Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-3577

An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device...

8.8CVSS7.8AI score0.59893EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-2768

Vulnerability in the BI Publisher formerly XML Publisher component of Oracle Fusion Middleware subcomponent: BI Publisher Security. The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

7.5CVSS7.1AI score0.01758EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-35713

Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page...

10CVSS7.6AI score0.32704EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-2796

The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventonicsdownload ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id...

5.3CVSS6.8AI score0.37468EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-0352

A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to...

9.8CVSS6.8AI score0.70688EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-6038

A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user...

9.3CVSS7.5AI score0.0434EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-34641

The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the /src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated attackers to inject arbitrary web scripts, in versions 5.0.0 - 5.0.3...

6.4CVSS6.1AI score0.00651EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-4447

The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

9.8CVSS7.4AI score0.04795EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.8 views

VulnCheck KEV: CVE-2020-5775

Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains...

5.8CVSS6.3AI score0.06531EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-11370

Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pwsnmp.html "System contact" field...

5.4CVSS6AI score0.03977EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-4463

IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181484...

8.2CVSS7.3AI score0.3159EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-24353

The importdata function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to import a set of site redirects...

8.8CVSS7.1AI score0.01107EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-46379

DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site...

6.1CVSS6.4AI score0.15701EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-46381

Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading /etc/passwd and /etc/shadow...

7.5CVSS7.1AI score0.57984EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.5 views

VulnCheck KEV: CVE-2019-14223

An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any...

6.1CVSS6.4AI score0.04474EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-11798

A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful...

5.3CVSS6.2AI score0.45241EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-24914

A PHP object injection bug in profile.php in qcubed all versions including 3.1.1 unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request...

9.8CVSS7.4AI score0.05554EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-8446

The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check...

5.3CVSS6.2AI score0.1755EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-16059

Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter...

5.3CVSS6AI score0.29816EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-24589

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection XXE attacks...

9.1CVSS7.3AI score0.26939EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-41266

Minio console is a graphical user interface for the for MinIO operator. Minio itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. All users on release v0.12.2 and before are...

9.8CVSS7.3AI score0.46706EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-41293

ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure. Using the specific POST parameter, unauthenticated attackers can remotely disclose arbitrary files on the affected device and disclose sensitive and system information...

7.5CVSS7.2AI score0.20084EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-41649

An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php catid parameter. Using a post request does not sanitize the user input...

9.8CVSS7.4AI score0.5177EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-24285

The requestlistrequest AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL...

9.8CVSS7.4AI score0.14697EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-0592

The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users...

9.8CVSS7.4AI score0.10279EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.6 views

VulnCheck KEV: CVE-2020-10770

A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter requesturi. This flaw allows an attacker to use this parameter to execute a Server-side request forgery SSRF attack...

5.3CVSS6.3AI score0.69724EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-25899

An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1...

7.5CVSS7.2AI score0.12245EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-27587

ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google...

7.4CVSS6.6AI score0.03857EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-36509

H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList...

7.8CVSS7.1AI score0.12317EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-24716

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including icingaweb2 configuration files with database credentials. This issue has been...

7.5CVSS7.1AI score0.89378EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-4328

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server...

9.8CVSS7.4AI score0.04427EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-42567

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints...

6.1CVSS6.4AI score0.08064EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-24816

OSGeo GeoServer JAI-EXT contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution...

10CVSS7.5AI score0.98739EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-24290

There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages...

6.1CVSS6.4AI score0.00826EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-22122

An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack XSS by injecting malicious payload in different vulnerable API...

6.1CVSS5.8AI score0.1052EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-1952

The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue...

9.8CVSS7.6AI score0.17572EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-45092

Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter...

9.8CVSS7.3AI score0.39973EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-27964

SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file...

9.8CVSS7.2AI score0.46021EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-21745

ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click...

4.3CVSS6.7AI score0.55709EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-2376

The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users...

5.3CVSS6AI score0.01408EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/21 12:0 a.m.6 views

VulnCheck KEV: CVE-2020-35235

vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects...

8.8CVSS7.5AI score0.18028EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-1020

The Product Table for WooCommerce wooproducttable WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter,...

9.8CVSS7.3AI score0.26586EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-35476

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent...

9.8CVSS7.8AI score0.8533EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-45420

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can...

10CVSS7.4AI score0.22138EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-50968

Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which...

7.5CVSS7AI score0.63373EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/21 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-36553

Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi...

9.8CVSS7.3AI score0.90798EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-1916

The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action available to both unauthenticated and authenticated users, leading to...

6.1CVSS6.4AI score0.01829EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/19 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-22307

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay.This issue affects WP-Lister Lite for eBay: from n/a through = 3.5.7...

6.1CVSS6.8AI score0.00334EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/19 12:0 a.m.2 views

VulnCheck KEV: CVE-2023-22527

Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution...

10CVSS7.7AI score0.99984EPSS
Exploits32References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/19 12:0 a.m.2 views

VulnCheck KEV: CVE-2023-30258

Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request...

9.8CVSS7.5AI score0.9425EPSS
Exploits15References1
Total number of security vulnerabilities4985