Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2025/03/03 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-43769

Hitachi Vantara Pentaho BA Server contains a special element injection vulnerability that allows an attacker to inject Spring templates into properties files, allowing for arbitrary command execution...

8.8CVSS7.4AI score0.9767EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/28 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-0289

Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service...

7.8CVSS5.8AI score0.00318EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/27 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-29291

An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, but needs to set the...

5.9AI score0.01341EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/27 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-44000

Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through 6.5.0.1...

9.8CVSS5.8AI score0.83178EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/27 12:0 a.m.5 views

VulnCheck KEV: CVE-1999-0526

An X server's access control is disabled e.g. through an "xhost +" command and allows anyone to connect to the server...

10CVSS5.8AI score0.20978EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/27 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-26987

In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix deadlock when hugetlboptimizevmemmap is enabled When I did hard offline test with hugetlb pages, below deadlock occurs: ====================================================== WARNING: possible circular...

5.5CVSS5.7AI score0.00175EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/27 12:0 a.m.3 views

VulnCheck KEV: CVE-2001-1580

Directory traversal vulnerability in ScriptEase viewcode.jse for Netware 5.1 before 5.1 SP3 allows remote attackers to read arbitrary files via ".." sequences in the query string...

5CVSS5.9AI score0.02883EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/27 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-32238

H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface...

9.8CVSS5.8AI score0.53229EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/27 12:0 a.m.7 views

VulnCheck KEV: CVE-2013-6117

Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777...

7.5CVSS5.8AI score0.70713EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/27 12:0 a.m.4 views

VulnCheck KEV: CVE-2009-3733

Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors...

5CVSS7.5AI score0.83378EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/27 12:0 a.m.3 views

VulnCheck KEV: CVE-2016-6563

Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822,...

10CVSS6.1AI score0.79947EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/27 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-23263

Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/, /templates/ and some of the files in /.git/ non-binary...

7.5CVSS5.8AI score0.01581EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/27 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-8425

The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwbwgmpreviewmail' and 'mwbwgmwoocommerceaddcartitemdata' functions in all versions up to, and including, 2.9.2. This makes it possible for...

9.8CVSS5.9AI score0.03858EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/27 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-20439

Cisco Smart Licensing Utility contains a static credential vulnerability that allows an unauthenticated, remote attacker to log in to an affected system and gain administrative credentials...

9.8CVSS5.8AI score0.9201EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/27 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-41140

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The...

8.8CVSS6.2AI score0.01096EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/26 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-28916

Xbox Gaming Services Elevation of Privilege Vulnerability...

8.8CVSS7.3AI score0.00652EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/26 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-0582

A memory leak flaw was found in the Linux kernel’s iouring functionality in how a user registers a buffer ring with IORINGREGISTERPBUFRING, mmap it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system...

7.8CVSS7.4AI score0.12836EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/26 12:0 a.m.19 views

VulnCheck KEV: CVE-2022-34918

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nftseteleminit leading to a buffer overflow could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. The attacker can obtain root access, but must start with...

7.8CVSS6.9AI score0.05451EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/26 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-21447

Windows Authentication Elevation of Privilege Vulnerability...

7.8CVSS7.3AI score0.01372EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/26 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-38100

Windows File Explorer Elevation of Privilege Vulnerability...

7.8CVSS7.3AI score0.04515EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/26 12:0 a.m.9 views

VulnCheck KEV: CVE-2020-24901

The default installation of Krpano Panorama Viewer version =1.20.8 is vulnerable to Reflected XSS due to insecure remote js load in file viewer/krpano.html, parameter plugintest.url...

6.1CVSS5.8AI score0.01015EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-20118

Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management interface. Successful exploitation could allow an authenticated, remote attacker to gain root-level privileges and access unauthorized data...

7.2CVSS7.3AI score0.53827EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-23109

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests...

10CVSS7.4AI score0.03224EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/25 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-23108

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests...

10CVSS7.4AI score0.78375EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/25 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-5412

Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can...

6.5CVSS5.8AI score0.10214EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/25 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-38514

NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery SSRF vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance MKCOL, PUT and...

7.4CVSS5.9AI score0.02186EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-34192

Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting XSS vulnerability that allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function...

9CVSS6.1AI score0.77266EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/25 12:0 a.m.7 views

VulnCheck KEV: CVE-2021-20092

The web interfaces of Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 do not properly restrict access to sensitive information from an unauthorized actor...

7.5CVSS7.3AI score0.0817EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/24 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-20953

Oracle Agile Product Lifecycle Management PLM contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the system...

8.8CVSS7.3AI score0.03405EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/19 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-24989

Microsoft Power Pages contains an improper access control vulnerability that allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control...

9.8CVSS7.3AI score0.01659EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/18 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-0111

Palo Alto Networks PAN-OS contains an external control of file name or path vulnerability. Successful exploitation enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user...

7.1CVSS5.8AI score0.01862EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/18 12:0 a.m.12 views

VulnCheck KEV: CVE-2024-9916

A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. Affected by this issue is some unknown functionality of the file app/modules/ut-cac/admin/cli.php. The manipulation of the argument o leads to os command injection. The attack may be launched remotely. The...

9.8CVSS5.5AI score0.73666EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/13 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-21535

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle...

9.8CVSS7.3AI score0.008EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-0108

Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in its management web interface. This vulnerability allows an unauthenticated attacker with network access to the management web interface to bypass the authentication normally required and invoke certain PHP scripts...

9.1CVSS5.8AI score0.98338EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-1094

Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application...

8.1CVSS7.4AI score0.89472EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/13 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-53704

SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication...

9.8CVSS7.3AI score0.95132EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/12 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-24329

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function...

9.8CVSS5.8AI score0.06172EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/12 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-24328

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function...

9.8CVSS5.8AI score0.06172EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-12987

DrayTek Vigor2960, Vigor300B, and Vigor3900 routers contain an OS command injection vulnerability due to an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component web management interface...

9.8CVSS7.2AI score0.98125EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-2353

A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.85220230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be...

9CVSS5.5AI score0.03952EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/11 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-24472

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests...

8.1CVSS5.8AI score0.02988EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/11 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-21391

Microsoft Windows Storage contains a link following vulnerability that could allow for privilege escalation. This vulnerability could allow an attacker to delete data including data that results in the service being unavailable...

7.1CVSS5.8AI score0.02143EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/11 12:0 a.m.6 views

VulnCheck KEV: CVE-2018-1217

Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local...

9.8CVSS5.8AI score0.46642EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/11 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-21418

Microsoft Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges...

7.8CVSS6AI score0.01459EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/10 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-24200

Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device...

6.1CVSS5.8AI score0.04906EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/09 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-9644

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote...

9.8CVSS5.8AI score0.00644EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/07 12:0 a.m.7 views

VulnCheck KEV: CVE-2011-2688

SQL injection vulnerability in mysql/mysql-auth.pl in the modauthnzexternal module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field...

7.5CVSS6.2AI score0.05659EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/06 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-0994

Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services IIS web server...

8.8CVSS7.8AI score0.28261EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/05 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-9860

The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the 'importaction' and 'installpluginperdemo' functions in versions up to, and including, 3.3. This makes it possible for authenticated attackers with...

6.5CVSS5.8AI score0.00303EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/05 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a...

5.9CVSS6.8AI score0.9378EPSS
Exploits4References1
Total number of security vulnerabilities4985