4985 matches found
VulnCheck KEV: CVE-2024-3807
The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via 'portopageheadershortcodetype', 'slideshowtype' and 'postlayout' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions,...
VulnCheck KEV: CVE-2024-5932
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'givetitle' parameter. This makes it possible for unauthenticated attackers to inject a...
VulnCheck KEV: CVE-2025-2505
The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of code in...
VulnCheck KEV: CVE-2024-3809
The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 via the 'slideshowtype' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...
VulnCheck KEV: CVE-2024-8856
The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access prevention in all versions up to, and including, 1.22.21. This makes it possible for...
VulnCheck KEV: CVE-2024-22120
Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection...
VulnCheck KEV: CVE-2023-6925
The Unlimited Addons for WPBakery Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importZipFile' function in versions up to, and including, 1.0.42. This makes it possible for authenticated attackers with a role that the...
VulnCheck KEV: CVE-2023-47784
Unrestricted Upload of File with Dangerous Type vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a through 6.6.15...
VulnCheck KEV: CVE-2023-2359
The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations...
VulnCheck KEV: CVE-2024-3808
The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the 'portoportfolios' shortcode 'portfoliolayout' attribute. This makes it possible for authenticated attackers, with contributor-level and above...
VulnCheck KEV: CVE-2022-0074
Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1...
VulnCheck KEV: CVE-2025-30259
The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and consequently allow remote access to messaging applications by third parties, as exploited in the wild in 2024 for installation of Android malware associated...
VulnCheck KEV: CVE-2025-24893
XWiki Platform contains an eval injection vulnerability that could allow any guest to perform arbitrary remote code execution through a request to SolrSearch...
VulnCheck KEV: CVE-2024-3806
The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'portoajaxposts' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in...
VulnCheck KEV: CVE-2022-41412
An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery SSRF attacks...
VulnCheck KEV: CVE-2023-47248
Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...
VulnCheck KEV: CVE-2024-48248
NAKIVO Backup and Replication contains an absolute path traversal vulnerability that enables an attacker to read arbitrary files...
VulnCheck KEV: CVE-2025-24813
Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute code, disclose information, or inject malicious content via a partial PUT request...
VulnCheck KEV: CVE-2025-30066
tj-actions/changed-files GitHub Action contains an embedded malicious code vulnerability that allows a remote attacker to discover secrets by reading Github Actions Workflow Logs. These secrets may include, but are not limited to, valid AWS access keys, GitHub personal access tokens PATs, npm...
VulnCheck KEV: CVE-2024-7214
A vulnerability has been found in TOTOLINK LR350 9.3.5u.6369B20220309 and classified as critical. Affected by this vulnerability is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. The attack can be launched...
VulnCheck KEV: CVE-2025-21590
Juniper Junos OS contains an improper isolation or compartmentalization vulnerability. This vulnerability could allows a local attacker with high privileges to inject arbitrary code...
VulnCheck KEV: CVE-2024-6409
A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not...
VulnCheck KEV: CVE-2017-0176
A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote Desktop Protocol...
VulnCheck KEV: CVE-2025-24201
Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and...
VulnCheck KEV: CVE-2024-11303
The pathname of the root directory to a Restricted Directory 'Path Traversal' vulnerability in Korenix JetPort 5601 allows Path Traversal.This issue affects JetPort 5601: through 1.2...
VulnCheck KEV: CVE-2025-24993
Microsoft Windows New Technology File System NTFS contains a heap-based buffer overflow vulnerability that allows an unauthorized attacker to execute code locally...
VulnCheck KEV: CVE-2025-26633
Microsoft Windows Management Console MMC contains an improper neutralization vulnerability that allows an unauthorized attacker to bypass a security feature locally...
VulnCheck KEV: CVE-2024-9593
The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 for Time Clock and 1.1.4 for Time Clock Pro via the 'etimeclockwploadfunctioncallback' function. This allows unauthenticated attackers to execute...
VulnCheck KEV: CVE-2021-22175
GitLab contains a server-side request forgery SSRF vulnerability when requests to the internal network for webhooks are enabled...
VulnCheck KEV: CVE-2025-24983
Microsoft Windows Win32 Kernel Subsystem contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally...
VulnCheck KEV: CVE-2024-33575
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in User Meta user-meta.This issue affects User Meta: from n/a through 3.0...
VulnCheck KEV: CVE-2025-27363
FreeType contains an out-of-bounds write vulnerability when attempting to parse font subglyph structures related to TrueType GX and variable font files that may allow for arbitrary code execution...
VulnCheck KEV: CVE-2025-24991
Microsoft Windows New Technology File System NTFS contains an out-of-bounds read vulnerability that allows an authorized attacker to disclose information locally...
VulnCheck KEV: CVE-2021-22054
Omnissa Workspace One UEM formerly known as VMware Workspace One UEM contains a server-side request forgery SSRF vulnerability that could allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information...
VulnCheck KEV: CVE-2025-24984
Microsoft Windows New Technology File System NTFS contains an insertion of sensitive Information into log file vulnerability that allows an unauthorized attacker to disclose information with a physical attack. An attacker who successfully exploited this vulnerability could potentially read...
VulnCheck KEV: CVE-2024-2876
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IGESSubscribersQuery' class in all versions up to, and including, 5.7.14 due to insufficient...
VulnCheck KEV: CVE-2021-39935
GitLab Community and Enterprise Editions contain a server-side request forgery vulnerability which could allow unauthorized external users to perform Server Side Requests via the CI Lint API...
VulnCheck KEV: CVE-2025-24985
Microsoft Windows Fast FAT File System Driver contains an integer overflow or wraparound vulnerability that allows an unauthorized attacker to execute code locally...
VulnCheck KEV: CVE-2024-13161
Ivanti Endpoint Manager EPM contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information...
VulnCheck KEV: CVE-2024-13159
Ivanti Endpoint Manager EPM contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information...
VulnCheck KEV: CVE-2025-1661
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 'template' parameter of the wooftextsearch AJAX action. This makes it possible for unauthenticated attackers to include and...
VulnCheck KEV: CVE-2024-13160
Ivanti Endpoint Manager EPM contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information...
VulnCheck KEV: CVE-2025-1316
Edimax IC-7100 IP camera contains an OS command injection vulnerability due to improper input sanitization that allows an attacker to achieve remote code execution via specially crafted requests. The impacted product could be end-of-life EoL and/or end-of-service EoS. Users should discontinue...
VulnCheck KEV: CVE-2025-1315
The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 3.5.1. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers...
VulnCheck KEV: CVE-2025-3928
Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells...
VulnCheck KEV: CVE-2024-11951
The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.0. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated...
VulnCheck KEV: CVE-2025-22224
VMware ESXi and Workstation contain a time-of-check time-of-use TOCTOU race condition vulnerability that leads to an out-of-bounds write. Successful exploitation enables an attacker with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process...
VulnCheck KEV: CVE-2025-22226
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. Successful exploitation allows an attacker with administrative privileges to a virtual machine to leak memory from the vmx process...
VulnCheck KEV: CVE-2023-28218
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability...
VulnCheck KEV: CVE-2025-22225
VMware ESXi contains an arbitrary write vulnerability. Successful exploitation allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write leading to an escape of the sandbox...