Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2023/12/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-8451

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF vulnerability due to a logic bug in the JiraWhitelist class...

6.5CVSS6.8AI score0.94453EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/06 12:0 a.m.•5 views

VulnCheck KEV: CVE-2012-0297

The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by 1 injecting crafted data or 2 including crafted data...

10CVSS6.2AI score0.72596EPSS
Exploits22References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/05 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-12986

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation issue 2 of 6...

10CVSS7.3AI score0.39544EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/05 12:0 a.m.•7 views

VulnCheck KEV: CVE-2023-33063

Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services during a remote call from HLOS to DSP...

7.8CVSS7.3AI score0.007EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/05 12:0 a.m.•5 views

VulnCheck KEV: CVE-2018-1335

From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted...

9.3CVSS7.3AI score0.93972EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/05 12:0 a.m.•5 views

VulnCheck KEV: CVE-2018-8006

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter...

6.1CVSS6.6AI score0.55895EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/05 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-12985

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation issue 1 of 6...

10CVSS7.3AI score0.42551EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/05 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-26295

Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz...

9.8CVSS7.4AI score0.97969EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/05 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-33044

Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the client during authentication...

10CVSS7.1AI score0.99871EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/05 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-37580

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0...

9.8CVSS7.2AI score0.40058EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/05 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-50428

In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code e.g., with OPFALSE OPIF, as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of...

5.3CVSS6.1AI score0.00779EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/05 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-1943

Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07...

6.1CVSS6.4AI score0.97309EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/05 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-12987

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation issue 3 of 6...

10CVSS7.3AI score0.42551EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/04 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-25573

metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in /api/jmeter/download/files, which allows any user to download any file without authentication. This issue may expose all files available to the running process...

8.6CVSS7.1AI score0.49851EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/04 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-28343

OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/settimezone timezone parameter, because of settimezone in models/managementmodel.php...

9.8CVSS7.3AI score0.85332EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/04 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-23489

The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edddownloadsearch' action...

9.8CVSS7.4AI score0.11172EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/04 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-30625

rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default...

8.8CVSS7.5AI score0.85825EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/04 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-31465

An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named argx, with x an integer starting from 1; it is possible...

9.8CVSS7.3AI score0.44455EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/04 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-36934

In Progress MOVEit Transfer before 2020.1.11 12.1.11, 2021.0.9 13.0.9, 2021.1.7 13.1.7, 2022.0.7 14.0.7, 2022.1.8 14.1.8, and 2023.0.4 15.0.4, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to...

9.1CVSS7.4AI score0.95EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/04 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-22620

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface...

7.5CVSS7.1AI score0.03888EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/04 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-5074

Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28...

9.8CVSS7AI score0.67914EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/04 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-39026

Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component...

7.5CVSS7.1AI score0.10562EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/04 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-22478

KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds...

7.5CVSS7AI score0.03573EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/04 12:0 a.m.•6 views

VulnCheck KEV: CVE-2023-45852

In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method...

9.8CVSS7.2AI score0.14003EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/04 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-26067

Certain Lexmark devices through 2023-02-19 mishandle Input Validation issue 1 of 4...

8.1CVSS7.1AI score0.37835EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/04 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-25135

vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verifyserialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed...

9.8CVSS7.7AI score0.23926EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/04 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-1698

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise...

9.8CVSS7.3AI score0.82037EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/04 12:0 a.m.•6 views

VulnCheck KEV: CVE-2023-4634

The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mlastreamfile' parameter from the /includes/mla-stream-image.php...

9.8CVSS7.4AI score0.82585EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/04 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-35844

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension .csv or .png is used...

7.5CVSS7.1AI score0.06344EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/04 12:0 a.m.•7 views

VulnCheck KEV: CVE-2023-32235

Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js...

7.5CVSS7.2AI score0.39078EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/04 12:0 a.m.•9 views

VulnCheck KEV: CVE-2023-27159

Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request...

7.5CVSS7AI score0.36171EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-21978

VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could...

9.8CVSS7.9AI score0.99005EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-0679

The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the libpath parameter before it is passed into a call to require via the narnoodistributorlibrequest AJAX action available to both unauthenticated and authenticated users which results in the disclosure...

9.8CVSS7.3AI score0.4783EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-25487

Atom CMS v2.0 was discovered to contain a remote code execution RCE vulnerability via /admin/uploads.php...

9.8CVSS7.8AI score0.54766EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-27850

A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was...

10CVSS7.8AI score0.94089EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/02 12:0 a.m.•8 views

VulnCheck KEV: CVE-2021-34187

main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter...

9.8CVSS7.4AI score0.16181EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/02 12:0 a.m.•10 views

VulnCheck KEV: CVE-2021-43798

Grafana contains a path traversal vulnerability that could allow access to local files...

7.5CVSS7.3AI score0.88849EPSS
Exploits44References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/02 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-27855

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this...

8.8CVSS7.2AI score0.01604EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/02 12:0 a.m.•6 views

VulnCheck KEV: CVE-2020-12832

WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input...

9.8CVSS7.4AI score0.07131EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-1177

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1...

9.8CVSS7.3AI score0.69468EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/01 12:0 a.m.•2 views

VulnCheck KEV: CVE-2020-17506

Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php...

9.8CVSS7.4AI score0.93967EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-49739

Vulnerability in IdeaBox Creations PowerPack Pro for Elementor.This issue affects PowerPack Pro for Elementor: from n/a through 2.9.23...

7.1CVSS6.8AI score0.00416EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-4169

A vulnerability was found in Ruijie RG-EW1200G 1.01B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/setpasswd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack...

8.8CVSS6.5AI score0.47109EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2023/12/01 12:0 a.m.•7 views

VulnCheck KEV: CVE-2021-29441

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication -Dnacos.core.auth.enabled=true Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor...

9.8CVSS7.4AI score0.74242EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/30 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-27482

homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older...

10CVSS7.2AI score0.71974EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/30 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-42916

Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple...

6.5CVSS7.1AI score0.17823EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/30 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-0846

The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dkspeakoutsendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users...

9.8CVSS7.4AI score0.08785EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/30 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-0747

The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the postid parameter before using it in a SQL statement via the qcldupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection...

9.8CVSS7.4AI score0.15254EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/30 12:0 a.m.•6 views

VulnCheck KEV: CVE-2020-8982

An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones aka storage zones Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix...

7.5CVSS7.3AI score0.27149EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/30 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-25003

The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE...

9.8CVSS7.3AI score0.56148EPSS
Exploits3References1
Total number of security vulnerabilities4985