Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2023/11/25 12:0 a.m.15 views

VulnCheck KEV: CVE-2020-17518

Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or...

7.5CVSS7.2AI score0.50038EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/23 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-44976

Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via DeviceIoControl with control code 0x22E010, as exploited in the wild in October 2023...

3.2CVSS5.9AI score0.00177EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/23 12:0 a.m.5 views

VulnCheck KEV: CVE-2017-7927

A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3,...

7.5CVSS7.1AI score0.36747EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-11546

SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection...

9.8CVSS8AI score0.3173EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/22 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-2437

The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any...

9.8CVSS7.3AI score0.06801EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-39316

The Zoomsounds plugin = 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the dzsapdownload action using directory traversal in the link parameter...

7.5CVSS7.2AI score0.66543EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-24931

The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccpid parameter of the ayssccpresultsexportfile AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an SQL injection...

9.8CVSS7.3AI score0.78812EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-2446

The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for...

6.5CVSS6.8AI score0.00849EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/21 12:0 a.m.4 views

VulnCheck KEV: CVE-2011-3600

The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and...

7.5CVSS7.1AI score0.1591EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/20 12:0 a.m.6 views

VulnCheck KEV: CVE-2020-28185

User Enumeration vulnerability in TerraMaster TOS = 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php...

5.3CVSS6.1AI score0.18066EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/19 12:0 a.m.8 views

VulnCheck KEV: CVE-2021-29442

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly...

8.6CVSS7.1AI score0.64697EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/18 12:0 a.m.4 views

VulnCheck KEV: CVE-2017-7921

Multiple Hikvision products contain an improper authentication vulnerability that could allow a malicious user to escalate privileges on the system and gain access to sensitive information...

10CVSS7.3AI score0.99998EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/18 12:0 a.m.7 views

VulnCheck KEV: CVE-2016-5700

Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers to modify the...

9.8CVSS7.3AI score0.06422EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/18 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-38130

The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file i.e.,...

9.8CVSS7.3AI score0.53389EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/18 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-26086

Atlassian Jira Server and Data Center contain a path traversal vulnerability that allows a remote attacker to read particular files in the /WEB-INF/web.xml endpoint...

5.3CVSS6.6AI score0.99999EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/17 12:0 a.m.2 views

VulnCheck KEV: CVE-2019-8442

The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check...

7.5CVSS7.2AI score0.59832EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/17 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-43939

Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization...

9.8CVSS7.4AI score0.92266EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/17 12:0 a.m.7 views

VulnCheck KEV: CVE-2017-12635

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keys for 'roles' used for access control within the database, including the special case 'admin' role,...

10CVSS7.3AI score0.99838EPSS
Exploits21References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/17 12:0 a.m.7 views

VulnCheck KEV: CVE-2021-46417

Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580...

7.8CVSS7.1AI score0.59753EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/17 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-0781

The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an SQL injection...

9.8CVSS7.4AI score0.12408EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/17 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-17506

There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password and other information via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZEDGROUP=1%0a to...

10CVSS7.2AI score0.57298EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/17 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-10548

rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices...

9.8CVSS7.3AI score0.36114EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/17 12:0 a.m.8 views

VulnCheck KEV: CVE-2022-0482

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3...

9.1CVSS7.3AI score0.38133EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/17 12:0 a.m.7 views

VulnCheck KEV: CVE-2022-2958

The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections...

8.8CVSS7.4AI score0.00994EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/17 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-36923

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access...

7.5CVSS7.2AI score0.0793EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/16 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-32563

An unauthenticated attacker could achieve the code execution through a RemoteControl server...

9.8CVSS7.7AI score0.90166EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/16 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-1671

Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution...

9.8CVSS7.7AI score0.99999EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/16 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-34133

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics:...

7.5CVSS7.4AI score0.77027EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/16 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-32030

ASUS Lyra Mini and ASUS GT-AC2900 devices contain an improper authentication vulnerability that allows an attacker to gain unauthorized access to the administrative interface. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...

9.8CVSS7.4AI score0.99393EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/16 12:0 a.m.2 views

VulnCheck KEV: CVE-2021-21234

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this...

7.7CVSS7.1AI score0.21173EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/16 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-35327

A vulnerability in TOTOLINK A720R A720RFirmware v4.1.5cu.470B20200911 allows attackers to start the Telnet service, then login with the default credentials via a crafted POST request...

9.8CVSS7.3AI score0.01384EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/16 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-33831

A remote command execution RCE vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request...

9.8CVSS7.7AI score0.13746EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/16 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-29357

Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator...

9.8CVSS7.4AI score0.99649EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-35082

Ivanti Endpoint Manager Mobile EPMM and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application...

10CVSS7.4AI score0.99999EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/15 12:0 a.m.7 views

VulnCheck KEV: CVE-2001-0537

HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL...

9.3CVSS6AI score0.6845EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-5128

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in...

10CVSS7.2AI score0.30174EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/15 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-7980

Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed...

10CVSS7.6AI score0.82956EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/15 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-13483

The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the itemsITEMSID parameter to the components/bitrix/mobileapp.list/ajax.php/ URI...

6.1CVSS6.4AI score0.04511EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-32409

A local file inclusion LFI vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request...

9.8CVSS7.5AI score0.09475EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-1821

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist...

10CVSS7.5AI score0.98092EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2010-0219

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service...

10CVSS6.2AI score0.89871EPSS
Exploits17References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-24488

Cross site scripting vulnerability in Citrix ADC and Citrix Gateway in allows and attacker to perform cross site scripting...

6.1CVSS6.2AI score0.80907EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/15 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-20073

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement...

9.8CVSS7.4AI score0.88874EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-2414

Access to external entities when parsing XML documents can lead to XML external entity XXE attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests...

7.5CVSS7.3AI score0.85323EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/15 12:0 a.m.2 views

VulnCheck KEV: CVE-2018-0127

A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential...

9.8CVSS7.3AI score0.77605EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/14 12:0 a.m.2 views

VulnCheck KEV: CVE-2018-10737

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter...

7.2CVSS7.2AI score0.42556EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/14 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-36025

Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts...

8.8CVSS7.4AI score0.88196EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/14 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-8209

Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files...

7.5CVSS7.4AI score0.48656EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/14 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-4191

An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API...

5.3CVSS6.8AI score0.80004EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/14 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-25369

Dynamicweb logic flaw remote code execution...

9.8CVSS6.4AI score0.40739EPSS
Exploits0References1
Total number of security vulnerabilities4985