Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2024/06/19 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-2586

Linux Kernel contains a use-after-free vulnerability in the nftobject, allowing local attackers to escalate privileges...

7.8CVSS6.8AI score0.12746EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2024/06/19 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-35733

Missing authentication for critical function vulnerability in UNIMO Technology digital video recorders UDR-JA1004/JA1008/JA1016 firmware versions v1.0.20.13 and earlier, and UDR-JA1016 firmware versions v2.0.20.13 and earlier allows a remote unauthenticated attacker to execute an arbitrary OS...

9.8CVSS6AI score0.01249EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/06/19 12:0 a.m.•2 views

VulnCheck KEV: CVE-2023-46347

In the module "Step by Step products Pack" ndksteppingpack version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method NdkSpack::getPacks has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...

9.8CVSS5.9AI score0.49885EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/06/19 12:0 a.m.•8 views

VulnCheck KEV: CVE-2024-29824

Ivanti Endpoint Manager EPM contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code...

9.6CVSS7.6AI score0.99951EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2024/06/19 12:0 a.m.•6 views

VulnCheck KEV: CVE-2023-39796

SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DBRECORDTABLE parameter...

9.8CVSS6.3AI score0.06096EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2024/06/18 12:0 a.m.•9 views

VulnCheck KEV: CVE-2023-7308

SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated...

8.7CVSS5.8AI score0.06711EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/06/18 12:0 a.m.•9 views

VulnCheck KEV: CVE-2022-22948

VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information...

6.5CVSS7.3AI score0.13935EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/06/14 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-32113

Apache OFBiz contains a path traversal vulnerability that could allow for remote code execution...

9.8CVSS6.1AI score0.99442EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2024/06/13 12:0 a.m.•2 views

VulnCheck KEV: CVE-2024-21754

A use of password hash with insufficient computational effort vulnerability CWE-916 affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged...

4.4CVSS5.8AI score0.03469EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/06/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-31223

Fides is an open-source privacy engineering platform, and SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP...

5.3CVSS5.8AI score0.01114EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/06/12 12:0 a.m.•2 views

VulnCheck KEV: CVE-2024-26169

Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges...

7.8CVSS7.3AI score0.04014EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/06/12 12:0 a.m.•2 views

VulnCheck KEV: CVE-2024-4898

The InstaWP Connect - 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the...

9.8CVSS5.9AI score0.04156EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/06/11 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-32896

Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation...

8.1CVSS7.3AI score0.0301EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/06/08 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-1026

Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function...

8.6CVSS7.1AI score0.15102EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2024/06/07 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-4610

Arm Bifrost and Valhall GPU kernel drivers contain a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory...

7.8CVSS5.8AI score0.00758EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/06/07 12:0 a.m.•5 views

VulnCheck KEV: CVE-2024-4577

PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823...

9.8CVSS7AI score0.99998EPSS
Exploits101References1
VulnCheck KEV
VulnCheck KEV
•added 2024/06/07 12:0 a.m.•2 views

VulnCheck KEV: CVE-2024-4620

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form...

9.8CVSS5.8AI score0.03345EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/06/07 12:0 a.m.•2 views

VulnCheck KEV: CVE-2024-4358

Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized access...

9.8CVSS5.8AI score0.97482EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
•added 2024/06/06 12:0 a.m.•11 views

VulnCheck KEV: CVE-2024-35693

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list.This issue affects 12 Step Meeting List: from n/a through = 3.14.33...

6.1CVSS5.8AI score0.0059EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/06/06 12:0 a.m.•7 views

VulnCheck KEV: CVE-2024-35679

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through = 3.12.0...

7.1CVSS5.8AI score0.0033EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/06/06 12:0 a.m.•9 views

VulnCheck KEV: CVE-2024-35694

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Amauri WPMobile.App wpappninja.This issue affects WPMobile.App: from n/a through = 11.41...

7.1CVSS5.8AI score0.00668EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/06/05 12:0 a.m.•2 views

VulnCheck KEV: CVE-2024-5324

The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'importsettings' function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS5.8AI score0.01507EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/06/05 12:0 a.m.•6 views

VulnCheck KEV: CVE-2024-3469

The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS5.9AI score0.00637EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/06/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-6266

The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMIBACKUP case of the handledownloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to...

7.5CVSS7.3AI score0.02072EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/30 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-1086

Linux kernel contains a use-after-free vulnerability in the netfilter: nftables component that allows an attacker to achieve local privilege escalation...

7.8CVSS6.8AI score0.28058EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/29 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-4404

In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improved memory handling...

9.3CVSS7.3AI score0.13919EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/29 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-6961

The WP Meta SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Referer header in all versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.2CVSS5.9AI score0.00445EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/29 12:0 a.m.•5 views

VulnCheck KEV: CVE-2018-4233

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the...

8.8CVSS7.3AI score0.53772EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/29 12:0 a.m.•2 views

VulnCheck KEV: CVE-2024-2194

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL search parameter in all versions up to, and including, 14.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS7.4AI score0.67723EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/28 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-34444

Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before 6.7.0...

8.8CVSS5.8AI score0.00331EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/27 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-27130

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network...

8.8CVSS6.1AI score0.38054EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/27 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-24919

Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gateways connected to the internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. This issue affects several...

8.6CVSS7.3AI score0.99978EPSS
Exploits52References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/24 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-4455

The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the item parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

7.2CVSS5.8AI score0.0101EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/24 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-36745

Microsoft Exchange Server Remote Code Execution Vulnerability...

8CVSS7.4AI score0.81138EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/24 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-37055

D-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...

9.8CVSS7.5AI score0.57037EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/23 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-4978

Justice AV Solutions JAVS Viewer installer contains a malicious version of ffmpeg.exe, named fffmpeg.exe SHA256: 421a4ad2615941b177b6ec4ab5e239c14e62af2ab07c6df1741e2a62223223c4. When run, this creates a backdoor connection to a malicious C2 server...

8.7CVSS5.8AI score0.26937EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/23 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-21683

This High severity RCE Remote Code Execution vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.3, allows an authenticated attacker to execute arbitrary code which has high impact to...

8.8CVSS7.6AI score0.88267EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/22 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-25852

Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the AccessControlList parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights...

8.8CVSS6AI score0.16519EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-3306

A vulnerability was found in Ruijie RG-EW1200G EW3.01B11P204. It has been declared as critical. This vulnerability affects unknown code of the file app.09df2a9e44ab48766f5f.js of the component Admin Password Handler. The manipulation leads to improper access controls. The attack can be...

9.8CVSS6.8AI score0.23065EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-35555

A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.94122, which allows attackers to construct cmdinput parameters for arbitrary command execution...

9.8CVSS5.9AI score0.24952EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-13307

System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable...

10CVSS5.9AI score0.03195EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/22 12:0 a.m.•6 views

VulnCheck KEV: CVE-2019-2618

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS Core Components. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to...

5.5CVSS7.3AI score0.33405EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2010-2506

Cross-site scripting XSS vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter...

2.9CVSS5.9AI score0.00661EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-31446

Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution RCE vulnerability via the Mac parameter at ip/goform/WriteFacMac...

10CVSS6.4AI score0.32751EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/21 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-35700

Incorrect Privilege Assignment vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through = 5.1.8...

9.8CVSS5.8AI score0.00487EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/20 12:0 a.m.•2 views

VulnCheck KEV: CVE-2024-5274

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...

9.6CVSS6.7AI score0.1002EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/20 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-2771

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This...

9.8CVSS5.8AI score0.02333EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/20 12:0 a.m.•5 views

VulnCheck KEV: CVE-2024-2782

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including,...

7.5CVSS5.8AI score0.0123EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/20 12:0 a.m.•5 views

VulnCheck KEV: CVE-2024-34794

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tainacan Tainacan tainacan.This issue affects Tainacan: from n/a through = 0.21.3...

6.1CVSS5.8AI score0.00311EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/16 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-50358

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network...

5.8CVSS5.9AI score0.12769EPSS
Exploits1References1
Total number of security vulnerabilities4985