4985 matches found
VulnCheck KEV: CVE-2020-11625
An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. Failed web UI login attempts elicit different responses depending on whether a user account exists. Because the responses indicate...
VulnCheck KEV: CVE-2016-4945
Cross-site scripting XSS vulnerability in vpn/js/gatewayloginformview.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSCTMAC cookie...
VulnCheck KEV: CVE-2024-1853
Zemana AntiLogger v2.74.204.664 is vulnerable to an Arbitrary Process Termination vulnerability by triggering the 0x80002048 IOCTL code of the zam64.sys and zamguard64.sys drivers...
VulnCheck KEV: CVE-2024-27348
Apache HugeGraph-Server contains an improper access control vulnerability that could allow a remote attacker to execute arbitrary code...
VulnCheck KEV: CVE-2021-44892
A Remote Code Execution RCE vulnerability exists in ThinkPHP 3.x.x via valuefilename in index.php, which could let a malicious user obtain server control privileges...
VulnCheck KEV: CVE-2024-38770
Improper Privilege Management vulnerability in Revmakx Backup and Staging by WP Time Capsule allows Privilege Escalation, Authentication Bypass.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.20...
VulnCheck KEV: CVE-2024-34102
Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference XXE vulnerability that allows for remote code execution...
VulnCheck KEV: CVE-2024-38708
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dmitry V. CEO of "UKR Solution" Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders.This issue affects Barcode Scanner with Inventory...
VulnCheck KEV: CVE-2024-38706
Path Traversal: '.../...//' vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through = 2.5.7...
VulnCheck KEV: CVE-2024-38735
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Bastien Ho Event post event-post.This issue affects Event post: from n/a through = 5.9.5...
VulnCheck KEV: CVE-2024-37943
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in YITH YITH WooCommerce Ajax Product Filter allows Reflected XSS.This issue affects YITH WooCommerce Ajax Product Filter: from n/a through 5.1.0...
VulnCheck KEV: CVE-2024-38080
Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges...
VulnCheck KEV: CVE-2024-37929
Missing Authorization vulnerability in solwin User Activity Log Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Activity Log Pro: from n/a through 2.3.4...
VulnCheck KEV: CVE-2024-37560
Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0...
VulnCheck KEV: CVE-2024-38112
Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability...
VulnCheck KEV: CVE-2024-38526
pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code...
VulnCheck KEV: CVE-2024-6365
The Product Table by WBW plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'saveCustomTitle' function. This is due to missing authorization and lack of sanitization of appended data in the languages/customTitle.php file. This makes...
VulnCheck KEV: CVE-2024-5441
The Modern Events Calendar plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the setfeaturedimage function in all versions up to, and including, 7.11.0. This makes it possible for authenticated attackers, with subscriber access and above, to...
VulnCheck KEV: CVE-2024-37502
Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login woo-social-login.This issue affects WooCommerce Social Login: from n/a through = 2.6.3...
VulnCheck KEV: CVE-2024-37418
Unrestricted Upload of File with Dangerous Type vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.4.6...
VulnCheck KEV: CVE-2024-37497
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Crocoblock JetThemeCore allows File Manipulation.This issue affects JetThemeCore: from n/a before 2.2.1...
VulnCheck KEV: CVE-2024-37481
Missing Authorization vulnerability in RadiusTheme The Post Grid the-post-grid.This issue affects The Post Grid: from n/a through = 7.7.4...
VulnCheck KEV: CVE-2024-36401
OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input...
VulnCheck KEV: CVE-2024-31750
SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the reqid parameter...
VulnCheck KEV: CVE-2024-29510
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device...
VulnCheck KEV: CVE-2024-39891
Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy...
VulnCheck KEV: CVE-2024-5889
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...
VulnCheck KEV: CVE-2024-37472
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WofficeIO Woffice woffice.This issue affects Woffice: from n/a through = 5.4.8...
VulnCheck KEV: CVE-2024-20399
Cisco NX-OS contains a command injection vulnerability in the command line interface CLI that could allow an authenticated, local attacker to execute commands as root on the underlying operating system of an affected device...
VulnCheck KEV: CVE-2023-38743
Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine...
VulnCheck KEV: CVE-2019-20504
service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 6.4.120822 allows a remote attacker to execute code via shell metacharacters in the kuid parameter...
VulnCheck KEV: CVE-2024-23692
Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability. This allows a remote, unauthenticated attacker to execute commands on the affected system by sending a specially crafted HTTP request...
VulnCheck KEV: CVE-2024-37433
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EverPress Mailster mailster.This issue affects Mailster: from n/a through = 4.0.9...
VulnCheck KEV: CVE-2018-10942
modules/attributewizardpro/fileupload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file...
VulnCheck KEV: CVE-2024-22729
NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page...
VulnCheck KEV: CVE-2024-37422
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Progress Planner Progress Planner progress-planner.This issue affects Progress Planner: from n/a through = 0.9.2...
VulnCheck KEV: CVE-2024-37259
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended wpextended.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through = 2.4.7...
VulnCheck KEV: CVE-2024-37261
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Lab WP-Lister Lite for Amazon wp-lister-for-amazon.This issue affects WP-Lister Lite for Amazon: from n/a through = 2.6.16...
VulnCheck KEV: CVE-2024-31982
XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a...
VulnCheck KEV: CVE-2020-13965
Roundcube Webmail contains a cross-site scripting XSS vulnerability that allows a remote attacker to manipulate data via a malicious XML attachment...
VulnCheck KEV: CVE-2023-2215
A vulnerability classified as critical has been found in Campcodes Coffee Shop POS System 1.0. Affected is an unknown function of the file /admin/user/manageuser.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
VulnCheck KEV: CVE-2022-23178
An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with...
VulnCheck KEV: CVE-2024-5806
Improper Authentication vulnerability in Progress MOVEit Transfer SFTP module can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.v...
VulnCheck KEV: CVE-2024-0769
D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml allows for the leakage of session data potentially enabling...
VulnCheck KEV: CVE-2024-36680
In the module Facebook pkfacebook =1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
VulnCheck KEV: CVE-2024-29973
The command injection vulnerability in the 'setCookie' parameter in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted HTTP POST...
VulnCheck KEV: CVE-2023-27034
PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability...
VulnCheck KEV: CVE-2023-41109
SmartNode SN200 aka SN200 3.21.2-23021 allows unauthenticated OS Command Injection...
VulnCheck KEV: CVE-2024-37228
Unrestricted Upload of File with Dangerous Type vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through = 0.1.0.38...
VulnCheck KEV: CVE-2024-28995
SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine...