Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2024/07/16 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-11625

An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. Failed web UI login attempts elicit different responses depending on whether a user account exists. Because the responses indicate...

5.3CVSS5.8AI score0.01415EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/16 12:0 a.m.4 views

VulnCheck KEV: CVE-2016-4945

Cross-site scripting XSS vulnerability in vpn/js/gatewayloginformview.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSCTMAC cookie...

6.1CVSS5.9AI score0.01372EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/16 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-1853

Zemana AntiLogger v2.74.204.664 is vulnerable to an Arbitrary Process Termination vulnerability by triggering the 0x80002048 IOCTL code of the zam64.sys and zamguard64.sys drivers...

5.5CVSS5.8AI score0.002EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-27348

Apache HugeGraph-Server contains an improper access control vulnerability that could allow a remote attacker to execute arbitrary code...

9.8CVSS6.1AI score0.9921EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-44892

A Remote Code Execution RCE vulnerability exists in ThinkPHP 3.x.x via valuefilename in index.php, which could let a malicious user obtain server control privileges...

8.8CVSS5.9AI score0.02021EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/13 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-38770

Improper Privilege Management vulnerability in Revmakx Backup and Staging by WP Time Capsule allows Privilege Escalation, Authentication Bypass.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.20...

9.8CVSS5.8AI score0.00535EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/12 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-34102

Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference XXE vulnerability that allows for remote code execution...

9.8CVSS7.5AI score0.99994EPSS
Exploits26References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/11 12:0 a.m.10 views

VulnCheck KEV: CVE-2024-38708

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dmitry V. CEO of "UKR Solution" Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders.This issue affects Barcode Scanner with Inventory...

8.8CVSS5.9AI score0.00455EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/11 12:0 a.m.8 views

VulnCheck KEV: CVE-2024-38706

Path Traversal: '.../...//' vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through = 2.5.7...

8.8CVSS5.8AI score0.00704EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/11 12:0 a.m.8 views

VulnCheck KEV: CVE-2024-38735

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Bastien Ho Event post event-post.This issue affects Event post: from n/a through = 5.9.5...

5.8AI score0.00521EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/10 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-37943

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in YITH YITH WooCommerce Ajax Product Filter allows Reflected XSS.This issue affects YITH WooCommerce Ajax Product Filter: from n/a through 5.1.0...

5.8CVSS5.8AI score0.00296EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/09 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-38080

Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges...

7.8CVSS5.8AI score0.07115EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/09 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-37929

Missing Authorization vulnerability in solwin User Activity Log Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Activity Log Pro: from n/a through 2.3.4...

6.3CVSS5.8AI score0.00336EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/09 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-37560

Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0...

8CVSS5.8AI score0.00366EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/09 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-38112

Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability...

7.5CVSS5.8AI score0.84345EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/09 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-38526

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code...

7.2CVSS5.7AI score0.03832EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-6365

The Product Table by WBW plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'saveCustomTitle' function. This is due to missing authorization and lack of sanitization of appended data in the languages/customTitle.php file. This makes...

9.8CVSS5.9AI score0.01211EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/08 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-5441

The Modern Events Calendar plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the setfeaturedimage function in all versions up to, and including, 7.11.0. This makes it possible for authenticated attackers, with subscriber access and above, to...

8.8CVSS5.9AI score0.01117EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/05 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-37502

Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login woo-social-login.This issue affects WooCommerce Social Login: from n/a through = 2.6.3...

7.5CVSS5.8AI score0.00313EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/04 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-37418

Unrestricted Upload of File with Dangerous Type vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.4.6...

9.9CVSS5.8AI score0.00537EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/04 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-37497

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Crocoblock JetThemeCore allows File Manipulation.This issue affects JetThemeCore: from n/a before 2.2.1...

7.7CVSS5.8AI score0.00676EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/04 12:0 a.m.8 views

VulnCheck KEV: CVE-2024-37481

Missing Authorization vulnerability in RadiusTheme The Post Grid the-post-grid.This issue affects The Post Grid: from n/a through = 7.7.4...

6.5CVSS5.8AI score0.00336EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-36401

OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input...

9.8CVSS7.7AI score0.99813EPSS
Exploits25References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/03 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-31750

SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the reqid parameter...

9.8CVSS5.9AI score0.1942EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/03 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-29510

Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device...

6.3CVSS5.8AI score0.27974EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/02 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-39891

Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy...

5.3CVSS5.8AI score0.01477EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-5889

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS5.8AI score0.0031EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/01 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-37472

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WofficeIO Woffice woffice.This issue affects Woffice: from n/a through = 5.4.8...

7.1CVSS5.8AI score0.00333EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-20399

Cisco NX-OS contains a command injection vulnerability in the command line interface CLI that could allow an authenticated, local attacker to execute commands as root on the underlying operating system of an affected device...

6.7CVSS7.4AI score0.04271EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-38743

Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine...

7.2CVSS5.9AI score0.11634EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/06/29 12:0 a.m.6 views

VulnCheck KEV: CVE-2019-20504

service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 6.4.120822 allows a remote attacker to execute code via shell metacharacters in the kuid parameter...

9.8CVSS6AI score0.0955EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/06/28 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-23692

Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability. This allows a remote, unauthenticated attacker to execute commands on the affected system by sending a specially crafted HTTP request...

9.8CVSS5.9AI score0.99485EPSS
Exploits20References1
VulnCheck KEV
VulnCheck KEV
added 2024/06/28 12:0 a.m.8 views

VulnCheck KEV: CVE-2024-37433

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EverPress Mailster mailster.This issue affects Mailster: from n/a through = 4.0.9...

6.1CVSS5.8AI score0.00274EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/06/28 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-10942

modules/attributewizardpro/fileupload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file...

9.8CVSS6.2AI score0.12744EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/06/27 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-22729

NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page...

9.8CVSS5.8AI score0.70779EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/06/27 12:0 a.m.7 views

VulnCheck KEV: CVE-2024-37422

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Progress Planner Progress Planner progress-planner.This issue affects Progress Planner: from n/a through = 0.9.2...

6.5CVSS5.8AI score0.00261EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/06/27 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-37259

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended wpextended.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through = 2.4.7...

6.1CVSS5.8AI score0.0063EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/06/27 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-37261

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Lab WP-Lister Lite for Amazon wp-lister-for-amazon.This issue affects WP-Lister Lite for Amazon: from n/a through = 2.6.16...

7.1CVSS5.8AI score0.0063EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/06/26 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-31982

XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a...

10CVSS6.4AI score0.3452EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/06/26 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-13965

Roundcube Webmail contains a cross-site scripting XSS vulnerability that allows a remote attacker to manipulate data via a malicious XML attachment...

6.3CVSS7.2AI score0.76596EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/06/26 12:0 a.m.2 views

VulnCheck KEV: CVE-2023-2215

A vulnerability classified as critical has been found in Campcodes Coffee Shop POS System 1.0. Affected is an unknown function of the file /admin/user/manageuser.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

9.8CVSS5.7AI score0.01637EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/06/26 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-23178

An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with...

10CVSS5.8AI score0.75711EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2024/06/25 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-5806

Improper Authentication vulnerability in Progress MOVEit Transfer SFTP module can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.v...

9.8CVSS7.3AI score0.75812EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/06/25 12:0 a.m.8 views

VulnCheck KEV: CVE-2024-0769

D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml allows for the leakage of session data potentially enabling...

9.8CVSS6AI score0.82714EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/06/24 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-36680

In the module Facebook pkfacebook =1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...

7.5CVSS5.9AI score0.10087EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/06/24 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-29973

The command injection vulnerability in the 'setCookie' parameter in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted HTTP POST...

9.8CVSS5.9AI score0.86089EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2024/06/22 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-27034

PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability...

9.8CVSS5.9AI score0.58743EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/06/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-41109

SmartNode SN200 aka SN200 3.21.2-23021 allows unauthenticated OS Command Injection...

9.8CVSS5.8AI score0.64113EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/06/21 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-37228

Unrestricted Upload of File with Dangerous Type vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through = 0.1.0.38...

10CVSS5.8AI score0.00531EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/06/21 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-28995

SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine...

8.6CVSS5.8AI score0.99614EPSS
Exploits8References1
Total number of security vulnerabilities4985