4985 matches found
VulnCheck KEV: CVE-2024-7786
The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates...
VulnCheck KEV: CVE-2021-20124
Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...
VulnCheck KEV: CVE-2024-45506
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding h2send loop under a certain set of conditions, as exploited in the wild in 2024...
VulnCheck KEV: CVE-2024-6473
Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used...
VulnCheck KEV: CVE-2024-7928
A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched remotely. The...
VulnCheck KEV: CVE-2020-10215
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dnsqueryname parameter in a dnsquery.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected...
VulnCheck KEV: CVE-2024-43978
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in highwarden Super Store Finder superstorefinder-wp.This issue affects Super Store Finder: from n/a through 6.9.8...
VulnCheck KEV: CVE-2024-43971
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.This issue affects Sunshine Photo Cart: from n/a through = 3.2.5...
VulnCheck KEV: CVE-2024-13980
H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState...
VulnCheck KEV: CVE-2019-3914
Remote command injection vulnerability in Verizon Fios Quantum Gateway G1100 firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostname...
VulnCheck KEV: CVE-2024-43976
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in highwarden Super Store Finder superstorefinder-wp.This issue affects Super Store Finder: from n/a through = 6.9.7...
VulnCheck KEV: CVE-2024-43975
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in highwarden Super Store Finder superstorefinder-wp.This issue affects Super Store Finder: from n/a through = 6.9.7...
VulnCheck KEV: CVE-2024-7029
Commands can be injected over the network and executed without authentication...
VulnCheck KEV: CVE-2024-43932
Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through = 5.6.2...
VulnCheck KEV: CVE-2024-43938
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Jeroen Peters Name Directory allows Reflected XSS.This issue affects Name Directory: from n/a through 1.29.0...
VulnCheck KEV: CVE-2024-43917
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2...
VulnCheck KEV: CVE-2024-39717
The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface. The “Change Favicon” Favorite Icon enables the upload of a...
VulnCheck KEV: CVE-2024-13984
QiAnXin TianQing Management Center versions up to and including 6.7.0.4130 contain a path traversal vulnerability in the rptsvr component that allows unauthenticated attackers to upload files to arbitrary locations on the server. The /rptsvr/upload endpoint fails to sanitize the filename...
VulnCheck KEV: CVE-2024-13981
LiveBOS, an object-oriented business architecture middleware suite developed by Apex Software Co., Ltd., contains an arbitrary file upload vulnerability in its UploadFile.do;.js.jsp endpoint. This flaw affects the LiveBOS Server component and allows unauthenticated remote attackers to upload...
VulnCheck KEV: CVE-2024-6587
LiteLLM is vulnerable to a Server-Side Request Forgery SSRF vulnerability that exposes OpenAI API Keys...
VulnCheck KEV: CVE-2024-37032
Ollama before 0.1.34 does not validate the format of the digest sha256 with 64 hex digits when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring...
VulnCheck KEV: CVE-2021-33045
Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication...
VulnCheck KEV: CVE-2024-7971
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...
VulnCheck KEV: CVE-2023-2640
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs. xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks...
VulnCheck KEV: CVE-2024-28000
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1...
VulnCheck KEV: CVE-2024-7965
Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...
VulnCheck KEV: CVE-2024-38856
Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker...
VulnCheck KEV: CVE-2024-36104
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue...
VulnCheck KEV: CVE-2024-43283
Insertion of Sensitive Information Into Sent Data vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through = 23.1.2...
VulnCheck KEV: CVE-2024-43306
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay.This issue affects WP-Lister Lite for eBay: from n/a through = 3.6.0...
VulnCheck KEV: CVE-2024-43354
Deserialization of Untrusted Data vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through = 2.7.2...
VulnCheck KEV: CVE-2024-36858
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file...
VulnCheck KEV: CVE-2017-8961
A directory traversal vulnerability in HPE Intelligent Management Center IMC PLAT 7.3 E0504P02 could allow remote code execution...
VulnCheck KEV: CVE-2024-28986
SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution...
VulnCheck KEV: CVE-2024-36857
Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface...
VulnCheck KEV: CVE-2016-4977
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for responsetype...
VulnCheck KEV: CVE-2024-43246
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in creativeon WHMpress allows Reflected XSS.This issue affects WHMpress: from n/a through 6.2-revision-5...
VulnCheck KEV: CVE-2024-38193
Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges...
VulnCheck KEV: CVE-2024-38213
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience via a malicious file...
VulnCheck KEV: CVE-2024-38106
Microsoft Windows Kernel contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. Successful exploitation of this vulnerability requires an attacker to win a race condition...
VulnCheck KEV: CVE-2024-38178
Microsoft Windows Scripting Engine contains a memory corruption vulnerability that allows unauthenticated attacker to initiate remote code execution via a specially crafted URL...
VulnCheck KEV: CVE-2024-34257
TOTOLINK EX1800T V9.1.0cu.2112B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges...
VulnCheck KEV: CVE-2024-38107
Microsoft Windows Power Dependency Coordinator contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to obtain SYSTEM privileges...
VulnCheck KEV: CVE-2024-38189
Microsoft Project contains an unspecified vulnerability that allows for remote code execution via a malicious file...
VulnCheck KEV: CVE-2024-43252
Deserialization of Untrusted Data vulnerability in Crew HRM Crew HRM hr-management.This issue affects Crew HRM: from n/a through = 1.1.1...
VulnCheck KEV: CVE-2024-37099
Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.14.1...
VulnCheck KEV: CVE-2023-46574
An issue in TOTOLINK A3700R v.9.1.2u.616520211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function...
VulnCheck KEV: CVE-2024-6455
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.0 due to a missing capability checks on ekitwidgetareacontent function. This makes it possible for unauthenticated attackers to view any item created in...
VulnCheck KEV: CVE-2023-52028
TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the setTracerouteCfg function...
VulnCheck KEV: CVE-2008-3648
nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008...