Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2024/03/15 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-27994

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.5.0...

7.3AI score0.00398EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-27998

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dmitry V. CEO of "UKR Solution" Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders.This issue affects Barcode Scanner with Inventory...

7.3AI score0.00379EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/15 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-27987

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through = 3.3.1...

6.1CVSS7.3AI score0.00354EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/15 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-23334

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow...

7.5CVSS6.8AI score0.76875EPSS
Exploits15References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-27993

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in typps Calendarista Basic Edition calendarista-basic-edition.This issue affects Calendarista Basic Edition: from n/a through = 3.0.2...

7.3AI score0.00373EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/13 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-27972

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Very Good Plugins WP Fusion Lite allows Command Injection.This issue affects WP Fusion Lite: from n/a through 3.41.24...

7.3AI score0.01626EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/13 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-27971

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through 2.3.10...

7.3AI score0.0146EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/12 12:0 a.m.8 views

VulnCheck KEV: CVE-2023-48788

Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests...

9.8CVSS7.6AI score0.97591EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/08 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-2123

The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and...

7.2CVSS7.2AI score0.26666EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/07 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-13379

The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network...

8.2CVSS6.7AI score0.99856EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/07 12:0 a.m.7 views

VulnCheck KEV: CVE-2023-2648

A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...

9.8CVSS6.4AI score0.28478EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/07 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-43208

NextGen Healthcare Mirth Connect contains a deserialization of untrusted data vulnerability that allows for unauthenticated remote code execution via a specially crafted request...

9.8CVSS8AI score0.82708EPSS
Exploits21References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/06 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-42071

In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header...

10CVSS7.6AI score0.69882EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/05 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-23225

Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections...

7.8CVSS7.4AI score0.01481EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/05 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-27198

JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions...

9.8CVSS7.4AI score0.99938EPSS
Exploits24References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/05 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-23296

Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections...

7.8CVSS7.4AI score0.01411EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/05 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-27199

Authentication bypass vulnerability in the web component of JetBrains TeamCity...

7.3CVSS7.3AI score0.99991EPSS
Exploits25References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/05 12:0 a.m.12 views

VulnCheck KEV: CVE-2024-0778

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort...

9.8CVSS7AI score0.32088EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/04 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-32849

Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds...

9CVSS7.5AI score0.0765EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/04 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-4436

The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlitehandleupload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be...

9.8CVSS7.5AI score0.06646EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/03/03 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-25735

An access control credential disclosure is present in WyreStorm Apollo VX20...

9.1CVSS7.3AI score0.50622EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/29 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-7262

Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library...

9.3CVSS7.4AI score0.01773EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/29 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-44529

Ivanti Endpoint Manager Cloud Service Appliance EPM CSA contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions nobody...

9.8CVSS7.6AI score0.99105EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/29 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-21888

A privilege escalation vulnerability in web component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x allows a user to elevate privileges to that of an administrator...

8.8CVSS7.4AI score0.86806EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/23 12:0 a.m.5 views

VulnCheck KEV: CVE-2019-19825

On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an "topicurl":"setting/getSanvas" POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can...

9.8CVSS7.3AI score0.29557EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/23 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-1071

A SQL Injection is present in WordPress The Ultimate Member plugin...

9.8CVSS7.6AI score0.89431EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-15916

goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter...

10CVSS7.6AI score0.03429EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/22 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-24989

TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. Shell metacharacters can be placed in raidtype because popen is used without any...

9.8CVSS7.8AI score0.31881EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-1708

ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems...

8.4CVSS7.7AI score0.87624EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/20 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-1709

ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices...

10CVSS7.3AI score0.99959EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/20 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-3595

Where this vulnerability exists in the Rockwell Automation 1756 EN2 and 1756 EN3 ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to...

9.8CVSS8AI score0.04965EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/20 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-35871

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 b2022030114. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results...

8.1CVSS7.5AI score0.39194EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/20 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-21589

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

4.3CVSS6.5AI score0.00911EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/19 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-25600

Remote Code Execution vulnerability in Bricks Builder Theme preparequeryvarsfromsettings function...

10CVSS7.5AI score0.87452EPSS
Exploits18References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/16 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-47218

QNAP NAS quick.cgi command injection vulnerability in QTS and QuTS hero...

8.3CVSS6.7AI score0.89157EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/15 12:0 a.m.2 views

VulnCheck KEV: CVE-2023-7309

A path traversal vulnerability exists in the Dahua Smart Park Integrated Management Platform also referred to as the Dahua Smart Campus Integrated Management Platform, affecting the SOAP-based GIS bitmap upload interface. The flaw allows unauthenticated remote attackers to upload arbitrary...

10CVSS5.8AI score0.00758EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/15 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-35653

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's...

6.1CVSS6.4AI score0.03747EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/14 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-21410

Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation...

9.8CVSS7.3AI score0.12661EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/14 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-6308

SAP BusinessObjects Business Intelligence Platform Web Services versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker...

5.3CVSS6.5AI score0.61736EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/14 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-1061

The 'HTML5 Video Player' WordPress Plugin, version 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the 'getview' function...

9.8CVSS7.4AI score0.11215EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/14 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-22707

A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an...

10CVSS7.3AI score0.64612EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/14 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-35885

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication...

9.8CVSS7.3AI score0.75315EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/14 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-25918

Improper Control of Generation of Code 'Code Injection' vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through = 0.1.0.8...

8.8CVSS7.3AI score0.00681EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-21338

Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL input and output control dispatcher in appid.sys that allows a local attacker to achieve privilege escalation...

7.8CVSS7.3AI score0.51865EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/13 12:0 a.m.10 views

VulnCheck KEV: CVE-2024-21351

Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both...

7.6CVSS7.4AI score0.30344EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-21412

Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass...

8.1CVSS7.3AI score0.95443EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/12 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-7311

BYTEVALUE Intelligent Flow Control Router contains a command injection vulnerability via the /goform/webRead/open endpoint. The path parameter is not properly validated and is echoed into a shell context, allowing an attacker to inject and execute arbitrary shell commands on the device...

9.3CVSS6.1AI score0.01932EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-43770

Roundcube Webmail contains a persistent cross-site scripting XSS vulnerability that can lead to information disclosure via malicious link references in plain/text messages...

6.1CVSS6.8AI score0.58483EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/10 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-26775

File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint...

7.8CVSS7.3AI score0.49367EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/08 12:0 a.m.5 views

VulnCheck KEV: CVE-2019-15846

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash...

10CVSS7.8AI score0.35736EPSS
Exploits3References1
Total number of security vulnerabilities4985