4985 matches found
VulnCheck KEV: CVE-2024-27994
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.5.0...
VulnCheck KEV: CVE-2024-27998
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dmitry V. CEO of "UKR Solution" Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders.This issue affects Barcode Scanner with Inventory...
VulnCheck KEV: CVE-2024-27987
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through = 3.3.1...
VulnCheck KEV: CVE-2024-23334
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow...
VulnCheck KEV: CVE-2024-27993
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in typps Calendarista Basic Edition calendarista-basic-edition.This issue affects Calendarista Basic Edition: from n/a through = 3.0.2...
VulnCheck KEV: CVE-2024-27972
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Very Good Plugins WP Fusion Lite allows Command Injection.This issue affects WP Fusion Lite: from n/a through 3.41.24...
VulnCheck KEV: CVE-2024-27971
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through 2.3.10...
VulnCheck KEV: CVE-2023-48788
Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests...
VulnCheck KEV: CVE-2024-2123
The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and...
VulnCheck KEV: CVE-2020-13379
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network...
VulnCheck KEV: CVE-2023-2648
A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...
VulnCheck KEV: CVE-2023-43208
NextGen Healthcare Mirth Connect contains a deserialization of untrusted data vulnerability that allows for unauthenticated remote code execution via a specially crafted request...
VulnCheck KEV: CVE-2021-42071
In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header...
VulnCheck KEV: CVE-2024-23225
Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections...
VulnCheck KEV: CVE-2024-27198
JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions...
VulnCheck KEV: CVE-2024-23296
Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections...
VulnCheck KEV: CVE-2024-27199
Authentication bypass vulnerability in the web component of JetBrains TeamCity...
VulnCheck KEV: CVE-2024-0778
UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort...
VulnCheck KEV: CVE-2021-32849
Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds...
VulnCheck KEV: CVE-2021-4436
The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlitehandleupload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be...
VulnCheck KEV: CVE-2024-25735
An access control credential disclosure is present in WyreStorm Apollo VX20...
VulnCheck KEV: CVE-2024-7262
Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library...
VulnCheck KEV: CVE-2021-44529
Ivanti Endpoint Manager Cloud Service Appliance EPM CSA contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions nobody...
VulnCheck KEV: CVE-2024-21888
A privilege escalation vulnerability in web component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x allows a user to elevate privileges to that of an administrator...
VulnCheck KEV: CVE-2019-19825
On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an "topicurl":"setting/getSanvas" POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can...
VulnCheck KEV: CVE-2024-1071
A SQL Injection is present in WordPress The Ultimate Member plugin...
VulnCheck KEV: CVE-2020-15916
goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter...
VulnCheck KEV: CVE-2022-24989
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. Shell metacharacters can be placed in raidtype because popen is used without any...
VulnCheck KEV: CVE-2024-1708
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems...
VulnCheck KEV: CVE-2024-1709
ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices...
VulnCheck KEV: CVE-2023-3595
Where this vulnerability exists in the Rockwell Automation 1756 EN2 and 1756 EN3 ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to...
VulnCheck KEV: CVE-2022-35871
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 b2022030114. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results...
VulnCheck KEV: CVE-2022-21589
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...
VulnCheck KEV: CVE-2024-25600
Remote Code Execution vulnerability in Bricks Builder Theme preparequeryvarsfromsettings function...
VulnCheck KEV: CVE-2023-47218
QNAP NAS quick.cgi command injection vulnerability in QTS and QuTS hero...
VulnCheck KEV: CVE-2023-7309
A path traversal vulnerability exists in the Dahua Smart Park Integrated Management Platform also referred to as the Dahua Smart Campus Integrated Management Platform, affecting the SOAP-based GIS bitmap upload interface. The flaw allows unauthenticated remote attackers to upload arbitrary...
VulnCheck KEV: CVE-2022-35653
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's...
VulnCheck KEV: CVE-2024-21410
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation...
VulnCheck KEV: CVE-2020-6308
SAP BusinessObjects Business Intelligence Platform Web Services versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker...
VulnCheck KEV: CVE-2024-1061
The 'HTML5 Video Player' WordPress Plugin, version 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the 'getview' function...
VulnCheck KEV: CVE-2021-22707
A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an...
VulnCheck KEV: CVE-2023-35885
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication...
VulnCheck KEV: CVE-2024-25918
Improper Control of Generation of Code 'Code Injection' vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through = 0.1.0.8...
VulnCheck KEV: CVE-2024-21338
Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL input and output control dispatcher in appid.sys that allows a local attacker to achieve privilege escalation...
VulnCheck KEV: CVE-2024-21351
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both...
VulnCheck KEV: CVE-2024-21412
Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass...
VulnCheck KEV: CVE-2023-7311
BYTEVALUE Intelligent Flow Control Router contains a command injection vulnerability via the /goform/webRead/open endpoint. The path parameter is not properly validated and is echoed into a shell context, allowing an attacker to inject and execute arbitrary shell commands on the device...
VulnCheck KEV: CVE-2023-43770
Roundcube Webmail contains a persistent cross-site scripting XSS vulnerability that can lead to information disclosure via malicious link references in plain/text messages...
VulnCheck KEV: CVE-2023-26775
File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint...
VulnCheck KEV: CVE-2019-15846
Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash...