Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2024/05/16 12:0 a.m.•5 views

VulnCheck KEV: CVE-2024-32640

Mura/Masa CMS is vulnerable to a SQL injection vulnerability...

9.8CVSS5.9AI score0.68593EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/16 12:0 a.m.•3 views

VulnCheck KEV: CVE-2014-100005

D-Link DIR-600 routers contain a cross-site request forgery CSRF vulnerability that allows an attacker to change router configurations by hijacking an existing administrator session...

8.8CVSS7.2AI score0.42414EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/16 12:0 a.m.•9 views

VulnCheck KEV: CVE-2021-40655

D-Link DIR-605 routers contain an information disclosure vulnerability that allows attackers to obtain a username and password by forging a post request to the /getcfg.php page...

7.5CVSS7.3AI score0.87039EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/16 12:0 a.m.•7 views

VulnCheck KEV: CVE-2024-4351

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with...

8.8CVSS5.8AI score0.01023EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/15 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-25237

Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API...

9.8CVSS5.8AI score0.56222EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/15 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-1883

SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0...

9.6CVSS5.9AI score0.0642EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/15 12:0 a.m.•2 views

VulnCheck KEV: CVE-2021-45467

In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/accountnewcreate&acc=guadaapi URI. Any number of...

9.8CVSS5.9AI score0.70947EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/14 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-41724

A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network...

9.6CVSS6.1AI score0.12844EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/14 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-46808

An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user...

9.9CVSS6AI score0.02001EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/14 12:0 a.m.•5 views

VulnCheck KEV: CVE-2024-30040

Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass...

8.8CVSS6AI score0.03939EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-30051

Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges...

7.8CVSS7.4AI score0.05687EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/14 12:0 a.m.•5 views

VulnCheck KEV: CVE-2024-21413

Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode...

9.8CVSS7.4AI score0.9466EPSS
Exploits23References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2016-6662

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and...

10CVSS7.4AI score0.6773EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/13 12:0 a.m.•6 views

VulnCheck KEV: CVE-2024-4947

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page...

9.6CVSS7.6AI score0.15111EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-6623

The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks...

9.8CVSS7.3AI score0.50673EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/10 12:0 a.m.•2 views

VulnCheck KEV: CVE-2024-4434

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘termid’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

9.8CVSS5.9AI score0.36925EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/10 12:0 a.m.•7 views

VulnCheck KEV: CVE-2019-17564

Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4,...

9.8CVSS7.3AI score0.35564EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/10 12:0 a.m.•8 views

VulnCheck KEV: CVE-2018-16509

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction...

9.3CVSS7.2AI score0.92499EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/10 12:0 a.m.•3 views

VulnCheck KEV: CVE-2016-5734

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...

9.8CVSS7.6AI score0.81373EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/10 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-20345

A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit...

6.5CVSS6.6AI score0.02155EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/10 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-9480

In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster,...

9.8CVSS6.8AI score0.29157EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/10 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-23814

Multiple cross-site scripting XSS vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via 1 AppName and 2AddressList parameter in JobGroupController.java file...

6.1CVSS6.4AI score0.01188EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/10 12:0 a.m.•5 views

VulnCheck KEV: CVE-2016-4326

The Chef Manage formerly opscode-manage add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie...

9.8CVSS7.7AI score0.04194EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/10 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-10684

A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansiblefacts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansiblefacts after the clean. An attacker could take...

7.9CVSS6.9AI score0.00345EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/10 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-25194

A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka...

8.8CVSS7.2AI score0.95302EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/09 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-0801

A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll...

7.5CVSS7.2AI score0.41843EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/09 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-1375

An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'...

7.8CVSS7.2AI score0.07716EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/09 12:0 a.m.•10 views

VulnCheck KEV: CVE-2024-4761

Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...

8.8CVSS7.4AI score0.11007EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/09 12:0 a.m.•2 views

VulnCheck KEV: CVE-2024-0799

An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin function within wizardLogin...

9.8CVSS7.4AI score0.04342EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/09 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-0800

A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet...

8.8CVSS7.4AI score0.01034EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/09 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-43936

The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution...

10CVSS7.5AI score0.35804EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/09 12:0 a.m.•5 views

VulnCheck KEV: CVE-2024-34826

Missing Authorization vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler.This issue affects CF7 WOW Styler: from n/a through = 1.6.4...

6.3CVSS5.8AI score0.00326EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/08 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-5914

Cross-site scripting XSS...

6.1CVSS6.7AI score0.73142EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/07 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-4671

Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...

9.6CVSS6.8AI score0.08348EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/07 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-26897

Windows DNS Server Remote Code Execution Vulnerability...

10CVSS7.5AI score0.13912EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/07 12:0 a.m.•2 views

VulnCheck KEV: CVE-2009-2445

Oracle iPlanet Web Server formerly Sun Java System Web Server or Sun ONE Web Server 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI...

5CVSS6AI score0.02521EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/07 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-21626

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process from runc exec to have a working directory in the host filesystem...

8.6CVSS6.9AI score0.18087EPSS
Exploits18References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/07 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-21872

An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.9CVSS7.4AI score0.06061EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/07 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-21907

HTTP Protocol Stack Remote Code Execution Vulnerability...

10CVSS7.5AI score0.9279EPSS
Exploits21References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/07 12:0 a.m.•6 views

VulnCheck KEV: CVE-2018-19629

A Denial of Service vulnerability in the ImageNow Server service in Hyland Perceptive Content Server before 7.1.5 allows an attacker to crash the service via a TCP connection...

7.5CVSS7.1AI score0.0148EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•5 views

VulnCheck KEV: CVE-2018-4386

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8...

8.8CVSS6.9AI score0.06463EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•5 views

VulnCheck KEV: CVE-2013-2912

Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepperinprocessrouter.cc in the Pepper Plug-in API PPAPI in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service or possibly have unspecified other...

7.5CVSS5.9AI score0.0145EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-30538

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page...

4.3CVSS6.2AI score0.15728EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-0537

An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio...

5.5CVSS6.4AI score0.07614EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•6 views

VulnCheck KEV: CVE-2017-17107

Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session...

10CVSS7.3AI score0.03879EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-4443

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9...

8.8CVSS7.3AI score0.05853EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-16383

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability when processing a JPEG file...

9.3CVSS7.3AI score0.1065EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•6 views

VulnCheck KEV: CVE-2022-24463

Microsoft Exchange Server Spoofing Vulnerability...

6.5CVSS6.8AI score0.31799EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•7 views

VulnCheck KEV: CVE-2012-5081

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.238 and earlier allows remote attackers to affect availability, related to JSSE...

5CVSS7.2AI score0.45113EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2016-1000110

The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...

6.1CVSS6.8AI score0.04526EPSS
Exploits0References1
Total number of security vulnerabilities4985