Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2024/04/05 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-24882

Improper Privilege Management vulnerability in Masteriyo LMS allows Privilege Escalation.This issue affects LMS: from n/a through 1.7.2...

9.8CVSS7.3AI score0.02112EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/04 12:0 a.m.4 views

VulnCheck KEV: CVE-2017-11884

Microsoft Excel 2016 Click-to-Run C2R allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11882...

9.3CVSS7.5AI score0.99945EPSS
Exploits33References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/04 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-20720

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user...

9.1CVSS8AI score0.03687EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/04 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-1021

A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The...

9.8CVSS6.4AI score0.34955EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-31231

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1...

9CVSS7.3AI score0.00593EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-25925

Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts: from n/a through 3.5.12...

10CVSS7.3AI score0.0063EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/02 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-27188

Cloudways Breeze allows improper neutralization of input during web page creation, allowing for stored XSS...

7.3AI score0.00342EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/02 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-29745

Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices...

5.5CVSS7.4AI score0.00482EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/02 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-31230

Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through = 3.8.2...

5.3CVSS7.3AI score0.00388EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/02 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-42344

OpenCMS is vulnerable to an unauthenticated external entity vulnerability that could allow for code execution via malicious requests to the OpenCMS server...

6.2AI score0.02231EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/02 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-29748

Android Pixel contains a privilege escalation vulnerability that allows an attacker to interrupt a factory reset triggered by a device admin app...

7.8CVSS7.4AI score0.0068EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/01 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-2848

The Responsive theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefootertextcallback function in all versions up to, and including, 5.0.2. This makes it possible for unauthenticated attackers to inject arbitrary HTML content into...

7.5CVSS7.4AI score0.00657EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/30 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-20039

Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances...

9CVSS7.6AI score0.7811EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/30 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-12124

A remote command-line injection vulnerability in the /cgi-bin/liveapi.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication...

10CVSS7.5AI score0.75215EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/30 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-0540

A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later...

9.8CVSS7.4AI score0.88057EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/29 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-1698

The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and...

9.8CVSS7.4AI score0.77585EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/29 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-27954

The WordPress Automatic Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery and Arbitrary File Downloads in all versions up to, and including, 3.92.0. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web...

9.3CVSS7.4AI score0.72953EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/29 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-1212

Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution...

10CVSS7.6AI score0.95388EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/29 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-30534

Missing Authorization vulnerability in typps Calendarista Basic Edition calendarista-basic-edition.This issue affects Calendarista Basic Edition: from n/a through = 3.0.5...

9.8CVSS7.3AI score0.00409EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/28 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-30505

Missing Authorization vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.1.18...

7.3AI score0.00468EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/28 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-30435

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor.This issue affects Nexter Blocks: from n/a through = 3.2.5...

7.1CVSS7.3AI score0.00423EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/28 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-30503

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EverPress Mailster mailster.This issue affects Mailster: from n/a through = 4.0.6...

7.1CVSS7.3AI score0.00426EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/28 12:0 a.m.5 views

VulnCheck KEV: CVE-2006-2529

editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658...

5CVSS5.9AI score0.06744EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/26 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-25599

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting.This issue affects Seriously Simple Podcasting: from n/a through = 3.0.2...

6.1CVSS7.3AI score0.00426EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/26 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-30229

Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through = 3.4.2...

7.2CVSS5.8AI score0.00622EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/26 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-24955

Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely...

7.2CVSS7AI score0.85395EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/26 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-30244

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.0.27...

8.8CVSS7.4AI score0.00659EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/26 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-30221

Deserialization of Untrusted Data vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.1.1...

9.8CVSS5.8AI score0.00465EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/26 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-48022

Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment...

9.8CVSS7.6AI score0.81512EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-30194

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.This issue affects Sunshine Photo Cart: from n/a through = 3.1.1...

6.1CVSS7.3AI score0.00727EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-29777

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator.This issue affects Forminator: from n/a through = 1.29.0...

6.1CVSS7.3AI score0.00426EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/25 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-30199

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Lab WP-Lister Lite for Amazon wp-lister-for-amazon.This issue affects WP-Lister Lite for Amazon: from n/a through = 2.6.8...

7.3AI score0.00398EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/25 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-29792

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates unlimited-elements-for-elementor.This issue affects Unlimited Elements For Elementor Free Widgets, Addons,...

6.1CVSS7.3AI score0.0074EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/25 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-29931

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPGMaps WP Go Maps wp-google-maps.This issue affects WP Go Maps: from n/a through = 9.0.29...

6.1CVSS7.3AI score0.00753EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/24 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-39296

A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network. We have already fixed the...

7.5CVSS7.3AI score0.01564EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-22320

IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM...

9.8CVSS7.7AI score0.73398EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/21 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-21716

Microsoft Word Remote Code Execution Vulnerability...

9.8CVSS7.4AI score0.82302EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/21 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-0185

Linux kernel contains a heap-based buffer overflow vulnerability in the legacyparseparam function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem Context API and ultimately escalate privileges...

8.4CVSS7.2AI score0.25151EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-2172

The Malware Scanner plugin and the Web Application Firewall plugin for WordPress both by MiniOrange are vulnerable to privilege escalation due to a missing capability check on the mowpnsinit function in all versions up to, and including, 4.7.2 for Malware Scanner and 2.1.1 for Web...

9.8CVSS7.4AI score0.01712EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-43177

CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes...

9.8CVSS7.4AI score0.81801EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/19 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-27497

Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file...

8.8CVSS5.8AI score0.2646EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/18 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-29138

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Joachim Jensen Restrict User Access – Membership Plugin with Force restrict-user-access.This issue affects Restrict User Access – Membership Plugin with Force: from n/a through = 2.5...

6.1CVSS7.3AI score0.00622EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/18 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-29135

Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic tourfic.This issue affects Tourfic: from n/a through = 2.11.15...

8.8CVSS7.3AI score0.00669EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/18 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-21899

An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS...

9.8CVSS7.2AI score0.24365EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/18 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-29136

Deserialization of Untrusted Data vulnerability in Themefic Tourfic.This issue affects Tourfic: from n/a through 2.11.17...

8.8CVSS7.3AI score0.00632EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/18 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-29137

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themefic Tourfic tourfic.This issue affects Tourfic: from n/a through = 2.11.7...

6.1CVSS7.3AI score0.00622EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/18 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-22555

Linux Kernel contains a heap out-of-bounds write vulnerability that could allow an attacker to gain privileges or cause a DoS via heap memory corruption through user name space...

8.3CVSS6.7AI score0.78684EPSS
Exploits21References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/17 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-0305

A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified as problematic. Affected by this issue is some unknown functionality of the file /manage/IPSetup.php of the component Guest Login. The manipulation leads to information disclosure. The attack may...

7.5CVSS5.5AI score0.66932EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/17 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-22319

IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145...

9.8CVSS7.8AI score0.764EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/16 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-29125

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage.This issue affects Coupon Affiliates: from n/a through = 5.12.7...

7.3AI score0.00402EPSS
Exploits0References1
Total number of security vulnerabilities4985