Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2024/09/04 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-7786

The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates...

7.5CVSS5.8AI score0.01635EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/09/03 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-20124

Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

7.8CVSS7.3AI score0.69248EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/09/03 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-45506

HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding h2send loop under a certain set of conditions, as exploited in the wild in 2024...

7.5CVSS5.8AI score0.01203EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/09/03 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-6473

Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used...

8.4CVSS5.8AI score0.0071EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/29 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-7928

A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched remotely. The...

7.5CVSS6.4AI score0.16882EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/28 12:0 a.m.7 views

VulnCheck KEV: CVE-2020-10215

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dnsqueryname parameter in a dnsquery.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected...

9CVSS6.2AI score0.05886EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/28 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-43978

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in highwarden Super Store Finder superstorefinder-wp.This issue affects Super Store Finder: from n/a through 6.9.8...

9.8CVSS5.9AI score0.00462EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/28 12:0 a.m.1 views

VulnCheck KEV: CVE-2024-43971

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.This issue affects Sunshine Photo Cart: from n/a through = 3.2.5...

7.1CVSS5.8AI score0.00593EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/28 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-13980

H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState...

10CVSS6AI score0.01176EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/28 12:0 a.m.2 views

VulnCheck KEV: CVE-2019-3914

Remote command injection vulnerability in Verizon Fios Quantum Gateway G1100 firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostname...

9CVSS6.1AI score0.29885EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/28 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-43976

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in highwarden Super Store Finder superstorefinder-wp.This issue affects Super Store Finder: from n/a through = 6.9.7...

9.8CVSS5.9AI score0.00462EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/28 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-43975

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in highwarden Super Store Finder superstorefinder-wp.This issue affects Super Store Finder: from n/a through = 6.9.7...

7.1CVSS5.8AI score0.00258EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/28 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-7029

Commands can be injected over the network and executed without authentication...

9.8CVSS7.3AI score0.38998EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/26 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-43932

Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through = 5.6.2...

8.8CVSS5.8AI score0.00561EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/26 12:0 a.m.1 views

VulnCheck KEV: CVE-2024-43938

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Jeroen Peters Name Directory allows Reflected XSS.This issue affects Name Directory: from n/a through 1.29.0...

6.5CVSS5.8AI score0.00247EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/24 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-43917

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2...

9.8CVSS7.4AI score0.21769EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/23 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-39717

The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface. The “Change Favicon” Favorite Icon enables the upload of a...

7.2CVSS6.7AI score0.04006EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/23 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-13984

QiAnXin TianQing Management Center versions up to and including 6.7.0.4130 contain a path traversal vulnerability in the rptsvr component that allows unauthenticated attackers to upload files to arbitrary locations on the server. The /rptsvr/upload endpoint fails to sanitize the filename...

10CVSS5.8AI score0.00758EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/23 12:0 a.m.7 views

VulnCheck KEV: CVE-2024-13981

LiveBOS, an object-oriented business architecture middleware suite developed by Apex Software Co., Ltd., contains an arbitrary file upload vulnerability in its UploadFile.do;.js.jsp endpoint. This flaw affects the LiveBOS Server component and allows unauthenticated remote attackers to upload...

10CVSS5.9AI score0.00837EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/22 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-6587

LiteLLM is vulnerable to a Server-Side Request Forgery SSRF vulnerability that exposes OpenAI API Keys...

7.5CVSS7.3AI score0.36945EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-37032

Ollama before 0.1.34 does not validate the format of the digest sha256 with 64 hex digits when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring...

8.8CVSS5.8AI score0.89633EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/21 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-33045

Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication...

10CVSS6.6AI score0.99556EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-7971

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...

9.6CVSS5.8AI score0.19272EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-2640

On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs. xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks...

7.8CVSS6.6AI score0.15783EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-28000

Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1...

9.8CVSS5.8AI score0.68266EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-7965

Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...

8.8CVSS5.8AI score0.17227EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/19 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-38856

Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker...

9.8CVSS6.4AI score0.99427EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/19 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-36104

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue...

9.1CVSS7.1AI score0.87883EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/16 12:0 a.m.9 views

VulnCheck KEV: CVE-2024-43283

Insertion of Sensitive Information Into Sent Data vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through = 23.1.2...

7.5CVSS5.8AI score0.01104EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/16 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-43306

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay.This issue affects WP-Lister Lite for eBay: from n/a through = 3.6.0...

7.1CVSS5.8AI score0.00273EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/16 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-43354

Deserialization of Untrusted Data vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through = 2.7.2...

9.8CVSS5.8AI score0.00528EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-36858

An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file...

9.8CVSS6.2AI score0.0306EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/15 12:0 a.m.5 views

VulnCheck KEV: CVE-2017-8961

A directory traversal vulnerability in HPE Intelligent Management Center IMC PLAT 7.3 E0504P02 could allow remote code execution...

9CVSS6.1AI score0.19398EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-28986

SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution...

9.8CVSS6.1AI score0.84628EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-36857

Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface...

7.5CVSS5.9AI score0.02054EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/14 12:0 a.m.7 views

VulnCheck KEV: CVE-2016-4977

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for responsetype...

8.8CVSS6.4AI score0.79176EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/14 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-43246

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in creativeon WHMpress allows Reflected XSS.This issue affects WHMpress: from n/a through 6.2-revision-5...

7.1CVSS5.8AI score0.00255EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/13 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-38193

Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges...

7.8CVSS7.3AI score0.27561EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/13 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-38213

Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience via a malicious file...

6.5CVSS7AI score0.1337EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/13 12:0 a.m.1 views

VulnCheck KEV: CVE-2024-38106

Microsoft Windows Kernel contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. Successful exploitation of this vulnerability requires an attacker to win a race condition...

7CVSS5.8AI score0.06337EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/13 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-38178

Microsoft Windows Scripting Engine contains a memory corruption vulnerability that allows unauthenticated attacker to initiate remote code execution via a specially crafted URL...

7.5CVSS7.8AI score0.39196EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/13 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-34257

TOTOLINK EX1800T V9.1.0cu.2112B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges...

9.8CVSS6.1AI score0.03848EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/13 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-38107

Microsoft Windows Power Dependency Coordinator contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to obtain SYSTEM privileges...

7.8CVSS5.8AI score0.01635EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/13 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-38189

Microsoft Project contains an unspecified vulnerability that allows for remote code execution via a malicious file...

8.8CVSS6.4AI score0.07871EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-43252

Deserialization of Untrusted Data vulnerability in Crew HRM Crew HRM hr-management.This issue affects Crew HRM: from n/a through = 1.1.1...

9CVSS5.8AI score0.00442EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/09 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-37099

Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.14.1...

10CVSS5.8AI score0.00558EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/09 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-46574

An issue in TOTOLINK A3700R v.9.1.2u.616520211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function...

9.8CVSS6.2AI score0.65412EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/08 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-6455

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.0 due to a missing capability checks on ekitwidgetareacontent function. This makes it possible for unauthenticated attackers to view any item created in...

5.3CVSS5.8AI score0.00396EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/07 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-52028

TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the setTracerouteCfg function...

9.8CVSS6AI score0.01668EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2008-3648

nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008...

9.3CVSS6.1AI score0.21968EPSS
Exploits1References1
Total number of security vulnerabilities4985