Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2024/01/17 12:0 a.m.7 views

VulnCheck KEV: CVE-2019-15642

rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialisevariable makes an eval call. NOTE: the WebminServersIndex documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it...

8.8CVSS7.4AI score0.38038EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/17 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-34048

VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution...

9.8CVSS7.7AI score0.99428EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/16 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-6549

Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA virtual server...

8.2CVSS7.5AI score0.57633EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/16 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-1733

Sysinternals PsExec Elevation of Privilege Vulnerability...

7.8CVSS7.1AI score0.00516EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/16 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-6548

Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NSIP, CLIP, or SNIP...

8.8CVSS8AI score0.03191EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-21893

Ivanti Connect Secure ICS, formerly known as Pulse Connect Secure, Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery SSRF vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication...

8.2CVSS7.4AI score0.99999EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/15 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-22145

Incorrect Privilege Assignment vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through = 0.1.0.8...

8.8CVSS7.3AI score0.01112EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/14 12:0 a.m.2 views

VulnCheck KEV: CVE-2019-14251

An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can leverage downloadDocServer to traverse the file system and access files or directories that are...

7.5CVSS7.1AI score0.07849EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-6814

A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI...

9.8CVSS7.3AI score0.3665EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/13 12:0 a.m.2 views

VulnCheck KEV: CVE-2019-25065

A vulnerability was found in OpenNetAdmin 18.1.1. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

9.8CVSS6.8AI score0.06588EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/13 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-3287

Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class...

9.8CVSS7.4AI score0.51332EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/13 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-11854

Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge containerized vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge containerized and Application Performance Management. The...

10CVSS7.7AI score0.74232EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/11 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-0519

Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google...

8.8CVSS7.5AI score0.03769EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/11 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-51409

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98...

10CVSS7.3AI score0.65046EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/10 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-21887

Ivanti Connect Secure ICS, formerly known as Pulse Connect Secure and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This...

9.1CVSS7.6AI score0.99999EPSS
Exploits18References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/10 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-46805

Ivanti Connect Secure ICS, formerly known as Pulse Connect Secure and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to access restricted resources by bypassing control checks. This vulnerability can be leveraged in...

8.2CVSS7.4AI score0.99986EPSS
Exploits17References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/10 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-6000

The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks...

6.1CVSS7AI score0.01999EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/10 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-6875

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7...

9.8CVSS7.3AI score0.90339EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/09 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-48618

Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use TOCTOU memory corruption vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication...

7CVSS7.2AI score0.00487EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/08 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-27524

Apache Superset contains an insecure default initialization of a resource vulnerability that allows an attacker to authenticate and access unauthorized resources on installations that have not altered the default configured SECRETKEY according to installation instructions...

9.8CVSS7.4AI score0.97405EPSS
Exploits20References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/06 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-17283

Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL...

7.5CVSS7.1AI score0.66347EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/06 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-29081

Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize via the ../RestAPI...

9.8CVSS7.3AI score0.83321EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/06 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-42953

Certain ZKTeco products ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. The affected versions may be before 8.88 ZEM500-510-560-760, ZEM600-800, ZEM720 and 15.00 ZMM200-220-210...

7.5CVSS7AI score0.04834EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/05 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-34624

A vulnerability in the file uploader component found in the /src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1.3...

9.8CVSS7.3AI score0.06744EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/05 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-36560

Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh...

9.8CVSS7.3AI score0.00694EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/05 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-26073

Cisco SD-WAN vManage Software unauthenticated directory traversal...

7.5CVSS5.8AI score0.12062EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/04 12:0 a.m.6 views

VulnCheck KEV: CVE-2017-6090

Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logosclients/...

8.8CVSS7.6AI score0.96068EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/04 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-6634

The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the getcontent function. This is due to the plugin making use of the calluserfunc function with user input. This makes it possible for unauthenticated attackers to execute...

9.8CVSS7.3AI score0.08544EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/04 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-15517

The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ U...

8.6CVSS7.3AI score0.44101EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/03 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-25499

TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router...

9CVSS7.7AI score0.04232EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2017-10974

Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on...

7.5CVSS7.1AI score0.81028EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/03 12:0 a.m.6 views

VulnCheck KEV: CVE-2017-1000170

jqueryFileTree 2.1.5 and older Directory Traversal...

7.5CVSS7.1AI score0.57608EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/03 12:0 a.m.6 views

VulnCheck KEV: CVE-2017-5259

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https:///adm/syscmd.asp...

9CVSS7.4AI score0.39181EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-16752

LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases...

9CVSS7.3AI score0.42657EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-12296

Insufficient access control in /api/external/7.0/system.System.getinfos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information about the NAS without authentication via empty POST requests...

7.5CVSS7.1AI score0.09509EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/03 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-1000130

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...

8.1CVSS7.5AI score0.73566EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/02 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-1386

The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the...

9.8CVSS7.4AI score0.71722EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/02 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-31847

A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request...

7.5CVSS7.1AI score0.05482EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/02 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-13158

Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter...

7.5CVSS7.2AI score0.53524EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/02 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-0952

The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such...

8.8CVSS7.4AI score0.13329EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/02 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-51467

The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code...

9.8CVSS7.7AI score0.96001EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/02 12:0 a.m.10 views

VulnCheck KEV: CVE-2023-6600

The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the updatesettings function hooked via admininit in all versions up to, and including,...

8.6CVSS6.8AI score0.00478EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/02 12:0 a.m.7 views

VulnCheck KEV: CVE-2022-0346

The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allowurlinclude is turned on...

6.1CVSS6.5AI score0.02205EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-2314

The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site...

9.8CVSS7.5AI score0.12442EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/31 12:0 a.m.6 views

VulnCheck KEV: CVE-2018-17532

Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges...

10CVSS7.7AI score0.71328EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/31 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-23961

Thruk Monitoring reflected XSS on login field...

5.8AI score0.00201EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/29 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-49070

Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10...

9.8CVSS7.4AI score0.95442EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/28 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-20470

An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal arbitrary file access vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files...

7.5CVSS7.1AI score0.45055EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/25 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-0656

The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded...

7.5CVSS7.1AI score0.07736EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/25 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-15920

There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution RCE with administrative root privileges. No authentication is required...

10CVSS7.4AI score0.98239EPSS
Exploits6References1
Total number of security vulnerabilities4985