4985 matches found
VulnCheck KEV: CVE-2022-2586
Linux Kernel contains a use-after-free vulnerability in the nftobject, allowing local attackers to escalate privileges...
VulnCheck KEV: CVE-2022-35733
Missing authentication for critical function vulnerability in UNIMO Technology digital video recorders UDR-JA1004/JA1008/JA1016 firmware versions v1.0.20.13 and earlier, and UDR-JA1016 firmware versions v2.0.20.13 and earlier allows a remote unauthenticated attacker to execute an arbitrary OS...
VulnCheck KEV: CVE-2023-46347
In the module "Step by Step products Pack" ndksteppingpack version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method NdkSpack::getPacks has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...
VulnCheck KEV: CVE-2024-29824
Ivanti Endpoint Manager EPM contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code...
VulnCheck KEV: CVE-2023-39796
SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DBRECORDTABLE parameter...
VulnCheck KEV: CVE-2023-7308
SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated...
VulnCheck KEV: CVE-2022-22948
VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information...
VulnCheck KEV: CVE-2024-32113
Apache OFBiz contains a path traversal vulnerability that could allow for remote code execution...
VulnCheck KEV: CVE-2024-21754
A use of password hash with insufficient computational effort vulnerability CWE-916 affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged...
VulnCheck KEV: CVE-2024-31223
Fides is an open-source privacy engineering platform, and SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP...
VulnCheck KEV: CVE-2024-26169
Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges...
VulnCheck KEV: CVE-2024-4898
The InstaWP Connect - 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the...
VulnCheck KEV: CVE-2024-32896
Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation...
VulnCheck KEV: CVE-2022-1026
Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function...
VulnCheck KEV: CVE-2024-4610
Arm Bifrost and Valhall GPU kernel drivers contain a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory...
VulnCheck KEV: CVE-2024-4577
PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823...
VulnCheck KEV: CVE-2024-4620
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form...
VulnCheck KEV: CVE-2024-4358
Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized access...
VulnCheck KEV: CVE-2024-35693
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list.This issue affects 12 Step Meeting List: from n/a through = 3.14.33...
VulnCheck KEV: CVE-2024-35679
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through = 3.12.0...
VulnCheck KEV: CVE-2024-35694
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Amauri WPMobile.App wpappninja.This issue affects WPMobile.App: from n/a through = 11.41...
VulnCheck KEV: CVE-2024-5324
The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'importsettings' function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level...
VulnCheck KEV: CVE-2024-3469
The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
VulnCheck KEV: CVE-2023-6266
The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMIBACKUP case of the handledownloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to...
VulnCheck KEV: CVE-2024-1086
Linux kernel contains a use-after-free vulnerability in the netfilter: nftables component that allows an attacker to achieve local privilege escalation...
VulnCheck KEV: CVE-2018-4404
In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improved memory handling...
VulnCheck KEV: CVE-2023-6961
The WP Meta SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Referer header in all versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
VulnCheck KEV: CVE-2018-4233
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the...
VulnCheck KEV: CVE-2024-2194
The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL search parameter in all versions up to, and including, 14.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
VulnCheck KEV: CVE-2024-34444
Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before 6.7.0...
VulnCheck KEV: CVE-2024-27130
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network...
VulnCheck KEV: CVE-2024-24919
Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gateways connected to the internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. This issue affects several...
VulnCheck KEV: CVE-2024-4455
The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the item parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
VulnCheck KEV: CVE-2023-36745
Microsoft Exchange Server Remote Code Execution Vulnerability...
VulnCheck KEV: CVE-2022-37055
D-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...
VulnCheck KEV: CVE-2024-4978
Justice AV Solutions JAVS Viewer installer contains a malicious version of ffmpeg.exe, named fffmpeg.exe SHA256: 421a4ad2615941b177b6ec4ab5e239c14e62af2ab07c6df1741e2a62223223c4. When run, this creates a backdoor connection to a malicious C2 server...
VulnCheck KEV: CVE-2024-21683
This High severity RCE Remote Code Execution vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.3, allows an authenticated attacker to execute arbitrary code which has high impact to...
VulnCheck KEV: CVE-2024-25852
Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the AccessControlList parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights...
VulnCheck KEV: CVE-2023-3306
A vulnerability was found in Ruijie RG-EW1200G EW3.01B11P204. It has been declared as critical. This vulnerability affects unknown code of the file app.09df2a9e44ab48766f5f.js of the component Admin Password Handler. The manipulation leads to improper access controls. The attack can be...
VulnCheck KEV: CVE-2022-35555
A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.94122, which allows attackers to construct cmdinput parameters for arbitrary command execution...
VulnCheck KEV: CVE-2018-13307
System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable...
VulnCheck KEV: CVE-2019-2618
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS Core Components. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to...
VulnCheck KEV: CVE-2010-2506
Cross-site scripting XSS vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter...
VulnCheck KEV: CVE-2022-31446
Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution RCE vulnerability via the Mac parameter at ip/goform/WriteFacMac...
VulnCheck KEV: CVE-2024-35700
Incorrect Privilege Assignment vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through = 5.1.8...
VulnCheck KEV: CVE-2024-5274
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...
VulnCheck KEV: CVE-2024-2771
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This...
VulnCheck KEV: CVE-2024-2782
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including,...
VulnCheck KEV: CVE-2024-34794
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tainacan Tainacan tainacan.This issue affects Tainacan: from n/a through = 0.21.3...
VulnCheck KEV: CVE-2023-50358
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network...