4985 matches found
VulnCheck KEV: CVE-2024-24882
Improper Privilege Management vulnerability in Masteriyo LMS allows Privilege Escalation.This issue affects LMS: from n/a through 1.7.2...
VulnCheck KEV: CVE-2017-11884
Microsoft Excel 2016 Click-to-Run C2R allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11882...
VulnCheck KEV: CVE-2024-20720
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user...
VulnCheck KEV: CVE-2024-1021
A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The...
VulnCheck KEV: CVE-2024-31231
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1...
VulnCheck KEV: CVE-2024-25925
Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts: from n/a through 3.5.12...
VulnCheck KEV: CVE-2024-27188
Cloudways Breeze allows improper neutralization of input during web page creation, allowing for stored XSS...
VulnCheck KEV: CVE-2024-29745
Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices...
VulnCheck KEV: CVE-2024-31230
Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through = 3.8.2...
VulnCheck KEV: CVE-2023-42344
OpenCMS is vulnerable to an unauthenticated external entity vulnerability that could allow for code execution via malicious requests to the OpenCMS server...
VulnCheck KEV: CVE-2024-29748
Android Pixel contains a privilege escalation vulnerability that allows an attacker to interrupt a factory reset triggered by a device admin app...
VulnCheck KEV: CVE-2024-2848
The Responsive theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefootertextcallback function in all versions up to, and including, 5.0.2. This makes it possible for unauthenticated attackers to inject arbitrary HTML content into...
VulnCheck KEV: CVE-2021-20039
Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances...
VulnCheck KEV: CVE-2020-12124
A remote command-line injection vulnerability in the /cgi-bin/liveapi.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication...
VulnCheck KEV: CVE-2022-0540
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later...
VulnCheck KEV: CVE-2024-1698
The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and...
VulnCheck KEV: CVE-2024-27954
The WordPress Automatic Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery and Arbitrary File Downloads in all versions up to, and including, 3.92.0. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web...
VulnCheck KEV: CVE-2024-1212
Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution...
VulnCheck KEV: CVE-2024-30534
Missing Authorization vulnerability in typps Calendarista Basic Edition calendarista-basic-edition.This issue affects Calendarista Basic Edition: from n/a through = 3.0.5...
VulnCheck KEV: CVE-2024-30505
Missing Authorization vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.1.18...
VulnCheck KEV: CVE-2024-30435
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor.This issue affects Nexter Blocks: from n/a through = 3.2.5...
VulnCheck KEV: CVE-2024-30503
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EverPress Mailster mailster.This issue affects Mailster: from n/a through = 4.0.6...
VulnCheck KEV: CVE-2006-2529
editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658...
VulnCheck KEV: CVE-2024-25599
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting.This issue affects Seriously Simple Podcasting: from n/a through = 3.0.2...
VulnCheck KEV: CVE-2024-30229
Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through = 3.4.2...
VulnCheck KEV: CVE-2023-24955
Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely...
VulnCheck KEV: CVE-2024-30244
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.0.27...
VulnCheck KEV: CVE-2024-30221
Deserialization of Untrusted Data vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.1.1...
VulnCheck KEV: CVE-2023-48022
Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment...
VulnCheck KEV: CVE-2024-30194
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.This issue affects Sunshine Photo Cart: from n/a through = 3.1.1...
VulnCheck KEV: CVE-2024-29777
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator.This issue affects Forminator: from n/a through = 1.29.0...
VulnCheck KEV: CVE-2024-30199
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Lab WP-Lister Lite for Amazon wp-lister-for-amazon.This issue affects WP-Lister Lite for Amazon: from n/a through = 2.6.8...
VulnCheck KEV: CVE-2024-29792
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates unlimited-elements-for-elementor.This issue affects Unlimited Elements For Elementor Free Widgets, Addons,...
VulnCheck KEV: CVE-2024-29931
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPGMaps WP Go Maps wp-google-maps.This issue affects WP Go Maps: from n/a through = 9.0.29...
VulnCheck KEV: CVE-2023-39296
A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network. We have already fixed the...
VulnCheck KEV: CVE-2024-22320
IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM...
VulnCheck KEV: CVE-2023-21716
Microsoft Word Remote Code Execution Vulnerability...
VulnCheck KEV: CVE-2022-0185
Linux kernel contains a heap-based buffer overflow vulnerability in the legacyparseparam function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem Context API and ultimately escalate privileges...
VulnCheck KEV: CVE-2024-2172
The Malware Scanner plugin and the Web Application Firewall plugin for WordPress both by MiniOrange are vulnerable to privilege escalation due to a missing capability check on the mowpnsinit function in all versions up to, and including, 4.7.2 for Malware Scanner and 2.1.1 for Web...
VulnCheck KEV: CVE-2023-43177
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes...
VulnCheck KEV: CVE-2024-27497
Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file...
VulnCheck KEV: CVE-2024-29138
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Joachim Jensen Restrict User Access – Membership Plugin with Force restrict-user-access.This issue affects Restrict User Access – Membership Plugin with Force: from n/a through = 2.5...
VulnCheck KEV: CVE-2024-29135
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic tourfic.This issue affects Tourfic: from n/a through = 2.11.15...
VulnCheck KEV: CVE-2024-21899
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS...
VulnCheck KEV: CVE-2024-29136
Deserialization of Untrusted Data vulnerability in Themefic Tourfic.This issue affects Tourfic: from n/a through 2.11.17...
VulnCheck KEV: CVE-2024-29137
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themefic Tourfic tourfic.This issue affects Tourfic: from n/a through = 2.11.7...
VulnCheck KEV: CVE-2021-22555
Linux Kernel contains a heap out-of-bounds write vulnerability that could allow an attacker to gain privileges or cause a DoS via heap memory corruption through user name space...
VulnCheck KEV: CVE-2024-0305
A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified as problematic. Affected by this issue is some unknown functionality of the file /manage/IPSetup.php of the component Guest Login. The manipulation leads to information disclosure. The attack may...
VulnCheck KEV: CVE-2024-22319
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145...
VulnCheck KEV: CVE-2024-29125
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage.This issue affects Coupon Affiliates: from n/a through = 5.12.7...