Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2024/02/08 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-4967

Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA Virtual Server...

8.2CVSS7.1AI score0.00878EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/02/08 12:0 a.m.•9 views

VulnCheck KEV: CVE-2024-23660

The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July...

7.5CVSS7.1AI score0.00552EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/02/08 12:0 a.m.•6 views

VulnCheck KEV: CVE-2024-21762

Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests...

9.8CVSS7.6AI score0.83428EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
•added 2024/02/08 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-0213

The Samba Web Administration Tool SWAT in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a 1 FRAME or 2 IFRAME element...

5.1CVSS6.9AI score0.03248EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/02/07 12:0 a.m.•6 views

VulnCheck KEV: CVE-2023-29360

Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges...

8.4CVSS7.4AI score0.22133EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/02/07 12:0 a.m.•9 views

VulnCheck KEV: CVE-2016-10108

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/googleanalytics.php URL via a modified arg parameter in the POST data...

10CVSS7.3AI score0.95174EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2024/02/07 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-32819

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...

8.8CVSS7.8AI score0.59844EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/02/06 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-22024

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x, Ivanti Policy Secure 9.x, 22.x and ZTA gateways which allows an attacker to access certain restricted resources without authentication...

8.3CVSS7.4AI score0.94721EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/02/06 12:0 a.m.•6 views

VulnCheck KEV: CVE-2023-3710

Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM Printer web page modules allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 e.g. P10.19.050006...

9.9CVSS7.3AI score0.33094EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2024/02/05 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-13315

Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request...

9.8CVSS7.3AI score0.01555EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/02/02 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-5782

Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

8.8CVSS7.8AI score0.12879EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/31 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-3466

Reflected Cross-Site Scripting XSS...

8.3CVSS7AI score0.03041EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/31 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-3467

Privilege Escalation to root administrator nsroot...

8CVSS7.4AI score0.02097EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/31 12:0 a.m.•7 views

VulnCheck KEV: CVE-2021-30497

Ivanti Avalanche Premise 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive...

7.5CVSS7.2AI score0.9658EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/31 12:0 a.m.•6 views

VulnCheck KEV: CVE-2023-50164

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix...

9.8CVSS7.5AI score0.80819EPSS
Exploits15References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/30 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-22770

Improper Input Validation in Hitron Systems DVR HVR-16781 1.034.02 allows an attacker to cause network attack in case of using defalut admin ID/PW...

7.5CVSS7.1AI score0.00496EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/30 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-22771

Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.024.02 allows an attacker to cause network attack in case of using defalut admin ID/PW...

7.5CVSS7.1AI score0.00496EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/30 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-23842

Improper Input Validation in Hitron Systems DVR LGUVR-16H 1.024.02 allows an attacker to cause network attack in case of using defalut admin ID/PW...

7.5CVSS7.2AI score0.00496EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/30 12:0 a.m.•2 views

VulnCheck KEV: CVE-2023-29324

Windows MSHTML Platform Security Feature Bypass Vulnerability...

6.5CVSS7.1AI score0.02842EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/30 12:0 a.m.•5 views

VulnCheck KEV: CVE-2024-23897

Jenkins Command Line Interface CLI contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution...

9.8CVSS7.4AI score0.99999EPSS
Exploits46References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/30 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-40088

In callbackthreadevent of comandroidbluetoothbtserviceAdapterService.cpp, there is a possible memory corruption due to a use after free. This could lead to remote proximal/adjacent code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS7.8AI score0.01717EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/30 12:0 a.m.•2 views

VulnCheck KEV: CVE-2024-22772

Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.024.02 allows an attacker to cause network attack in case of using defalut admin ID/PW...

7.5CVSS7.2AI score0.00496EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/30 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-45849

An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner...

9.8CVSS7.9AI score0.01115EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/30 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-22769

Improper Input Validation in Hitron Systems DVR HVR-8781 1.034.02 allows an attacker to cause network attack in case of using defalut admin ID/PW...

7.5CVSS7.1AI score0.00496EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/30 12:0 a.m.•6 views

VulnCheck KEV: CVE-2024-22768

Improper Input Validation in Hitron Systems DVR HVR-4781 1.034.02 allows an attacker to cause network attack in case of using defalut admin ID/PW...

7.5CVSS7.2AI score0.00562EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/29 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-6700

The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS7.4AI score0.0147EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/29 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-3259

Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD contain an information disclosure vulnerability. An attacker could retrieve memory contents on an affected device, which could lead to the disclosure of confidential information due to a buffer tracking issue when the...

7.5CVSS7.5AI score0.71789EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/25 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-0204

Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal...

9.8CVSS7.4AI score0.95086EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/25 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-6933

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin...

9.8CVSS7.3AI score0.68047EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/24 12:0 a.m.•5 views

VulnCheck KEV: CVE-2024-23507

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through = 0.1.0.9...

8.8CVSS7.4AI score0.00621EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/24 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-23506

Insertion of Sensitive Information Into Sent Data vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through = 0.1.0.9...

6.5CVSS6.9AI score0.00504EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/22 12:0 a.m.•2 views

VulnCheck KEV: CVE-2021-40822

GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host...

7.5CVSS7.1AI score0.18925EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/22 12:0 a.m.•2 views

VulnCheck KEV: CVE-2020-17505

Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via servicecmdspeform...

9CVSS7.3AI score0.82165EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/22 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-35813

Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3...

9.8CVSS7.5AI score0.86685EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/22 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-18349

parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is...

10CVSS7.7AI score0.3897EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-25485

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php...

7.8CVSS7.1AI score0.07927EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/22 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-2588

Vulnerability in the BI Publisher formerly XML Publisher component of Oracle Fusion Middleware subcomponent: BI Publisher Security. Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network...

4.9CVSS6.1AI score0.37099EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/22 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-8115

A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver = 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older...

6.1CVSS6.3AI score0.07055EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/22 12:0 a.m.•6 views

VulnCheck KEV: CVE-2017-17560

An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multiuploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file...

10CVSS7.3AI score0.73404EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/22 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-26833

An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...

9.4CVSS7.3AI score0.37606EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-25322

ZEROF Web Server 2.0 allows /HandleEvent SQL Injection...

9.8CVSS7.4AI score0.0856EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-25486

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php...

7.8CVSS7.1AI score0.09966EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-27931

LumisXP aka Lumis Experience Platform before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service...

9.1CVSS7.3AI score0.18607EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-41243

Improper Privilege Management vulnerability in WPvivid Team WPvivid Backup and Migration allows Privilege Escalation.This issue affects WPvivid Backup and Migration: from n/a through 0.9.90...

8.8CVSS7.3AI score0.00576EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-23222

Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products...

8.8CVSS7.8AI score0.10593EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/22 12:0 a.m.•5 views

VulnCheck KEV: CVE-2015-8351

PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allowurlinclude is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be...

9CVSS7.6AI score0.37032EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/22 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-0297

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31...

9.8CVSS7.3AI score0.96988EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/22 12:0 a.m.•2 views

VulnCheck KEV: CVE-2021-45967

An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints...

9.8CVSS7.2AI score0.208EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/22 12:0 a.m.•2 views

VulnCheck KEV: CVE-2021-34993

This vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell 11.22.22. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CVSearchService service. The issue results from the lack of proper...

9.8CVSS7.3AI score0.05424EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2024/01/22 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-33690

Server-Side Request Forgery SSRF vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to...

9.9CVSS7.2AI score0.67699EPSS
Exploits0References1
Total number of security vulnerabilities4985