00665EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/02 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-35939

Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, such as PHP code, to a known local file location on the server. This vulnerability could be chained with...

6.9CVSS5.9AI score0.01119EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/02 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-27038

Multiple Qualcomm chipsets contain a use-after-free vulnerability. This vulnerability allows for memory corruption while rendering graphics using Adreno GPU drivers in Chrome...

7.5CVSS5.8AI score0.00802EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/30 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-3935

ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised...

8.1CVSS7.9AI score0.03292EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/30 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-47601

Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks maxi-blocks allows Privilege Escalation.This issue affects MaxiBlocks: from n/a through = 2.1.0...

8.8CVSS5.8AI score0.00277EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/30 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-31125

Vite Vitejs contains an improper access control vulnerability that exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected...

7.5CVSS7.1AI score0.58765EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/28 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-48925

The TeleMessage service through 2025-05-05 relies on the client side e.g., the TM SGNL app to do MD5 hashing, and then accepts the hash as the authentication credential...

7.5CVSS5.8AI score0.00233EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/28 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-48926

The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers...

7.5CVSS5.8AI score0.00216EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/28 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-39780

ASUS RT-AX55 devices contain an OS command injection vulnerability that could allow a remote, authenticated attacker to execute arbitrary commands. As represented by CVE-2023-41346...

8.8CVSS6AI score0.32943EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/28 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-48929

The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential e.g., not a token with a short expiration time that can be reused at a later date if discovered by an adversary...

9.8CVSS5.8AI score0.00282EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/28 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-48927

TeleMessage TM SGNL contains an initialization of a resource with an insecure default vulnerability. This vulnerability relies on how the Spring Boot Actuator is configured with an exposed heap dump endpoint at a /heapdump URI...

5.3CVSS5.8AI score0.08489EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/28 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-48930

The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues...

5.3CVSS5.7AI score0.00115EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/28 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-48928

TeleMessage TM SGNL contains an exposure of core dump file to an unauthorized control sphere Vulnerability. This vulnerability is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dum...

4CVSS5.8AI score0.00366EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/27 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-9047

The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfufiledownloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful...

9.8CVSS7.2AI score0.92319EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/27 12:0 a.m.2 views

VulnCheck KEV: CVE-2018-20526

Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php...

9.8CVSS5.8AI score0.73056EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/27 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-7314

anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. Exploitation evidence was observed by the Shadowserver Foundation on...

9.8CVSS6AI score0.51468EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/27 12:0 a.m.3 views

VulnCheck KEV: CVE-2015-4455

Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in...

9.8CVSS6.2AI score0.40595EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/27 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-56145

Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution if their php.ini configuration has registerargcargv enabled...

9.8CVSS7.8AI score0.97446EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/27 12:0 a.m.3 views

VulnCheck KEV: CVE-2015-5531

Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls...

5CVSS7.5AI score0.9175EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/26 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-48827

vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025...

10CVSS7.3AI score0.68915EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/26 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-48828

Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "vardump""test" syntax, attackers can bypass security checks and...

9CVSS7.5AI score0.47397EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-47558

Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a through 8.6.13...

7.5CVSS5.8AI score0.00365EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/22 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-3187

A vulnerability in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a...

9.1CVSS7.3AI score0.96595EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2000-0984

The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service crash and reload via a URL containing a "?/" string...

5CVSS5.8AI score0.04295EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/21 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-47696

A vulnerability exists in the WordPress Blog Designer PRO for WordPress plugin that allows for disclosure of sensitive local files such as those that are used to store credentials...

8.1CVSS5.8AI score0.00436EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/19 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-4322

The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...

9.8CVSS5.8AI score0.18241EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/19 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-2775

SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives...

9.3CVSS5.8AI score0.55177EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/19 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-45878

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubricsvisualisesaveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is...

9.8CVSS5.8AI score0.63113EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/16 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-0150

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot, aka a Static Credential Vulnerability. The vulnerability is due...

10CVSS7.3AI score0.04823EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/16 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-0160

A vulnerability in Simple Network Management Protocol SNMP subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper management of memory resources, referred to as a double free. An...

6.3CVSS5.8AI score0.01662EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/15 12:0 a.m.9 views

VulnCheck KEV: CVE-2024-27443

Zimbra Collaboration contains a cross-site scripting XSS vulnerability in the CalendarInvite feature of the Zimbra webmail classic user interface. An attacker can exploit this vulnerability via an email message containing a crafted calendar header, leading to the execution of arbitrary...

6.1CVSS5.8AI score0.19543EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/15 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-11182

MDaemon Email Server contains a cross-site scripting XSS vulnerability that allows a remote attacker to load arbitrary JavaScript code via an HTML e-mail message...

6.1CVSS5.9AI score0.17105EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/14 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-2776

SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives...

9.8CVSS5.8AI score0.72971EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/14 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-2777

SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives...

9.8CVSS5.8AI score0.79133EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/14 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-4664

Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.8AI score0.05329EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/13 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-30400

Microsoft Windows DWM Core Library contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally...

7.8CVSS5.7AI score0.01763EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/13 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-32701

Microsoft Windows Common Log File System CLFS Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally...

7.8CVSS5.7AI score0.01291EPSS
Exploits0References1
Total number of security vulnerabilities4985