Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2024/12/04 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-47133

UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands...

7.2CVSS6.1AI score0.00904EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/12/03 12:0 a.m.8 views

VulnCheck KEV: CVE-2024-36111

KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a random 32-bit string will be generated to overwrite the key in the configuration file when the...

6.3CVSS5.8AI score0.08388EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/29 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-40238

A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address...

5.5CVSS5.8AI score0.01858EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/26 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-11680

ProjectSend contains an improper authentication vulnerability that allows a remote, unauthenticated attacker to enable unauthorized modification of the application's configuration via crafted HTTP requests to options.php. Successful exploitation allows attackers to create accounts, upload...

9.8CVSS7.3AI score0.91559EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/26 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-10781

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'apikey' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for...

8.1CVSS5.8AI score0.03824EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/26 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-49035

Microsoft Partner Center contains an improper access control vulnerability that allows an attacker to escalate privileges...

9.8CVSS5.8AI score0.01339EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/26 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-41295

ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and execute CRUD commands GET, POST, PUT, DELETE to perform arbitrary operations in the system...

8.8CVSS6AI score0.00415EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/26 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-30075

In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation...

8.8CVSS6.4AI score0.37199EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/26 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-10647

ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source parameter because of a lack of inc/zzzfile.php restrictions. For example, source%5B%5D=http%3A%2F%2F192.168.0.1%2Ftest.php can be used if...

9.8CVSS6.1AI score0.06589EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-10857

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handledownloads function due to insufficient file path validation/sanitization. This makes it possible for authenticated attackers, with...

6.5CVSS5.8AI score0.0075EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/25 12:0 a.m.9 views

VulnCheck KEV: CVE-2024-42057

A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from...

8.1CVSS5.8AI score0.0132EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-53150

Linux Kernel contains an out-of-bounds read vulnerability in the USB-audio driver that allows a local, privileged attacker to obtain potentially sensitive information...

7.1CVSS7.2AI score0.01325EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-11667

Multiple Zyxel firewalls contain a path traversal vulnerability in the web management interface that could allow an attacker to download or upload files via a crafted URL...

9.8CVSS5.8AI score0.03017EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/21 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-10400

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘ratingfilter’ parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS5.9AI score0.82589EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/20 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-14756

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Core Components. Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

9.8CVSS7.3AI score0.74753EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/20 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-28711

Insufficient control flow management in the Hyperscan Library maintained by IntelR before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access...

5.5CVSS5.8AI score0.00161EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/20 12:0 a.m.2 views

VulnCheck KEV: CVE-2000-0325

The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability...

7.2CVSS5.9AI score0.03731EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-38021

Microsoft Outlook Remote Code Execution Vulnerability...

8.8CVSS5.9AI score0.03526EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/20 12:0 a.m.9 views

VulnCheck KEV: CVE-2021-22873

Revive Adserver before 5.1.0 is vulnerable to open redirects via the dest, oadest, and/or ct0 parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However,...

6.1CVSS5.8AI score0.66141EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/19 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-31969

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability...

7.8CVSS5.8AI score0.01208EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/19 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-44308

Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution...

8.8CVSS7.5AI score0.09186EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/19 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-44309

Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting XSS attack...

6.3CVSS7.2AI score0.21044EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/19 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-26229

The Microsoft Windows CSC Service is vulnerable to an elevation of privilege flaw. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges...

7.8CVSS5.8AI score0.09375EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/18 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-21287

Oracle Agile Product Lifecycle Management PLM contains an incorrect authorization vulnerability in the Process Extension component of the Software Development Kit. Successful exploitation of this vulnerability may result in unauthenticated file disclosure...

7.5CVSS7.3AI score0.01496EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/18 12:0 a.m.7 views

VulnCheck KEV: CVE-2024-38813

VMware vCenter contains an improper check for dropped privileges vulnerability. This vulnerability could allow an attacker with network access to the vCenter Server to escalate privileges to root by sending a specially crafted packet...

9.8CVSS7.3AI score0.16676EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/18 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-0012

Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators...

9.8CVSS7.3AI score0.99698EPSS
Exploits15References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/18 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-9474

Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls and VPN concentrators...

7.2CVSS7.3AI score0.94766EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-50570

A Cleartext Storage of Sensitive Information vulnerability CWE-312 in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN...

5CVSS5.8AI score0.00139EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-11120

Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...

9.8CVSS7.5AI score0.28554EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/14 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-10924

The Really Simple Security Free, Pro, and Pro Multisite plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'checkloginandgetuser' function. This makes it...

9.8CVSS7.3AI score0.81722EPSS
Exploits21References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/14 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-10571

The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

9.8CVSS6AI score0.04841EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/13 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-10914

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgiuseradd of the file /cgi-bin/accountmgr.cgi?cmd=cgiuseradd. The manipulation of the argument name leads to os...

9.8CVSS6.9AI score0.97432EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/12 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-43451

Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a file open operation. The attacker could then leverage this hash to impersonate that user...

6.5CVSS7.3AI score0.81817EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-49039

Microsoft Windows Task Scheduler contains a privilege escalation vulnerability that can allow an attacker-provided, local application to escalate privileges outside of its AppContainer, and access privileged RPC functions...

8.8CVSS7.2AI score0.13719EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/12 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-8068

Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must be an authenticated user in the same Windows Active Directory domain as the session recording server domain...

8CVSS7.3AI score0.01399EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/12 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-9465

Palo Alto Networks Expedition contains a SQL injection vulnerability that allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the...

9.2CVSS7.5AI score0.99597EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/12 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-8069

Citrix Session Recording contains a deserialization of untrusted data vulnerability that allows limited remote code execution with privilege of a NetworkService Account access. Attacker must be an authenticated user on the same intranet as the session recording server...

8CVSS7.9AI score0.14736EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/09 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-12856

Four-Faith industrial routers are vulnerable to an operating system command injection vulnerability...

7.2CVSS7.3AI score0.82192EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-39713

A Server-Side Request Forgery SSRF affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1...

8.6CVSS5.8AI score0.03201EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/07 12:0 a.m.5 views

VulnCheck KEV: CVE-2014-2120

Cisco Adaptive Security Appliance ASA contains a cross-site scripting XSS vulnerability in the WebVPN login page. This vulnerability allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter...

6.1CVSS7.3AI score0.14029EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-5910

Palo Alto Networks Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data...

9.8CVSS7.3AI score0.91783EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/07 12:0 a.m.8 views

VulnCheck KEV: CVE-2024-50302

The Linux kernel contains a use of uninitialized resource vulnerability that allows an attacker to leak kernel memory via a specially crafted HID report...

5.5CVSS6.8AI score0.00809EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/07 12:0 a.m.7 views

VulnCheck KEV: CVE-2024-53104

Linux kernel contains an out-of-bounds write vulnerability in the uvcparsestreaming component of the USB Video Class UVC driver that could allow for physical escalation of privilege...

7.8CVSS6.9AI score0.03301EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/06 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-41285

Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escalation in the MODAPI.sys driver component. The vulnerability is triggered by sending a specific IOCTL request that allows low-privileged users to directly interact with physical memory via the MmMapIoSpace function call mapping...

7.8CVSS5.8AI score0.0052EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/06 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-14979

The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X1 through 1.0.6 allow local users, including low integrity processes, to read and write to arbitrary memory locations. This allows any user to gain NT AUTHORITY\SYSTEM privileges by mapping \Device\PhysicalMemory into the...

7.8CVSS5.9AI score0.00605EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/04 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-43093

Android Framework contains an unspecified vulnerability that allows for privilege escalation...

7.3CVSS7.3AI score0.00714EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/03 12:0 a.m.7 views

VulnCheck KEV: CVE-2024-36991

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows...

7.5CVSS5.8AI score0.1311EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/02 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-48217

An Insecure Direct Object Reference IDOR in the dashboard of SiSMART v7.4.0 allows attackers to execute a horizontal-privilege escalation...

8.8CVSS5.9AI score0.0068EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/02 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-44258

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, tvOS 18.1, visionOS 2.1. Restoring a maliciously crafted backup file may lead to modification of protected system files...

7.1CVSS5.8AI score0.0075EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/11/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-28769

The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17ABYO.1C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service DoS conditions on a vulnerable device...

9.8CVSS7.7AI score0.0542EPSS
Exploits1References1
Total number of security vulnerabilities4985