Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2023/11/14 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-5129

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in...

10CVSS7.2AI score0.38531EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-0591

The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3get AJAX action, leading to SSRF issues exploitable by unauthenticated users...

9.1CVSS7.3AI score0.20249EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/14 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-36033

Microsoft Windows Desktop Window Manager DWM Core Library contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.3AI score0.11977EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/14 12:0 a.m.•7 views

VulnCheck KEV: CVE-2018-11686

The Publish Service in FlexPaper later renamed FlowPaper 2.3.6 allows remote code execution via setup.php and changeconfig.php...

9.8CVSS7.8AI score0.49787EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/14 12:0 a.m.•6 views

VulnCheck KEV: CVE-2019-18394

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests...

9.8CVSS7.4AI score0.32304EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-2487

A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument starthour leads to os command injection. The exploit has been disclosed to the public and may be...

9.8CVSS7AI score0.79513EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-46442

In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization...

9.8CVSS7.3AI score0.54566EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/14 12:0 a.m.•6 views

VulnCheck KEV: CVE-2023-36036

Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges...

7.8CVSS7.3AI score0.1667EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/14 12:0 a.m.•9 views

VulnCheck KEV: CVE-2022-0867

The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users...

9.8CVSS7.4AI score0.12455EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/14 12:0 a.m.•8 views

VulnCheck KEV: CVE-2021-3223

Node-RED-Dashboard before 2.26.2 allows uibase/js/..%2f directory traversal to read files...

7.5CVSS7.1AI score0.18369EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-22911

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE...

9.8CVSS7.3AI score0.95242EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-29383

NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi...

9.8CVSS7.4AI score0.48957EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•6 views

VulnCheck KEV: CVE-2022-28219

Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution...

9.8CVSS7.3AI score0.97011EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-4063

The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers...

9.8CVSS7.4AI score0.09519EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2018-7700

DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tagtestaction.php request can specify a runphp field in conjunction with PHP code...

8.8CVSS7.4AI score0.74842EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•8 views

VulnCheck KEV: CVE-2020-17453

WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter...

6.1CVSS6.4AI score0.26118EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•6 views

VulnCheck KEV: CVE-2020-22165

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information...

7.5CVSS7.2AI score0.06348EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-29007

Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication...

9.8CVSS7.4AI score0.19478EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•7 views

VulnCheck KEV: CVE-2021-25646

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a...

9CVSS7.4AI score0.99301EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-31656

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate...

9.8CVSS7.4AI score0.18285EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-5127

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in...

10CVSS7.2AI score0.45302EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-36584

Microsoft Windows Mark of the Web MOTW contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features...

5.4CVSS7AI score0.03055EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-29014

A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441api-2.0.418 allows attackers to read arbitrary files...

7.5CVSS7.2AI score0.10612EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-27986

SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it...

7.5CVSS7.2AI score0.16183EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-28079

College Management System v1.0 was discovered to contain a SQL injection vulnerability via the coursecode parameter...

8.8CVSS7.3AI score0.28826EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•6 views

VulnCheck KEV: CVE-2013-7091

Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. dot dot in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by...

5CVSS7.6AI score0.86196EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-21402

Jellyfin is a Free Software Media System. In Jellyfin before version 10.7.1, with certain endpoints, well crafted requests will allow arbitrary file read from a Jellyfin server's file system. This issue is more prevalent when Windows is used as the host OS. Servers that are exposed to the...

7.7CVSS6.7AI score0.79855EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-39960

The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexportdownload=true request to a plugins/servlet/groupexportforjira/admin/ URI...

5.3CVSS6AI score0.2568EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-21650

Myucms v2.2.1 contains a remote code execution RCE vulnerability in the component \controller\Config.php, which can be exploited via the add method...

8.8CVSS7.8AI score0.03083EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•6 views

VulnCheck KEV: CVE-2022-31126

Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a specially crafted HTTP request to /app/options.py file. This affects Roxy-wi versions before...

10CVSS7.7AI score0.49937EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-36642

A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial access to the control panel with high privilege because the cleartext storage of sensitive...

9.8CVSS7.3AI score0.09572EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-23575

A directory traversal vulnerability exists in Kyocera Printer d-COPIA253MF plus. Successful exploitation of this vulnerability could allow an attacker to retrieve or view arbitrary files from the affected server...

7.5CVSS6.8AI score0.36765EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-39211

GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual...

5.3CVSS6.7AI score0.04446EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-31793

dorequest in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589,...

7.5CVSS7.4AI score0.11372EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-41840

Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin = 2.7.7 on WordPress...

9.8CVSS7.3AI score0.05116EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•6 views

VulnCheck KEV: CVE-2022-40881

SolarView Compact 6.00 was discovered to contain a command injection vulnerability via networktest.php...

9.8CVSS7.3AI score0.29451EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-40022

Microchip Technology Microsemi SyncServer S650 was discovered to contain a command injection vulnerability...

9.8CVSS7.3AI score0.92472EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•1 views

VulnCheck KEV: CVE-2021-37291

An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the inputid POST parameter in index.php...

9.8CVSS7.5AI score0.08146EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-18378

In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $GET'uploaddir' is not escaped and is passed to system through $tmpuploaddir, leading to upgradehandle.php?cmd=writeuploaddir remote command execution...

9.8CVSS7.3AI score0.0817EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-4050

The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

9.8CVSS7.4AI score0.04756EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-34753

A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause remote root exploit when the command is compromised. Affected Products: SpaceLogic C-Bus Home Controller 5200WHC2, formerly known as C-Bus Wiser Homer...

8.8CVSS7.3AI score0.71084EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-7254

Linear eMerge E3-Series devices allow File Inclusion...

7.5CVSS7.2AI score0.82036EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-4117

The IWS WordPress plugin through 1.0 does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection...

9.8CVSS7.4AI score0.04955EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-3980

An XML External Entity XEE vulnerability allows server-side request forgery SSRF and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4...

9.8CVSS7.7AI score0.08087EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-9833

/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue e.g., a vulnerability on one type of camera because Boa does not include...

7.8CVSS7.3AI score0.68464EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•11 views

VulnCheck KEV: CVE-2022-34121

Cuppa CMS v1.0 was discovered to contain a local file inclusion LFI vulnerability via the component /templates/default/html/windows/right.php...

7.5CVSS7.1AI score0.03059EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-3801

A vulnerability, which was classified as critical, was found in IBAX go-ibax. This affects an unknown part of the file /api/v2/open/rowsInfo. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...

8.8CVSS7AI score0.30082EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-35580

A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the...

7.5CVSS7.2AI score0.13975EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•8 views

VulnCheck KEV: CVE-2021-21087

Adobe Coldfusion versions 2016 update 16 and earlier, 2018 update 10 and earlier and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. An attacker could abuse this vulnerability to execute arbitrary...

5.4CVSS6.1AI score0.37095EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/11/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-23347

BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks...

7.5CVSS7.1AI score0.13121EPSS
Exploits1References1
Total number of security vulnerabilities4985