Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.2 views

VulnCheck KEV: CVE-2016-15040

The Kento Post View Counter plugin for WordPress is vulnerable to SQL Injection via the 'kentopvcgeo' parameter in versions up to, and including, 2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

9.8CVSS5.9AI score0.0053EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.2 views

VulnCheck KEV: CVE-2023-7292

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytiumnoticedismiss function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

4.3CVSS5.8AI score0.00272EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2017-20192

The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form entries like 'afterhtml' in versions before 2.05.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

8.3CVSS5.8AI score0.00999EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-4972

The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive...

7.5CVSS5.8AI score0.0046EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-4448

The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions...

9.8CVSS5.8AI score0.01342EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-36842

The Migration, Backup, Staging -WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvividuploadimportfiles and wpvividuploadfiles AJAX actions that allows low-level authenticated attackers to upload zip files that can be...

8.8CVSS5.9AI score0.01117EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2016-15041

The MainWP Dashboard -The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mwpsetuppurchaseusername' parameter in versions up to, and including, 3.1.2 due to insufficient input sanitization and output...

7.2CVSS5.8AI score0.01228EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.2 views

VulnCheck KEV: CVE-2017-20194

The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frmformspreview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form...

5.3CVSS5.8AI score0.01098EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/14 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-42640

angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of...

9.8CVSS6.5AI score0.43683EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-20334

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /startapply.htm POST data, there is a command injection issue via shell metacharacters in the fbemail parameter. By using this issue, an attacker can control the router and get shell...

10CVSS5.8AI score0.0383EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/12 12:0 a.m.2 views

VulnCheck KEV: CVE-2023-0611

A vulnerability, which was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01. This issue affects some unknown processing of the file getset.ccp of the component Web Management Interface. The manipulation leads to command injection. The attack may be initiated remotely. The...

9CVSS5.4AI score0.03853EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/11 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-22254

VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox...

8.2CVSS5.8AI score0.00501EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/11 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-22255

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process...

7.1CVSS5.8AI score0.02311EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/11 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-30088

Microsoft Windows Kernel contains a time-of-check to time-of-use TOCTOU race condition vulnerability that could allow for privilege escalation...

7CVSS5.8AI score0.68202EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/11 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-9707

The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to...

9.8CVSS5.8AI score0.09137EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/10 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-4320

An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity...

7.6CVSS5.8AI score0.0053EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/09 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-9680

Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code execution in the content process...

9.8CVSS7.6AI score0.32568EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/09 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-39509

An issue was discovered in D-Link DIR-816 DIR-816A2FWv1.10CNB05R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell...

9.8CVSS5.8AI score0.05098EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/09 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-23113

Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format string vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests...

9.8CVSS7.6AI score0.61725EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/09 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-37383

RoundCube Webmail contains a cross-site scripting XSS vulnerability in the handling of SVG animate attributes that allows a remote attacker to run malicious JavaScript code...

6.1CVSS5.7AI score0.73296EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-43573

Microsoft Windows MSHTML Platform contains an unspecified spoofing vulnerability which can lead to a loss of confidentiality...

8.1CVSS5.8AI score0.44382EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-43572

Microsoft Windows Management Console contains unspecified vulnerability that allows for remote code execution...

7.8CVSS7.5AI score0.60954EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-9381

Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions...

7.2CVSS5.8AI score0.1565EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/08 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-9379

Ivanti Cloud Services Appliance CSA contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements...

7.2CVSS6AI score0.43583EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-22069

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle...

9.8CVSS7.3AI score0.0075EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-8911

The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

9.8CVSS5.9AI score0.02823EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-8943

The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12. This is due to insufficient verification on the user being supplied during the booking customer step. This makes it possible for unauthenticated attackers to log in as any existing...

9.8CVSS5.8AI score0.02994EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-44849

Qualitor up to 8.24 is vulnerable to Remote Code Execution RCE via Arbitrary File Upload in checkAcesso.php...

9.8CVSS5.8AI score0.46301EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-9380

Ivanti Cloud Services Appliance CSA contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS...

7.2CVSS5.8AI score0.62988EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/07 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-44068

An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation...

8.1CVSS5.8AI score0.01037EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-8752

The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system...

9.3CVSS5.9AI score0.11759EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-7679

In Progress Telerik UI for WinForms versions prior to 2024 Q3 2024.3.924, a command injection attack is possible through improper neutralization of hyperlink elements...

7.8CVSS5.7AI score0.00744EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-8316

In Progress Telerik UI for WPF versions prior to 2024 Q3 2024.3.924, a code execution attack is possible through an insecure deserialization vulnerability...

7.8CVSS6.2AI score0.00246EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-7575

In Progress Telerik UI for WPF versions prior to 2024 Q3 2024.3.924, a command injection attack is possible through improper neutralization of hyperlink elements...

9.8CVSS5.7AI score0.00682EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/07 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-7576

In Progress Telerik UI for WPF versions prior to 2024 Q3 2024.3.924, a code execution attack is possible through an insecure deserialization vulnerability...

9.8CVSS6.2AI score0.00449EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-9014

pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data...

9.9CVSS5.8AI score0.09685EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/04 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-3080

Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device...

9.8CVSS5.8AI score0.43456EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/01 12:0 a.m.5 views

VulnCheck KEV: CVE-2012-2626

cgi-bin/admin.cgi in the web console in Plixer Scrutinizer aka Dell SonicWALL Scrutinizer before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action...

5CVSS5.8AI score0.44458EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/01 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-9265

The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6. This is due to the plugin not properly restricting the roles that can set during registration through the echocheckpostheadersent function. This makes...

9.8CVSS5.8AI score0.00596EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-45519

Synacor Zimbra Collaboration Suite ZCS contains an unspecified vulnerability in the postjournal service that may allow an unauthenticated user to execute commands...

10CVSS5.9AI score0.99976EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/09/30 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-0344

SAP Commerce Cloud formerly known as Hybris contains a deserialization of untrusted data vulnerability within the mediaconversion and virtualjdbc extension that allows for code injection...

9.8CVSS6.3AI score0.07079EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/09/29 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-8181

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality...

9.8CVSS5.8AI score0.46109EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/09/28 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-9537

ScienceLogic SL1 formerly EM7 is affected by an unspecified vulnerability involving an unspecified third-party component...

9.8CVSS5.8AI score0.03852EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/09/27 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-47308

The Templately – Elementor & Gutenberg Template Library: 5000+ Free & Pro Ready Templates & Cloud! plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.1.2. This makes it possible for unauthenticated...

9.8CVSS5.8AI score0.01695EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/09/27 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-47176

CUPS is a standards-based, open-source printing system, and cups-browsed contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. cups-browsed binds to INADDRANY:631, causing it to trust any packet from any source, and...

5.3CVSS7.3AI score0.50174EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
added 2024/09/26 12:0 a.m.1 views

VulnCheck KEV: CVE-2024-2330

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/index.php. The manipulation of the argument IPAddr leads to sql injection. It is possible to initiate the attack remotely. The...

9.8CVSS5.7AI score0.17622EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/09/25 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-4325

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to...

8.6CVSS5.8AI score0.37366EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/09/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-7954

The porteplume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request...

9.8CVSS6.5AI score0.89947EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
added 2024/09/19 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-18775

Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product...

6.1CVSS5.8AI score0.06555EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2024/09/19 12:0 a.m.6 views

VulnCheck KEV: CVE-2002-0953

globals.php in PHP Address before 0.2f, with the PHP allowurlfopen and registerglobals variables enabled, allows remote attackers to execute arbitrary PHP code via a URL to the code in the LangCookie parameter...

7.5CVSS6.1AI score0.03777EPSS
Exploits1References1
Total number of security vulnerabilities4985