Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2024/08/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-43153

Improper Privilege Management vulnerability in WofficeIO Woffice allows Privilege Escalation.This issue affects Woffice: from n/a through 5.4.10...

9.8CVSS7.3AI score0.00624EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/06 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-4450

A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. The exploit has been disclosed...

9.8CVSS5.4AI score0.11407EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/06 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-4885

Progress WhatsUp Gold contains a path traversal vulnerability that allows an unauthenticated attacker to achieve remote code execution...

9.8CVSS7.5AI score0.99288EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/06 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-5148

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument fileupload leads to unrestricted upload. The...

8.8CVSS5.6AI score0.3066EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/06 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-22897

A SQL injection vulnerability in the productalloneimg and imageproduct parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data...

9.8CVSS5.9AI score0.10814EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/06 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-7593

Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account...

9.8CVSS5.8AI score0.99987EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/06 12:0 a.m.7 views

VulnCheck KEV: CVE-2024-29895

Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when registerargcargv option of PHP is On. In cmdrealtime.php line 119, the...

10CVSS6.1AI score0.94294EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/05 12:0 a.m.9 views

VulnCheck KEV: CVE-2024-36971

Android contains an unspecified vulnerability in the kernel that allows for remote code execution. This vulnerability resides in Linux Kernel and could impact other products, including but not limited to Android OS...

7.8CVSS6.1AI score0.02701EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/01 12:0 a.m.2 views

VulnCheck KEV: CVE-2018-0824

Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or script...

8.8CVSS7.7AI score0.73469EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-39647

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kofi Mokome Message Filter for Contact Form 7 cf7-message-filter.This issue affects Message Filter for Contact Form 7: from n/a through = 1.6.1.1...

7.1CVSS5.8AI score0.00256EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/01 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-5057

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12...

9.8CVSS5.9AI score0.02588EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/01 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-39663

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Epsiloncool WP Fast Total Search fulltext-search.This issue affects WP Fast Total Search: from n/a through = 1.68.232...

5.8AI score0.00255EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/08/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-39646

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kunal Custom 404 Pro custom-404-pro.This issue affects Custom 404 Pro: from n/a through = 3.11.1...

7.1CVSS5.8AI score0.00588EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/30 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-20123

Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

7.8CVSS7.4AI score0.74279EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/29 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-43047

Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services while maintaining memory maps of HLOS memory...

7.8CVSS7.3AI score0.00673EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-45837

It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by sending a specifically crafted input to /tos/index.php?app/del...

10CVSS7.5AI score0.15914EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/25 12:0 a.m.6 views

VulnCheck KEV: CVE-2017-1000226

Stop User Enumeration 1.3.8 allows user enumeration via the REST API...

5.3CVSS5.8AI score0.01373EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/25 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-25064

TP-LINK TL-WR840NESV6.20180709 was discovered to contain a remote code execution RCE vulnerability via the function oalwan6setIpAddr...

9.8CVSS7.8AI score0.39776EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/25 12:0 a.m.6 views

VulnCheck KEV: CVE-2014-2908

Cross-site scripting XSS vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.9AI score0.2095EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/25 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-24785

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale...

7.5CVSS6.9AI score0.05664EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/25 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-24663

PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user...

9.9CVSS7.4AI score0.01971EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/25 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-25690

Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...

9.8CVSS6.8AI score0.8377EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-44142

The Samba vfsfruit module uses extended file attributes EA, xattr to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfsfruit configured allow out-of-bounds heap read and...

9CVSS6.8AI score0.74042EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/25 12:0 a.m.1 views

VulnCheck KEV: CVE-2022-24664

PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts...

9.9CVSS7.4AI score0.01589EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-32784

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file pagefile.sys, hibernation file hiberfil.sys, or RAM dump of the entire system...

7.5CVSS7.3AI score0.04655EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/25 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-3018

ipeak Infosystems ibexwebCMS aka IPeakCMS 3.5 is vulnerable to an unauthenticated Boolean-based SQL injection via the id parameter on the /cms/print.php page...

9.8CVSS7.4AI score0.19506EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/25 12:0 a.m.3 views

VulnCheck KEV: CVE-2017-4946

The VMware V4H and V4PA desktop agents 6.x before 6.5.1 contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM...

7.8CVSS7.3AI score0.00498EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/25 12:0 a.m.8 views

VulnCheck KEV: CVE-2021-28481

Microsoft Exchange Server Remote Code Execution Vulnerability...

10CVSS7.4AI score0.36486EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/25 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-22005

Microsoft SharePoint Server Remote Code Execution Vulnerability...

8.8CVSS7.4AI score0.16825EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/25 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-24665

PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts...

9.9CVSS7.5AI score0.02436EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-15637

Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop...

8.1CVSS7.3AI score0.14314EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-21932

Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications component: OXI. The supported version that is affected is 5.6. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle...

7.2CVSS7.3AI score0.44684EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/25 12:0 a.m.9 views

VulnCheck KEV: CVE-2021-40684

Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running...

9.1CVSS7.3AI score0.01149EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/24 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-6753

The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mapTypes’ parameter in the 'wpwautopostermapwordpressposttype' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output escaping. This...

7.2CVSS5.8AI score0.00829EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/24 12:0 a.m.1 views

VulnCheck KEV: CVE-2024-6188

A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as problematic. This issue affects some unknown processing of the file /TS/export/pagedefinition. The manipulation of the argument ID leads to direct request. The attack may be initiated remotely. The exploit has been...

6.9CVSS5AI score0.02053EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/24 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-45249

Acronis Cyber Infrastructure ACI allows an unauthenticated user to execute commands remotely due to the use of default passwords...

9.8CVSS5.9AI score0.53255EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/24 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-39631

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through = 23.1.2...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/24 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-41642

Multiple reflected cross-site scripting XSS vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter...

6.1CVSS5.9AI score0.01071EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/23 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-6695

it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process...

9.8CVSS5.6AI score0.00796EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/23 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-5178

ServiceNow has addressed a sensitive file read vulnerability that was identified in the Washington DC, Vancouver, and Utah Now Platform releases. This vulnerability could allow an administrative user to gain unauthorized access to sensitive files on the web application server. The vulnerability...

6.9CVSS5.8AI score0.33593EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/23 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-4879

ServiceNow Utah, Vancouver, and Washington DC Now Platform releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely...

9.8CVSS5.9AI score0.99976EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-43795

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service WPS specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request...

9.8CVSS5.8AI score0.67715EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-6828

The Redux Framework plugin for WordPress is vulnerable to unauthenticated JSON file uploads due to missing authorization and capability checks on the ReduxColorSchemeImport function in versions 4.4.12 to 4.4.17. This makes it possible for unauthenticated attackers to upload JSON files, which...

7.2CVSS5.8AI score0.01028EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/22 12:0 a.m.8 views

VulnCheck KEV: CVE-2024-7014

EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older...

8.1CVSS7.3AI score0.01364EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-25540

ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter...

7.5CVSS5.8AI score0.75881EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/20 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-5217

ServiceNow Washington DC, Vancouver, and earlier Now Platform releases contain an incomplete list of disallowed inputs vulnerability in the GlideExpression script. An unauthenticated user could exploit this vulnerability to execute code remotely...

9.8CVSS5.9AI score0.99628EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/19 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-38771

Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration.This issue affects Atarim: from n/a through = 4.0...

6.5CVSS5.8AI score0.00419EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/17 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-6220

The 简数采集器 Keydatas plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatasdownloadImages function in all versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS5.9AI score0.35708EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/17 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-6387

A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period...

9.3CVSS6.9AI score0.99506EPSS
Exploits68References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/16 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-24847

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...

7.2CVSS6AI score0.01465EPSS
Exploits0References1
Total number of security vulnerabilities4985