Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2024/12/20 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-42912

FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands...

9CVSS5.8AI score0.141EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-12356

BeyondTrust Privileged Remote Access PRA and Remote Support RS contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user...

9.8CVSS5.7AI score0.87991EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/19 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-52163

Digiever DS-2105 Pro contains a missing authorization vulnerability which could allow for command injection via timetzsetup.cgi...

8.8CVSS7.3AI score0.96434EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/19 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-3699

A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges...

7.8CVSS7.4AI score0.04284EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/18 12:0 a.m.•2 views

VulnCheck KEV: CVE-2019-11001

Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W IP cameras contain an authenticated OS command injection vulnerability. This vulnerability allows an authenticated admin to use the "TestEmail" functionality to inject and run OS commands as root...

9CVSS7.3AI score0.38369EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/18 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-40407

Reolink RLC-410W IP cameras contain an authenticated OS command injection vulnerability in the device network settings functionality...

9.1CVSS7.3AI score0.47915EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/18 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-23227

NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users...

10CVSS7.4AI score0.49431EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/18 12:0 a.m.•5 views

VulnCheck KEV: CVE-2024-12686

BeyondTrust Privileged Remote Access PRA and Remote Support RS contain an OS command injection vulnerability that can be exploited by an attacker with existing administrative privileges to upload a malicious file. Successful exploitation of this vulnerability can allow a remote attacker to...

7.2CVSS5.9AI score0.13788EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/16 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-25206

The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices by sending...

9CVSS5.9AI score0.05312EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/16 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-35250

Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges...

7.8CVSS7.1AI score0.25222EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/15 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-53677

File upload logic is flawed vulnerability in Apache Struts. This issue affects Apache Struts: from 2.0.0 before 6.4.0. Users are recommended to upgrade to version 6.4.0 and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload...

9.8CVSS7.3AI score0.78198EPSS
Exploits15References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/12 12:0 a.m.•5 views

VulnCheck KEV: CVE-2024-38653

XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server...

8.2CVSS5.9AI score0.91984EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/12 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-11015

The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticateuser' user function not implementing sufficient null value checks when setting the access token and user information. This makes it...

9.8CVSS5.8AI score0.00784EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/11 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-55550

Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated,...

9.1CVSS7.3AI score0.98067EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/10 12:0 a.m.•5 views

VulnCheck KEV: CVE-2024-55956

Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload vulnerability that could allow an unauthenticated user to import and execute arbitrary bash or PowerShell commands on the host system by leveraging the default settings of the...

9.8CVSS7.5AI score0.93804EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/10 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-35286

A vulnerability in NuPoint Messenger NPM of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary...

9.8CVSS7.4AI score0.65559EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/10 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-10081

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints...

10CVSS5.8AI score0.40058EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/10 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-41713

Mitel MiCollab contains a path traversal vulnerability that could allow an attacker to gain unauthorized and unauthenticated access. This vulnerability can be chained with CVE-2024-55550, which allows an unauthenticated, remote attacker to read arbitrary files on the server...

9.1CVSS7.4AI score0.98067EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/10 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-3378

A vulnerability has been found in iboss Secure Web Gateway up to 10.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login of the component Login Portal. The manipulation of the argument redirectUrl leads to cross site scripting. The...

6.1CVSS4.1AI score0.22002EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/10 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-49138

Microsoft Windows Common Log File System CLFS driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges...

7.8CVSS7.5AI score0.25414EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/10 12:0 a.m.•2 views

VulnCheck KEV: CVE-2024-11972

A vulnerability is present in the Hunk Companion plugin that allows installation and activation of plugins from the Wordpress.org repository via an unauthenticated POST request...

9.8CVSS7.3AI score0.54754EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/09 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-50623

Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload and download vulnerability that can lead to remote code execution with elevated privileges...

9.8CVSS7.8AI score0.98529EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/06 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation...

7.8CVSS7.2AI score0.55367EPSS
Exploits20References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-31248

Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; nftchainlookupbyid failed to check whether a chain was active and CAPNETADMIN is in any user or network namespace...

7.8CVSS6.7AI score0.02033EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/06 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-32233

In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled...

7.8CVSS6.8AI score0.12966EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/06 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-3269

A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas VMAs is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers,...

7.8CVSS7AI score0.01484EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/05 12:0 a.m.•5 views

VulnCheck KEV: CVE-2024-51211

SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $usernamestnid parameter, which can be manipulated by an attacker to inject arbitrary SQL commands...

9.8CVSS6AI score0.02192EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/05 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-45388

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...

7.5CVSS5.8AI score0.55864EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/05 12:0 a.m.•5 views

VulnCheck KEV: CVE-2024-52276

User Interface UI Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. 1. Displayed version does not show the layer flattened version, which is provided when the "Print" option is used. 2. Displayed version does not show the layer flattened version, which...

8.2CVSS5.8AI score0.00353EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/05 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-35219

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

8.3CVSS5.8AI score0.03592EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/05 12:0 a.m.•5 views

VulnCheck KEV: CVE-2024-52270

User Interface UI Misrepresentation of Critical Information vulnerability in DropBox SignHelloSign allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed e.g. via Google Chrome - Examine the print preview: Will render the...

8.2CVSS5.8AI score0.00191EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/05 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-45835

Server-Side Request Forgery SSRF vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15...

7.5CVSS7.3AI score0.37673EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/05 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-39914

FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34...

9.8CVSS5.8AI score0.23414EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/05 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-21390

Microsoft Authenticator Elevation of Privilege Vulnerability...

7.1CVSS5.8AI score0.01266EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/05 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-12209

The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to include and execute...

9.8CVSS7.3AI score0.15043EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/05 12:0 a.m.•2 views

VulnCheck KEV: CVE-2023-4220

Unrestricted file upload in big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS = v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell...

8.1CVSS6.3AI score0.76084EPSS
Exploits27References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/05 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-43163

A Remote Code Execution RCE vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW3.01B11P55 via the checkNet function in /cgi-bin/luci/api/auth...

9.8CVSS5.8AI score0.02169EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/05 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-52271

User Interface UI Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed e.g. via Google Chrome - Examine the print preview: Will render the vulnerability only, not...

8.2CVSS5.8AI score0.00208EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/05 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-36559

Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at pingexec.cgi...

9.8CVSS5.8AI score0.01692EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/05 12:0 a.m.•2 views

VulnCheck KEV: CVE-2021-20617

Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows remote attackers to execute an arbitrary OS command, or gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified...

10CVSS6AI score0.07871EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/05 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-34854

F-logic DataCube3 v1.0 is vulnerable to File Upload via /admin/transceiverschedule.php...

9.8CVSS5.8AI score0.12752EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/05 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-45507

Server-Side Request Forgery SSRF, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue...

9.8CVSS5.8AI score0.93243EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/05 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-38192

An issue was discovered in SuperWebMailer 9.00.0.01710. It allows superadmincreate.php XSS via crafted incorrect passwords...

6.1CVSS5.8AI score0.01116EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/05 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-23900

A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi...

9.8CVSS6.4AI score0.03566EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/05 12:0 a.m.•2 views

VulnCheck KEV: CVE-2024-52277

User Interface UI Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed e.g. via Google Chrome - Examine the print preview: Will render the vulnerability only, not all...

8.2CVSS5.8AI score0.00208EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/05 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-5827

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents ?php...

9.8CVSS6AI score0.03452EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/05 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-52269

User Interface UI Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. The SaaS AI assistant ignores hidden content that is rendered after signing, misleading the user. For reference see: CVE-2024-52276 This issue affects DocuSign: through 2024-12-04...

8.2CVSS5.8AI score0.00353EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/04 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-53197

Linux Kernel contains an out-of-bounds access vulnerability in the USB-audio driver that allows an attacker with physical access to the system to use a malicious USB device to potentially manipulate system memory, escalate privileges, or execute arbitrary code...

7.8CVSS7.3AI score0.03558EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/04 12:0 a.m.•2 views

VulnCheck KEV: CVE-2024-52564

Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be executed and/or...

7.5CVSS5.9AI score0.0058EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/12/04 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-45841

Incorrect permission assignment for critical resource issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. If an attacker with the guest account of the affected products accesses a specific file, the information containing credentials may be obtained...

6.5CVSS5.8AI score0.00483EPSS
Exploits0References1
Total number of security vulnerabilities4985