Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2023/12/25 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-29597

IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server...

9.8CVSS7.3AI score0.71666EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-7101

Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic...

7.8CVSS7.8AI score0.167EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/24 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-25864

node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file...

7.5CVSS7.2AI score0.09331EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/24 12:0 a.m.7 views

VulnCheck KEV: CVE-2023-7102

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic...

9.8CVSS7.4AI score0.43323EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/24 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-24284

The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fontsicon directory with no checks for malicious files such as PHP...

9.8CVSS7.5AI score0.4214EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/24 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-21805

An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability...

10CVSS7.4AI score0.69631EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/24 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-24227

The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials...

7.5CVSS7.1AI score0.05879EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/24 12:0 a.m.10 views

VulnCheck KEV: CVE-2021-28151

Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address aka Destination field to the tools.cgi ping command, which is accessible with the username guest and password guest...

9CVSS7.3AI score0.27912EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/24 12:0 a.m.7 views

VulnCheck KEV: CVE-2021-29203

A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary...

10CVSS7.3AI score0.68293EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/24 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-35250

A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1...

7.5CVSS7AI score0.14397EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/23 12:0 a.m.9 views

VulnCheck KEV: CVE-2022-21661

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WPQuery, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in...

8CVSS7.1AI score0.97795EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/23 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-51477

Improper Authentication vulnerability in BUDDYBOSS DMCC BuddyBoss Theme allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyBoss Theme: from n/a through 2.4.60...

9.8CVSS7.3AI score0.00697EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/23 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-3982

The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE...

9.8CVSS7.4AI score0.04493EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/23 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-1950

The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection...

9.8CVSS7.4AI score0.04278EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/23 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-30118

An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management RMM 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab/uploader.aspx is vulnerable to an unauthenticated arbitrary file upload...

10CVSS7.4AI score0.60084EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/21 12:0 a.m.6 views

VulnCheck KEV: CVE-2020-36112

CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application...

9.8CVSS7.4AI score0.17166EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/20 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-1768

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the /rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive...

9.8CVSS7.3AI score0.12003EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/20 12:0 a.m.6 views

VulnCheck KEV: CVE-2020-1206

An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 SMBv3 protocol handles certain requests, aka 'Windows SMBv3 Client/Server Information Disclosure Vulnerability'...

7.5CVSS7.3AI score0.0954EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/20 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-21742

Microsoft SharePoint Server Remote Code Execution Vulnerability...

8.8CVSS7.4AI score0.55786EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/20 12:0 a.m.7 views

VulnCheck KEV: CVE-2022-31706

The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution...

9.8CVSS7.7AI score0.87077EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/20 12:0 a.m.7 views

VulnCheck KEV: CVE-2022-31704

The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution...

9.8CVSS7.7AI score0.81011EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/20 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-31711

VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication...

5.3CVSS7AI score0.21657EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/20 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-1439

Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction...

6.3CVSS6.5AI score0.0321EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/19 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-7024

Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using...

8.8CVSS7.7AI score0.07356EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/19 12:0 a.m.5 views

VulnCheck KEV: CVE-2018-11759

The Apache Web Server httpd specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then...

7.5CVSS7.2AI score0.90647EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/19 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-3169

The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform...

6.1CVSS6.9AI score0.01595EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/19 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-3708

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3707, to execute any OS commands on the vulnerable device...

7.8CVSS6.9AI score0.24563EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/19 12:0 a.m.6 views

VulnCheck KEV: CVE-2020-13638

lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7...

9.8CVSS7.2AI score0.76758EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/18 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-2982

The WordPress Social Login and Register Discord, Google, Twitter, LinkedIn plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This...

9.8CVSS7.4AI score0.46242EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/16 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-6553

The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve...

9.8CVSS7.4AI score0.97846EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/15 12:0 a.m.7 views

VulnCheck KEV: CVE-2015-2863

Open redirect vulnerability in Kaseya Virtual System Administrator VSA 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

4.3CVSS5.9AI score0.10317EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/14 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-1434

Insecure Content-Type validation Cross-Site Scripting in Oodo...

5.8AI score
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/14 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-22897

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not use...

6.5CVSS6.9AI score0.04074EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/14 12:0 a.m.5 views

VulnCheck KEV: CVE-2016-0457

Unspecified vulnerability in the Application Mgmt Pack for E-Business Suite component in Oracle E-Business Suite 12.1 and 12.2 allows remote attackers to affect confidentiality via vectors related to REST Framework, a different vulnerability than CVE-2016-0456. NOTE: the previous information...

5CVSS5.8AI score0.0392EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/14 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-47565

QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network...

8.8CVSS7.5AI score0.73277EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/13 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-8387

MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component...

9.8CVSS7.3AI score0.55721EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-41800

In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note:...

8.7CVSS7.1AI score0.62406EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/12 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-22214

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited...

8.6CVSS7.4AI score0.27806EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2017-1000028

Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request...

7.5CVSS7.1AI score0.99479EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-7796

Synacor Zimbra Collaboration Suite ZCS contains a server-side request forgery vulnerability if WebEx zimlet installed and zimlet JSP is enabled...

9.8CVSS7.4AI score0.85416EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/11 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-13167

Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php with certain Referer headers launches a command line with client-supplied parameters, and allows injection of shell metacharacters...

9.8CVSS7.9AI score0.95415EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/11 12:0 a.m.7 views

VulnCheck KEV: CVE-2020-13117

Wavlink WN575A4, WN579X3, and WN530G3A devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request...

10CVSS7.4AI score0.68794EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/11 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-16932

A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data...

10CVSS7.3AI score0.39137EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/10 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-0760

The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the postid parameter before using it in a SQL statement via the qcopdupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection...

9.8CVSS7.4AI score0.10825EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/08 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-21500

Vulnerability in Oracle E-Business Suite component: Manage Proxies. The supported version that is affected is 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can...

7.5CVSS7.1AI score0.70589EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-48777

Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1...

9.9CVSS7.3AI score0.041EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-24288

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI...

8.8CVSS7.3AI score0.7788EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2010-1807

WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted HTML document,...

9.3CVSS6.2AI score0.61319EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/07 12:0 a.m.5 views

VulnCheck KEV: CVE-2012-1461

The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus...

4.3CVSS5.8AI score0.91746EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/06 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-49897

FXC AE1021 and AE1021PE contain an OS command injection vulnerability that allows authenticated users to execute commands via a network...

8.8CVSS7.5AI score0.50729EPSS
Exploits1References1
Total number of security vulnerabilities4985