Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•6 views

VulnCheck KEV: CVE-2016-3212

The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted web site, aka "Internet Explorer XSS Filter Vulnerability."...

6.1CVSS6.8AI score0.10153EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•6 views

VulnCheck KEV: CVE-2023-2732

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated...

9.8CVSS7.3AI score0.67511EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•2 views

VulnCheck KEV: CVE-2020-15994

Use after free in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.3AI score0.13073EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-0068

Browsers in Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0017, and...

6.1CVSS6.2AI score0.4236EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-0948

An information disclosure vulnerability exists in the Windows Event Viewer eventvwr.msc when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity XXE...

5.5CVSS6.9AI score0.12672EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-26397

Adobe Acrobat Reader versions 23.001.20093 and earlier and 20.005.30441 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this...

5.5CVSS6AI score0.02942EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-4312

A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...

8.8CVSS7.3AI score0.09346EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-16391

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a result of untrusted input that is used to calculate an array index; the...

9.3CVSS7.3AI score0.0672EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•2 views

VulnCheck KEV: CVE-2023-26347

Adobe ColdFusion versions 2023.5 and earlier and 2021.11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints...

7.5CVSS7.3AI score0.10072EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-9802

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code...

8.8CVSS6.9AI score0.08207EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•2 views

VulnCheck KEV: CVE-2018-5019

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure...

6.5CVSS7AI score0.08425EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-13798

An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote...

8.8CVSS7.3AI score0.06252EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•5 views

VulnCheck KEV: CVE-2024-4345

The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' class in versions up to, and including, 1.7.13. This makes it possible for unauthenticated...

9.8CVSS7.5AI score0.01444EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•5 views

VulnCheck KEV: CVE-2013-2461

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect...

7.5CVSS6.8AI score0.06746EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•5 views

VulnCheck KEV: CVE-2015-2331

Integer overflow in the zipcdirnew function in zipdirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service application crash or possibly...

7.5CVSS6.8AI score0.27869EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2014-0224

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack...

7.4CVSS6.9AI score0.95326EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•3 views

VulnCheck KEV: CVE-2013-2416

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment...

4.3CVSS6.5AI score0.08769EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/06 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-3824

In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE...

9.8CVSS7.1AI score0.08003EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/05 12:0 a.m.•7 views

VulnCheck KEV: CVE-2023-3608

A vulnerability was found in Ruijie BCR810W 2.5.10. It has been rated as critical. This issue affects some unknown processing of the component Tracert Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may...

8.8CVSS5.7AI score0.10909EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/03 12:0 a.m.•6 views

VulnCheck KEV: CVE-2023-40000

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 5.7...

8.3CVSS7.4AI score0.54872EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/02 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-2417

The User Registration - Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the formsaveaction function in all versions up to, and including, 3.1.5. This makes it possible for...

8.8CVSS6AI score0.00938EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/05/01 12:0 a.m.•6 views

VulnCheck KEV: CVE-2023-7028

GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover...

10CVSS7.3AI score0.94955EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/30 12:0 a.m.•6 views

VulnCheck KEV: CVE-2024-33939

The Masteriyo LMS Plugin for WordPress is vulnerable to an insecure direct object reference that could allow unauthenticated adversaries to view other users course progress. Versions up to and including 1.7.3 are vulnerable via the REST API...

5.3CVSS5.7AI score0.00843EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/30 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-4474

The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable...

9.8CVSS7.5AI score0.2974EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/28 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-4473

A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable device...

9.8CVSS7.5AI score0.41348EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/27 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-28734

Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter...

6.1CVSS6.1AI score0.01791EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/27 12:0 a.m.•5 views

VulnCheck KEV: CVE-2024-29059

Microsoft .NET Framework contains an information disclosure vulnerability that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution...

7.5CVSS7.5AI score0.98624EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/27 12:0 a.m.•2 views

VulnCheck KEV: CVE-2020-11530

A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to getscript/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user...

9.8CVSS7.6AI score0.95657EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/27 12:0 a.m.•5 views

VulnCheck KEV: CVE-2024-27564

A Server-Side Request Forgery SSRF in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter...

6.5CVSS7.2AI score0.40637EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/26 12:0 a.m.•4 views

VulnCheck KEV: CVE-2025-31161

CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account e.g., crushadmin, potentially leading to a full compromise...

9.8CVSS7.5AI score0.99947EPSS
Exploits18References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/26 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-2389

In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands...

10CVSS7.5AI score0.93901EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/26 12:0 a.m.•3 views

VulnCheck KEV: CVE-2025-32102

CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port parameters in a command=telnetSocket request to the /WebInterface/function/ URI...

5CVSS5.8AI score0.06081EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/25 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-33548

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AA-Team WZone allows Reflected XSS.This issue affects WZone: from n/a through 14.0.10...

7.1CVSS5.8AI score0.00375EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/25 12:0 a.m.•5 views

VulnCheck KEV: CVE-2024-33571

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Infomaniak Network VOD Infomaniak vod-infomaniak.This issue affects VOD Infomaniak: from n/a through = 1.5.6...

7.1CVSS5.8AI score0.00426EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/25 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-33552

Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8...

9.8CVSS5.8AI score0.00571EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/25 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-33553

Deserialization of Untrusted Data vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.5...

9.8CVSS5.8AI score0.00576EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/25 12:0 a.m.•2 views

VulnCheck KEV: CVE-2024-33551

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 8theme XStore Core allows SQL Injection.This issue affects XStore Core: from n/a through 5.3.5...

9.8CVSS5.9AI score0.00614EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/24 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-27956

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic through 3.92.0...

9.9CVSS7.5AI score0.93971EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/24 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-20359

Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD contain a privilege escalation vulnerability that can allow local privilege escalation from Administrator to root...

6CVSS7.4AI score0.19434EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/24 12:0 a.m.•5 views

VulnCheck KEV: CVE-2024-20353

Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD contain an infinite loop vulnerability that can lead to remote denial of service condition...

8.6CVSS7.4AI score0.70686EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/23 12:0 a.m.•2 views

VulnCheck KEV: CVE-2024-13990

MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle MitM attack and substitute malicious update...

9.3CVSS5.8AI score0.00575EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/23 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-40711

Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution...

9.8CVSS7.7AI score0.88193EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/23 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-37085

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory AD permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group 'ESXi Admins' by default...

7.2CVSS7.4AI score0.2677EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/23 12:0 a.m.•2 views

VulnCheck KEV: CVE-2024-40766

SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash...

9.8CVSS7.4AI score0.15593EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/23 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-32959

Incorrect Privilege Assignment vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through = 7.2.2...

8.8CVSS5.8AI score0.00434EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/22 12:0 a.m.•2 views

VulnCheck KEV: CVE-2024-32810

Missing Authorization vulnerability in ShortPixel ShortPixel Critical CSS.This issue affects ShortPixel Critical CSS: from n/a through 1.0.2...

7.6CVSS5.8AI score0.00431EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/22 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-32702

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Repute info systems ARForms allows Reflected XSS.This issue affects ARForms: from n/a through 6.4...

7.1CVSS5.8AI score0.00357EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/22 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-32711

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS.This issue affects myCred: from n/a through 2.6.3...

6.5CVSS5.8AI score0.00346EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/22 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-38028

Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions...

7.8CVSS7.3AI score0.14949EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/04/22 12:0 a.m.•2 views

VulnCheck KEV: CVE-2024-32704

Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...

7.1CVSS5.8AI score0.00335EPSS
Exploits0References1
Total number of security vulnerabilities4985