Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2024/04/22 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-32778

Missing Authorization vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4...

8.5CVSS5.8AI score0.00612EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-32706

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through 6.4...

8.8CVSS5.9AI score0.00565EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/22 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-32705

Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...

8.8CVSS5.8AI score0.00382EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/22 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-32836

Unrestricted Upload of File with Dangerous Type vulnerability in WP Lab WP-Lister Lite for eBay.This issue affects WP-Lister Lite for eBay: from n/a through 3.5.11...

9.1CVSS5.8AI score0.00799EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-32703

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...

8.1CVSS5.8AI score0.00577EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/22 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-32832

Login with phone number up to and including 1.6.93 is vulnerable to a security bypass in an unspecified function that could allow unauthenticated adversaries to perform unauthorized actions...

9.8CVSS5.7AI score0.00339EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/21 12:0 a.m.7 views

VulnCheck KEV: CVE-2019-9762

A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any authentication...

9.8CVSS7.4AI score0.05051EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/21 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-3721

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=SOSTREAMAX. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be...

6.5CVSS6.6AI score0.86489EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-32790

Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce plugin between version 3.3.0 and 3.3.6. Malicious actors already having admin access, or API keys to the WooCommerce site can exploit vulnerable...

4.9CVSS5.8AI score0.01265EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/19 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-4040

CrushFTP contains an unspecified sandbox escape vulnerability that allows a remote attacker to escape the CrushFTP virtual file system VFS...

10CVSS7.2AI score0.99539EPSS
Exploits22References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/19 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-37679

A remote command execution RCE vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server...

9.8CVSS7.9AI score0.97106EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/18 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-42063

A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data...

6.1CVSS6.7AI score0.22318EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/17 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-28254

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ‎AlertUtil::validateExpression method evaluates an SpEL expression using getValue which by default uses the...

8.8CVSS7.4AI score0.45725EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/17 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-28847

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, AlertUtil::validateExpression is also called from...

8.8CVSS7.4AI score0.02372EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/17 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-28255

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The JwtFilter handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the...

9.8CVSS7.4AI score0.73255EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/17 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-28848

The OpenMetadata CompiledRule::validateExpression method evaluates an SpEL expression using an StandardEvaluationContext which allows the expression to reach and interact with Java classes such as java.lang.Runtime and leading to Remote Code Execution. The...

8.8CVSS7.5AI score0.07888EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/17 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-28253

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...

9.4CVSS7.4AI score0.12527EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/16 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-32553

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in looksawesome Superfly Menu superfly-menu.This issue affects Superfly Menu: from n/a through = 5.0.25...

7.1CVSS5.8AI score0.00514EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/16 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-32568

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP 2FA allows Reflected XSS.This issue affects WP 2FA: from n/a through 2.6.2...

7.1CVSS5.8AI score0.00409EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/16 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-32589

The Barcode Scanner with Inventory & Order Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

7.1CVSS5.8AI score0.00161EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-16167

LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors...

10CVSS7.6AI score0.74745EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/15 12:0 a.m.5 views

VulnCheck KEV: CVE-2018-1207

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code...

9.8CVSS7.5AI score0.9079EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/15 12:0 a.m.5 views

VulnCheck KEV: CVE-2019-1003001

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a...

8.8CVSS6.7AI score0.86224EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-41892

Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15...

10CVSS7.2AI score0.92918EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-17431

Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL...

9.8CVSS7.7AI score0.83912EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/15 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-32507

Improper Privilege Management vulnerability in Hamid Alinia - idehweb Login with phone number allows Privilege Escalation.This issue affects Login with phone number: from n/a through 1.7.16...

8.8CVSS5.8AI score0.00461EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2017-12611

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack...

9.8CVSS7.4AI score0.8802EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/14 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-34993

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters...

9.8CVSS7.4AI score0.18148EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-2667

The InstaWP Connect -- 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for...

9.8CVSS5.9AI score0.05747EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-3400

Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall...

10CVSS7.6AI score0.99999EPSS
Exploits43References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/11 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-28200

The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in...

9.8CVSS5.8AI score0.01946EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/11 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-20767

Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel...

7.4CVSS7.2AI score0.98514EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/11 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-25114

The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discountcode in one of its REST route available to unauthenticated users before using it in a SQL statement, leading to a SQL injection...

9.8CVSS7.4AI score0.81828EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/11 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-3272

D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution...

10CVSS7.5AI score0.98038EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/11 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-6114

The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the backups-dup-lite/tmp directory or the backups-dup-pro/tmp directory in the Pro version, which temporarily stores files containing sensitive data. When directory...

7.5CVSS7.1AI score0.30894EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/11 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-5830

A vulnerability classified as critical has been found in ColumbiaSoft Document Locator. This affects an unknown part of the file /api/authentication/login of the component WebTools. The manipulation of the argument Server leads to improper authentication. It is possible to initiate the attack...

9.8CVSS6.9AI score0.61043EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/11 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-47945

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled langswitchon=true. An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php...

9.8CVSS7.4AI score0.15505EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/09 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-3053

The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminatorform shortcode attribute in versions up to, and including, 1.29.2 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS5.7AI score0.00358EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/09 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-26234

Proxy Driver Spoofing Vulnerability...

6.7CVSS7.4AI score0.04853EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/09 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-29988

Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web MotW feature. This vulnerability can be chained with CVE-2023-38831 and CVE-2024-21412 to execute a malicious file...

8.8CVSS7AI score0.97798EPSS
Exploits50References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/08 12:0 a.m.2 views

VulnCheck KEV: CVE-2021-31250

Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, ppp.cgi...

5.4CVSS6.1AI score0.79605EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-31358

Missing Authorization vulnerability in Saleswonder.Biz 5 Stars Rating Funnel.This issue affects 5 Stars Rating Funnel: from n/a through 1.2.67...

7.5CVSS5.8AI score0.00583EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/08 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-3273

D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability. When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution...

10CVSS7.4AI score0.99997EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-4061

IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869...

5.3CVSS6AI score0.22547EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/08 12:0 a.m.5 views

VulnCheck KEV: CVE-2019-18393

PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability...

5.3CVSS6AI score0.13945EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/06 12:0 a.m.2 views

VulnCheck KEV: CVE-2023-49785

NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also write access using...

9.8CVSS7AI score0.83163EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/06 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-13985

A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated remote attackers to execute arbitrary system commands via the capturehandle.action interface. The flaw stems from improper input validation in the captureCommand parameter, which is processed without...

10CVSS6.1AI score0.07651EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/06 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-8191

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting XSS...

6.1CVSS6.7AI score0.22941EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/05 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-31280

Unrestricted Upload of File with Dangerous Type vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.1.5...

9.9CVSS7.3AI score0.00625EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/05 12:0 a.m.9 views

VulnCheck KEV: CVE-2024-31281

Missing Authorization vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.1.6...

6.3CVSS7.3AI score0.00342EPSS
Exploits0References1
Total number of security vulnerabilities4985