Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2023/11/30 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-0826

The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users...

9.8CVSS7.4AI score0.09238EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/30 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-21479

In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system...

9.1CVSS7.3AI score0.09993EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/30 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-0827

The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users...

9.8CVSS7.4AI score0.09047EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/30 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-42917

Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products...

8.8CVSS7.6AI score0.0937EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/30 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-0769

The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the datatarget parameter before it is being interpolated in an SQL statement and then executed via the ratingvote AJAX action available to both unauthenticated and authenticated users, leading to an SQL...

9.8CVSS7.4AI score0.08415EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/29 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-21389

BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in...

9CVSS7.2AI score0.13882EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/29 12:0 a.m.2 views

VulnCheck KEV: CVE-2021-21307

Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a...

9.8CVSS7.5AI score0.89189EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/29 12:0 a.m.8 views

VulnCheck KEV: CVE-2021-33564

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verifyurl option is disabled. This may lead to code execution. The problem occurs because the generate and process features...

9.8CVSS7.5AI score0.72249EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/29 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-20933

InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret aka shared secret...

9.8CVSS7AI score0.30921EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/28 12:0 a.m.8 views

VulnCheck KEV: CVE-2017-8226

Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a...

9.8CVSS7.3AI score0.03766EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/28 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-48365

Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software...

9.9CVSS7.5AI score0.24676EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/28 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-28770

The sensitive information exposure vulnerability in the CGI “ExportLog” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17ABYO.1C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file...

7.5CVSS7.2AI score0.57778EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/28 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-48760

Multiple plugins by Crocoblock for WordPress are vulnerable to an authorization bypass vulnerability...

9.8CVSS7.3AI score0.00445EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/28 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-41266

Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further requests to unauthorized endpoints...

8.2CVSS6.7AI score0.84966EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/28 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-41265

Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software...

9.9CVSS7.5AI score0.84967EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/28 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-6448

Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands...

9.8CVSS7.4AI score0.02089EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/27 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-41569

SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library included by default in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro...

7.5CVSS7.1AI score0.07845EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/27 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-1390

The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile, which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by...

9.8CVSS7.4AI score0.22133EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/27 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-1020

The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

9.8CVSS7.4AI score0.0499EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/27 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-19625

Remote Code Execution Vulnerability in tests/support/stores/testgridfilter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter...

9.8CVSS7.6AI score0.13143EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/27 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-11248

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for...

8.2CVSS6.8AI score0.61139EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/27 12:0 a.m.11 views

VulnCheck KEV: CVE-2023-0552

The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability...

5.4CVSS6.7AI score0.24263EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/27 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-34659

jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface...

9.8CVSS7.4AI score0.1248EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/27 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-49103

ownCloud graphapi contains an information disclosure vulnerability that can reveal sensitive data stored in phpinfo via GetPhpInfo.php, including administrative credentials...

10CVSS7.3AI score0.78428EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/27 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-0784

The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpextitles AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection...

9.8CVSS7.4AI score0.10079EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/27 12:0 a.m.2 views

VulnCheck KEV: CVE-2018-3810

Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code via the sgcgoogleanalytic parameter that runs on all pages served by WordPress. The saveGoogleCode function...

9.8CVSS7.5AI score0.91477EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/26 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-17503

An issue was discovered in Kirona Dynamic Resource Scheduling DRS 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd aka /osmtiles/REGISTER.cmd directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL...

5.3CVSS6.1AI score0.49236EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/26 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-46381

Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter e.g., to the badging/badgetemplatev0.php component. This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e...

6.1CVSS6.4AI score0.01739EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/26 12:0 a.m.2 views

VulnCheck KEV: CVE-2018-14918

LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal...

7.8CVSS7.1AI score0.17982EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/26 12:0 a.m.6 views

VulnCheck KEV: CVE-2017-15363

Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter...

7.5CVSS7.2AI score0.13649EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/26 12:0 a.m.6 views

VulnCheck KEV: CVE-2019-9733

An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admin account in case an administrator gets locked out from the Artifactory console. This is only allowable from a connection directly from localhost, but providing a...

9.8CVSS7.3AI score0.53879EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/26 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-16159

The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the templateid parameter in a wp-admin/admin-ajax.php wpgvdoajaxfronttemplate request...

9.8CVSS7.4AI score0.49918EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/26 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-14912

cgitcloneobjects in CGit before 1.2.1 has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request...

7.5CVSS7.1AI score0.93188EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/26 12:0 a.m.5 views

VulnCheck KEV: CVE-2019-12990

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal...

10CVSS7.3AI score0.39335EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/26 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-19365

The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request...

9.1CVSS7.3AI score0.22292EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/26 12:0 a.m.10 views

VulnCheck KEV: CVE-2018-15138

Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs...

7.5CVSS7.1AI score0.12851EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/26 12:0 a.m.5 views

VulnCheck KEV: CVE-2018-12031

Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/nodeupgradesrv.js directory traversal with the firmware parameter in a downloadFirmware action...

9.8CVSS7.3AI score0.17313EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/26 12:0 a.m.7 views

VulnCheck KEV: CVE-2018-11409

Splunk through 7.0.1 allows information disclosure by appending raw/services/server/info/server-info?outputmode=json to a query, as demonstrated by discovering a license key...

5.3CVSS6AI score0.98371EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/26 12:0 a.m.5 views

VulnCheck KEV: CVE-2018-11222

Local File Inclusion LFI in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandoraconsole/ajax.php ajax endpoint...

7.5CVSS7.1AI score0.06714EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/26 12:0 a.m.12 views

VulnCheck KEV: CVE-2019-12276

A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made...

7.5CVSS7.2AI score0.53705EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/26 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-12593

IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal...

7.5CVSS7.1AI score0.40965EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-28005

An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server via /Electron/download directory traversal in conjunction with a path component that uses...

9.8CVSS7.2AI score0.0608EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/25 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-3836

A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePointaddImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated...

9.8CVSS6.5AI score0.73525EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/25 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-29919

SolarView Compact = 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted...

9.8CVSS7.3AI score0.60221EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/25 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-11991

When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system...

7.5CVSS7.2AI score0.73078EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-22242

A Cross-site Scripting XSS vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web. This issue affects Juniper Networks Junos OS...

6.1CVSS6.5AI score0.02468EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/25 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-45933

KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side...

9.8CVSS7.3AI score0.51696EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-30168

The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administrator’s credential and further control the devices...

9.8CVSS7.3AI score0.02133EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/25 12:0 a.m.13 views

VulnCheck KEV: CVE-2020-17518

Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or...

7.5CVSS7.2AI score0.50038EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/25 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-11455

LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php...

9.8CVSS7.3AI score0.96986EPSS
Exploits6References1
Total number of security vulnerabilities4985