Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2024/11/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-45440

A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17ABPC.3C0, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vulnerability to access the root file system by creating a...

4.4CVSS5.8AI score0.00249EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/31 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-29574

CyberoamOS CROS contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely...

9.8CVSS7.6AI score0.04729EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/31 12:0 a.m.10 views

VulnCheck KEV: CVE-2020-15069

Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the "HTTP/S bookmark" feature...

9.8CVSS8.1AI score0.10674EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/30 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-21894

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution...

9.8CVSS5.8AI score0.18987EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/30 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-1597

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a...

10CVSS7.2AI score0.0481EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/30 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-23897

Cross-Site Request Forgery CSRF vulnerability in Ozette Plugins Simple Mobile URL Redirect plugin = 1.7.2 versions...

8.8CVSS5.8AI score0.01671EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/30 12:0 a.m.7 views

VulnCheck KEV: CVE-2024-10392

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handleimageupload' function in all versions up to, and including, 1.8.89. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

9.8CVSS5.9AI score0.1313EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/29 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-9870

A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code...

8.8CVSS7.2AI score0.01971EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/29 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-51568

CyberPanel aka Cyber Panel before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner sink. There is /filemanager/upload aka File Manager upload unauthenticated remote code execution via shell metacharacters...

10CVSS7.9AI score0.45682EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/29 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-51567

CyberPanel contains an incorrect default permissions vulnerability that allows a remote, unauthenticated attacker to execute commands as root...

10CVSS7.4AI score0.86725EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/29 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-9910

Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker with arbitrary read and write capability may be able...

8.8CVSS7.2AI score0.02163EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/26 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-51378

CyberPanel contains an incorrect default permissions vulnerability that allows for authentication bypass and the execution of arbitrary commands using shell metacharacters in the statusfile property...

10CVSS7.6AI score0.94878EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/25 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-9161

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'updatemetadata' function in all versions up to, and including, 1.0.228. This makes it possible for...

6.5CVSS5.8AI score0.02045EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/23 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-20481

Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD contain a missing release of resource after effective lifetime vulnerability that could allow an unauthenticated, remote attacker to cause a denial-of-service DoS of the RAVPN service...

5.8CVSS5.8AI score0.15953EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/23 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-47575

Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests...

9.8CVSS7.6AI score0.94761EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-38816

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

7.5CVSS6.6AI score0.14718EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/22 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-11900

The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free...

8.2CVSS7.3AI score0.1285EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-20263

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could...

6.1CVSS7.3AI score0.0048EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/17 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-38094

Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution...

7.2CVSS7.6AI score0.49979EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/16 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-7289

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytiumswsaveapikeys function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

5.4CVSS5.8AI score0.00275EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-36836

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete...

8.1CVSS5.9AI score0.01367EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-9463

Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls...

9.9CVSS7.4AI score0.98423EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.5 views

VulnCheck KEV: CVE-2016-15042

The Frontend File Manager versions 4.0, N-Media Post Front-end Form versions 1.1 plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the nmfilemanageruploadfile and nmpostfrontuploadfile AJAX actions. This makes it possible...

9.8CVSS5.9AI score0.05515EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2014-4663

TimThumb 2.8.13 and WordThumb 1.07, when Webshot aka Webshots is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter...

6.8CVSS6.1AI score0.0975EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-36837

The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the resetwizardactions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if...

9.9CVSS5.8AI score0.00568EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-7288

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the updateprofilepreference function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

5.4CVSS5.8AI score0.00272EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-28987

SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data...

9.1CVSS5.8AI score0.93299EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-4974

The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the getdebuglog, getdboption, and the setdboption functions in versions up...

6.3CVSS5.8AI score0.00424EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.6 views

VulnCheck KEV: CVE-2020-36831

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in versions up to, and including 4.3.17. This makes it possible for low-privileged attackers, like...

6.5CVSS5.8AI score0.00488EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-4973

WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts...

5.4CVSS5.8AI score0.00456EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-4971

The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateorssssharingcount' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible...

6.1CVSS5.8AI score0.1544EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-7293

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the checkmollieaccountdetails function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

4.3CVSS5.8AI score0.00242EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-4443

The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compilersave AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code...

9.8CVSS6AI score0.00655EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-36834

The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions. This makes it possible for subscriber-level attackers to execute various actions...

6.3CVSS5.9AI score0.00339EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-4444

The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as creating new...

7.3CVSS5.8AI score0.00321EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-45409

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...

10CVSS7.3AI score0.10684EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-25213

The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive...

9.8CVSS5.8AI score0.02734EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-4446

The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to...

6.3CVSS5.7AI score0.00252EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-7286

The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the editusers capability to access metadata of other users, this includes contributor-level users and above...

6.5CVSS5.8AI score0.00421EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.2 views

VulnCheck KEV: CVE-2012-10018

The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery requests coming from a vulnerable site's server and ultimately perform an XSS attack if...

8.3CVSS5.7AI score0.01133EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.2 views

VulnCheck KEV: CVE-2019-25214

The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to call the endpoints and perform unauthorized actions such as...

7.2CVSS5.8AI score0.00325EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-25215

The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. This makes it possible for unauthenticated attackers to call the files directly and perform a wide...

7.3CVSS5.8AI score0.00396EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-36832

The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it possible for unauthenticated attackers to login as any user, including the site administrator with a default user ID of 1, via the username or user...

9.8CVSS5.6AI score0.00671EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-25105

The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary...

9.8CVSS5.9AI score0.0078EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-4445

The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1. This is due to missing capability and nonce checks in the padismissadminnotice AJAX action. This makes it possible for authenticated subscriber+ attackers to...

6.5CVSS5.8AI score0.00385EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-36835

The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to sensitive information disclosure of a WordPress site's database due to missing capability checks on the wpajaxwpvividaddremote AJAX action that allows low-level authenticated attackers to send back-ups to a...

6.5CVSS5.8AI score0.00541EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-8877

Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.This issue affects Netman 204: through 4.05...

9.8CVSS5.9AI score0.7703EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-7290

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the checkforverifiedprofiles function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

4.3CVSS5.8AI score0.00242EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.6 views

VulnCheck KEV: CVE-2019-25217

The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect use of an access control attribute on the switchphp function called via the /switch-php REST API...

9.8CVSS5.9AI score0.00827EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-7291

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createmollieaccount function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

8.1CVSS5.8AI score0.00354EPSS
Exploits0References1
Total number of security vulnerabilities4985