Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2014-8379

Multiple cross-site scripting XSS vulnerabilities in the Marketo MA module before 7.x-1.5 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to field titles to the 1 Webform or 2 User sub-modules...

3.5CVSS5.8AI score0.00946EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-27982

IceWarp 11.4.5.0 allows XSS via the language parameter...

6.1CVSS5.8AI score0.05272EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•4 views

VulnCheck KEV: CVE-2015-4074

Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter in a ticket.downloadattachment task...

7.5CVSS5.9AI score0.5651EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•5 views

VulnCheck KEV: CVE-2012-4940

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. dot dot in 1 the fileName parameter in a download action to source/loggin/pagelogdwnfile.hsp, or the fileName...

6.4CVSS5.9AI score0.83632EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-8982

com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF...

9.6CVSS5.8AI score0.25563EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2002-1149

The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings...

5CVSS5.8AI score0.0197EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•2 views

VulnCheck KEV: CVE-2023-25651

There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak...

8CVSS6AI score0.00342EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-11511

The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files...

7.5CVSS7.2AI score0.03538EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•2 views

VulnCheck KEV: CVE-2008-2052

Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter...

6.1CVSS5.9AI score0.01568EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•8 views

VulnCheck KEV: CVE-2015-3897

Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. dot dot in the theme parameter and a file path in the location parameter to bonita/portal/themeResource...

5CVSS5.9AI score0.17681EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-38702

Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=XSS attacks...

6.1CVSS5.8AI score0.06929EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-9344

Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations...

6.1CVSS5.8AI score0.05198EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-9757

The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller...

9.8CVSS7.3AI score0.73434EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-17731

DedeCMS through 5.7 has SQL Injection via the $FILES superglobal to plus/recommend.php...

9.8CVSS6AI score0.13194EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-22211

SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajaxstreet.php...

9.8CVSS5.9AI score0.0794EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•5 views

VulnCheck KEV: CVE-2016-1000149

Reflected XSS in wordpress plugin simpel-reserveren v3.5.2...

6.1CVSS5.8AI score0.03977EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-9506

The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery SSRF...

6.1CVSS5.8AI score0.71601EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•9 views

VulnCheck KEV: CVE-2018-20463

An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. There is an arbitrary file read vulnerability via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. This can also be used for SSRF...

7.5CVSS5.9AI score0.13078EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•6 views

VulnCheck KEV: CVE-2022-0885

The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments...

9.8CVSS5.9AI score0.09105EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-21801

This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...

9.6CVSS6AI score0.63415EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-2767

Vulnerability in the BI Publisher formerly XML Publisher component of Oracle Fusion Middleware subcomponent: BI Publisher Security. The supported version that is affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network...

7.2CVSS7.2AI score0.05238EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-0929

DNN aka DotNetNuke before 9.2.0 suffers from a Server-Side Request Forgery SSRF vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources...

7.5CVSS7.2AI score0.12543EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2005-3128

Cross-site scripting XSS vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag...

4.3CVSS5.9AI score0.03436EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-6397

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. dot dot or full pathname in the tr parameter to solr/select/, when the response writer wt parameter is set to XSLT. NOTE: this can be leveraged using a...

4.3CVSS6AI score0.56255EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•2 views

VulnCheck KEV: CVE-2014-4535

Cross-site scripting XSS vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php...

6.1CVSS5.9AI score0.03983EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-1000600

A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in...

8.8CVSS5.8AI score0.90894EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2015-8813

The PageLoad function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery SSRF attacks via the url parameter...

8.2CVSS5.8AI score0.11595EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-0653

The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the siteurl parameter found in the /assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto...

6.1CVSS5.8AI score0.02703EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•7 views

VulnCheck KEV: CVE-2009-1872

Multiple cross-site scripting XSS vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to 2 wizards/common/logintowizard.cfm,...

4.3CVSS5.8AI score0.1614EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-23394

The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution RCE via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP...

9.8CVSS6.1AI score0.19083EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•2 views

VulnCheck KEV: CVE-2014-9792

arch/arm/mach-msm/ipcrouter.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769399 and Qualcomm internal bug CR550606...

9.3CVSS5.8AI score0.00481EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•2 views

VulnCheck KEV: CVE-2021-32172

Maian Cart v3.8 contains a preauthorization remote code execution RCE exploit via a broken access control issue in the Elfinder plugin...

9.8CVSS6.4AI score0.66433EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-30891

A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution...

8.8CVSS5.9AI score0.01896EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•2 views

VulnCheck KEV: CVE-2011-4926

Cross-site scripting XSS vulnerability in adminimize/adminimizepage.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter...

4.3CVSS5.9AI score0.10911EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-38812

VMware vCenter Server contains a heap-based buffer overflow vulnerability in the implementation of the DCERPC protocol. This vulnerability could allow an attacker with network access to the vCenter Server to execute remote code by sending a specially crafted packet...

9.8CVSS7.8AI score0.54143EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-8963

Ivanti Cloud Services Appliance CSA contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker could bypass admin authentication and execute arbitrary...

9.4CVSS5.7AI score0.98557EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2008-6668

Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via a .. dot dot in the 1 id parameter to comm.php and 2 varfilename parameter to viewrq.php...

5CVSS5.9AI score0.15346EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/18 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-14644

Oracle WebLogic Server, a product within the Fusion Middleware suite, contains a deserialization vulnerability. Unauthenticated attackers with network access via T3 or IIOP can exploit this vulnerability to achieve remote code execution...

9.8CVSS6.1AI score0.94548EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/18 12:0 a.m.•6 views

VulnCheck KEV: CVE-2023-33510

Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters...

7.5CVSS5.9AI score0.04042EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/18 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-29078

The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon...

9.8CVSS6.8AI score0.32386EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/18 12:0 a.m.•9 views

VulnCheck KEV: CVE-2021-45511

Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021-08-27, AC2600 before 2021-08-27, D7000 before 2021-08-27, R6220 before 2021-08-27, R6230 before 2021-08-27, R6260 before 2021-08-27, R6330 before 2021-08-27, R6350 before...

10CVSS5.8AI score0.17641EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/18 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-44427

An unauthenticated SQL Injection vulnerability in Rosario Student Information System aka rosariosis before 8.1.1 allows remote attackers to execute PostgreSQL statements e.g., SELECT, INSERT, UPDATE, and DELETE through /Side.php via the syear parameter...

9.8CVSS6.1AI score0.50641EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/18 12:0 a.m.•2 views

VulnCheck KEV: CVE-2023-4542

A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to os command injection. It is possible to initiate the attack remotely. The...

9.8CVSS5.5AI score0.86533EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/18 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-43478

fakeupload.cgi on the Telstra Smart Modem Gen 2 Arcadyan LH1000, firmware versions 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately leading to code...

9.8CVSS5.8AI score0.17419EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/18 12:0 a.m.•2 views

VulnCheck KEV: CVE-2020-4450

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231...

10CVSS7.7AI score0.33937EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/18 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-12168

Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell aka Administration Commands screen...

9CVSS6.4AI score0.04959EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/18 12:0 a.m.•7 views

VulnCheck KEV: CVE-2023-28365

A backup file vulnerability found in UniFi applications Version 7.3.83 and earlier running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored...

9.1CVSS5.9AI score0.00757EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/18 12:0 a.m.•13 views

VulnCheck KEV: CVE-2023-35843

NocoDB through 0.106.0 or 0.109.1 has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the...

7.5CVSS5.9AI score0.08875EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/18 12:0 a.m.•2 views

VulnCheck KEV: CVE-2020-3451

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system OS as a restricted user. For more...

6.5CVSS6.1AI score0.02175EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/09/18 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-24229

DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

7.8CVSS5.8AI score0.06717EPSS
Exploits1References1
Total number of security vulnerabilities4985