Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2025/03/19 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-3807

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via 'portopageheadershortcodetype', 'slideshowtype' and 'postlayout' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions,...

8.8CVSS5.8AI score0.01538EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/19 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-5932

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'givetitle' parameter. This makes it possible for unauthenticated attackers to inject a...

10CVSS5.8AI score0.74283EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/19 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-2505

The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of code in...

9.8CVSS6.2AI score0.01229EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/19 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-3809

The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 via the 'slideshowtype' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

8.8CVSS5.8AI score0.01002EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/19 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-8856

The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access prevention in all versions up to, and including, 1.22.21. This makes it possible for...

9.8CVSS5.9AI score0.93709EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/19 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-22120

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection...

9.1CVSS7.5AI score0.76618EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/19 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-6925

The Unlimited Addons for WPBakery Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importZipFile' function in versions up to, and including, 1.0.42. This makes it possible for authenticated attackers with a role that the...

7.2CVSS5.9AI score0.01496EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/19 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-47784

Unrestricted Upload of File with Dangerous Type vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a through 6.6.15...

8.8CVSS5.8AI score0.0069EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/19 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-2359

The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations...

8.8CVSS5.9AI score0.0254EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/19 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-3808

The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the 'portoportfolios' shortcode 'portfoliolayout' attribute. This makes it possible for authenticated attackers, with contributor-level and above...

8.8CVSS5.8AI score0.01002EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/19 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-0074

Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1...

8.8CVSS5.8AI score0.01154EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/19 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-30259

The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and consequently allow remote access to messaging applications by third parties, as exploited in the wild in 2024 for installation of Android malware associated...

3.5CVSS5.8AI score0.00236EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/19 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-24893

XWiki Platform contains an eval injection vulnerability that could allow any guest to perform arbitrary remote code execution through a request to SolrSearch...

9.8CVSS6.5AI score0.99898EPSS
Exploits50References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/19 12:0 a.m.8 views

VulnCheck KEV: CVE-2024-3806

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'portoajaxposts' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in...

9.8CVSS6.2AI score0.02687EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/17 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-41412

An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery SSRF attacks...

8.6CVSS5.8AI score0.04088EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/16 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-47248

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...

9.8CVSS6AI score0.14414EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/16 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-48248

NAKIVO Backup and Replication contains an absolute path traversal vulnerability that enables an attacker to read arbitrary files...

8.6CVSS7.4AI score0.9408EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/14 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-24813

Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute code, disclose information, or inject malicious content via a partial PUT request...

10CVSS7.4AI score0.99945EPSS
Exploits46References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/14 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-30066

tj-actions/changed-files GitHub Action contains an embedded malicious code vulnerability that allows a remote attacker to discover secrets by reading Github Actions Workflow Logs. These secrets may include, but are not limited to, valid AWS access keys, GitHub personal access tokens PATs, npm...

8.6CVSS5.9AI score0.41008EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/13 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-7214

A vulnerability has been found in TOTOLINK LR350 9.3.5u.6369B20220309 and classified as critical. Affected by this vulnerability is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. The attack can be launched...

8.8CVSS5.6AI score0.03152EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-21590

Juniper Junos OS contains an improper isolation or compartmentalization vulnerability. This vulnerability could allows a local attacker with high privileges to inject arbitrary code...

6.7CVSS5.9AI score0.01657EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-6409

A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not...

7CVSS5.8AI score0.27935EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/12 12:0 a.m.2 views

VulnCheck KEV: CVE-2017-0176

A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote Desktop Protocol...

9.3CVSS7.9AI score0.45927EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/11 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-24201

Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and...

10CVSS7.3AI score0.0424EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/11 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-11303

The pathname of the root directory to a Restricted Directory 'Path Traversal' vulnerability in Korenix JetPort 5601 allows Path Traversal.This issue affects JetPort 5601: through 1.2...

8.7CVSS7.3AI score0.0181EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/11 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-24993

Microsoft Windows New Technology File System NTFS contains a heap-based buffer overflow vulnerability that allows an unauthorized attacker to execute code locally...

7.8CVSS6.2AI score0.02092EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/11 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-26633

Microsoft Windows Management Console MMC contains an improper neutralization vulnerability that allows an unauthorized attacker to bypass a security feature locally...

7CVSS7.2AI score0.31894EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/11 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-9593

The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 for Time Clock and 1.1.4 for Time Clock Pro via the 'etimeclockwploadfunctioncallback' function. This allows unauthenticated attackers to execute...

8.3CVSS5.9AI score0.12491EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/11 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-22175

GitLab contains a server-side request forgery SSRF vulnerability when requests to the internal network for webhooks are enabled...

9.8CVSS7.3AI score0.53372EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/11 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-24983

Microsoft Windows Win32 Kernel Subsystem contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally...

7CVSS5.7AI score0.01267EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/11 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-33575

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in User Meta user-meta.This issue affects User Meta: from n/a through 3.0...

5.3CVSS5.8AI score0.01121EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/11 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-27363

FreeType contains an out-of-bounds write vulnerability when attempting to parse font subglyph structures related to TrueType GX and variable font files that may allow for arbitrary code execution...

8.1CVSS7.5AI score0.26049EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/11 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-24991

Microsoft Windows New Technology File System NTFS contains an out-of-bounds read vulnerability that allows an authorized attacker to disclose information locally...

5.5CVSS5.6AI score0.01852EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/11 12:0 a.m.2 views

VulnCheck KEV: CVE-2021-22054

Omnissa Workspace One UEM formerly known as VMware Workspace One UEM contains a server-side request forgery SSRF vulnerability that could allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information...

7.5CVSS7.3AI score0.97713EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/11 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-24984

Microsoft Windows New Technology File System NTFS contains an insertion of sensitive Information into log file vulnerability that allows an unauthorized attacker to disclose information with a physical attack. An attacker who successfully exploited this vulnerability could potentially read...

4.6CVSS5.7AI score0.01831EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/11 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-2876

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IGESSubscribersQuery' class in all versions up to, and including, 5.7.14 due to insufficient...

9.8CVSS5.9AI score0.80596EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/11 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-39935

GitLab Community and Enterprise Editions contain a server-side request forgery vulnerability which could allow unauthorized external users to perform Server Side Requests via the CI Lint API...

7.5CVSS7.3AI score0.35649EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/11 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-24985

Microsoft Windows Fast FAT File System Driver contains an integer overflow or wraparound vulnerability that allows an unauthorized attacker to execute code locally...

7.8CVSS6AI score0.03705EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/10 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-13161

Ivanti Endpoint Manager EPM contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information...

9.8CVSS5.8AI score0.88518EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/10 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-13159

Ivanti Endpoint Manager EPM contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information...

9.8CVSS5.8AI score0.99762EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/10 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-1661

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 'template' parameter of the wooftextsearch AJAX action. This makes it possible for unauthenticated attackers to include and...

9.8CVSS5.8AI score0.54756EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/10 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-13160

Ivanti Endpoint Manager EPM contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information...

9.8CVSS5.8AI score0.89738EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-1316

Edimax IC-7100 IP camera contains an OS command injection vulnerability due to improper input sanitization that allows an attacker to achieve remote code execution via specially crafted requests. The impacted product could be end-of-life EoL and/or end-of-service EoS. Users should discontinue...

9.8CVSS7.8AI score0.7227EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-1315

The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 3.5.1. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers...

9.8CVSS5.8AI score0.00464EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-3928

Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells...

8.8CVSS7.3AI score0.01932EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/05 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-11951

The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.0. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated...

9.8CVSS5.8AI score0.00405EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/04 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-22224

VMware ESXi and Workstation contain a time-of-check time-of-use TOCTOU race condition vulnerability that leads to an out-of-bounds write. Successful exploitation enables an attacker with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process...

9.3CVSS7.4AI score0.01524EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/04 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-22226

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. Successful exploitation allows an attacker with administrative privileges to a virtual machine to leak memory from the vmx process...

7.1CVSS7.3AI score0.01676EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/04 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-28218

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability...

7CVSS7.3AI score0.12298EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/03/04 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-22225

VMware ESXi contains an arbitrary write vulnerability. Successful exploitation allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write leading to an escape of the sandbox...

8.2CVSS7.4AI score0.00963EPSS
Exploits0References1
Total number of security vulnerabilities4985