Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2023/11/13 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-10546

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices...

9.8CVSS7.3AI score0.8733EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/13 12:0 a.m.8 views

VulnCheck KEV: CVE-2022-35413

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...

9.8CVSS7.3AI score0.12476EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/13 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-0786

The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajaxpost AJAX action with the getdoctordetails route, leading to SQL Injections exploitable by unauthenticated users...

9.8CVSS7.4AI score0.12619EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/13 12:0 a.m.7 views

VulnCheck KEV: CVE-2020-35131

Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI...

9.8CVSS7.4AI score0.51299EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/13 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-29153

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5...

7.5CVSS6.8AI score0.08912EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/13 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-17246

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with...

9.8CVSS7.1AI score0.82251EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/13 12:0 a.m.13 views

VulnCheck KEV: CVE-2022-39986

A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfgid parameter in /ajax/openvpn/activateovpncfg.php and /ajax/openvpn/delovpncfg.php...

9.8CVSS7.5AI score0.98725EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/13 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-2488

A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlistsync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used...

9.8CVSS6.9AI score0.28724EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/13 12:0 a.m.8 views

VulnCheck KEV: CVE-2023-38646

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1,...

9.8CVSS7.7AI score0.97924EPSS
Exploits36References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/09 12:0 a.m.7 views

VulnCheck KEV: CVE-2022-34305

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability...

6.1CVSS6.9AI score0.06156EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/08 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-47246

SysAid Server on-premises version contains a path traversal vulnerability that leads to code execution...

9.8CVSS7.5AI score0.98851EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/03 12:0 a.m.9 views

VulnCheck KEV: CVE-2023-4911

GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBCTUNABLES environment variable, allowing a local attacker to execute code with elevated privileges...

7.8CVSS7.3AI score0.81422EPSS
Exploits27References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/02 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-46604

Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath...

10CVSS7.1AI score0.99654EPSS
Exploits31References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/02 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-22518

Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an unauthenticated attacker. There is no impact on confidentiality since the attacker cannot exfiltrate any data...

10CVSS7.4AI score0.99999EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/31 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-46747

F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute system...

9.8CVSS7.5AI score0.96515EPSS
Exploits17References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/31 12:0 a.m.6 views

VulnCheck KEV: CVE-2019-12988

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation issue 4 of 6...

10CVSS7.3AI score0.39544EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/30 12:0 a.m.2 views

VulnCheck KEV: CVE-2023-46748

F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46747...

9.8CVSS7.5AI score0.96515EPSS
Exploits18References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/29 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-5559

The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service...

9.1CVSS7.4AI score0.02811EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/25 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-5631

Roundcube Webmail contains a persistent cross-site scripting XSS vulnerability that allows a remote attacker to run malicious JavaScript code...

6.1CVSS6.2AI score0.73445EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/17 12:0 a.m.9 views

VulnCheck KEV: CVE-2023-4966

Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA virtual server...

9.4CVSS7.4AI score0.99999EPSS
Exploits15References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/16 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-20273

Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file system. Cisco identified CVE-2023-20273 as the vulnerability exploited...

10CVSS7.1AI score0.99571EPSS
Exploits28References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/16 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-20198

Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege level 15 access. The attacker can then use that account to gain control of the affected device...

10CVSS7.2AI score0.99571EPSS
Exploits27References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-43261

An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components...

7.5CVSS7.3AI score0.60176EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/13 12:0 a.m.10 views

VulnCheck KEV: CVE-2023-5360

The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE...

9.8CVSS7.4AI score0.81695EPSS
Exploits18References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/13 12:0 a.m.10 views

VulnCheck KEV: CVE-2023-45797

A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions 1.0.0.1 to 1.0.0.26 allows an attacker to remotely execute code...

9.8CVSS7.4AI score0.00821EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/11 12:0 a.m.7 views

VulnCheck KEV: CVE-2022-23748

Dante Discovery contains a process control vulnerability in mDNSResponder.exe that all allows for a DLL sideloading attack. A local attacker can leverage this vulnerability in the Dante Application Library to execute arbitrary code...

7.8CVSS7.5AI score0.09092EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/10 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-36563

Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure...

6.5CVSS7.1AI score0.20719EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/10 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-41763

Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation...

5.3CVSS7AI score0.90353EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/10 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-21608

Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user...

7.8CVSS7.6AI score0.61475EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/10 12:0 a.m.10 views

VulnCheck KEV: CVE-2023-44487

HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack DDoS...

7.5CVSS6.9AI score0.99999EPSS
Exploits19References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/09 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-23295

Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root...

8.8CVSS7.4AI score0.0383EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/09 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-40475

TOTOLINK A860R V4.1.2cu.5182B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi...

9.8CVSS7.3AI score0.03505EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/09 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-42657

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations delete, rename, rmdir, mkdir on files and folders outside of their authorized WSFTP folder path. Attackers could...

9.9CVSS7.4AI score0.17025EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/09 12:0 a.m.8 views

VulnCheck KEV: CVE-2021-33549

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code...

7.2CVSS7.7AI score0.66194EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/09 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-36380

Sunhillo SureLine contains an OS command injection vulnerability that allows an attacker to cause a denial-of-service or utilize the device for persistence on the network via shell metacharacters in ipAddr or dnsAddr in /cgi/networkDiag.cgi...

10CVSS7.5AI score0.97599EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/09 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-38511

TOTOLINK A810R V5.9c.4050B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi...

7.8CVSS7.1AI score0.01321EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/09 12:0 a.m.7 views

VulnCheck KEV: CVE-2021-33550

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code...

7.2CVSS7.3AI score0.5705EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/09 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-33551

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code...

7.2CVSS7.3AI score0.48811EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/09 12:0 a.m.8 views

VulnCheck KEV: CVE-2021-33553

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code...

7.2CVSS7.3AI score0.48811EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/09 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-33552

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code...

7.2CVSS7.3AI score0.48811EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/09 12:0 a.m.10 views

VulnCheck KEV: CVE-2021-33548

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code...

7.2CVSS7.3AI score0.5705EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/09 12:0 a.m.7 views

VulnCheck KEV: CVE-2021-33554

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code...

7.2CVSS7.3AI score0.5705EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/08 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-21445

Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution...

9.8CVSS7.2AI score0.62478EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-46510

ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the NavigationAjax interface...

7.6CVSS5.9AI score0.00353EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/04 12:0 a.m.7 views

VulnCheck KEV: CVE-2023-28229

Microsoft Windows Cryptographic Next Generation CNG Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges...

7CVSS7.3AI score0.01872EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/04 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-42824

Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation...

7.8CVSS7.3AI score0.00943EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/04 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-22515

Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence...

10CVSS7.4AI score0.99156EPSS
Exploits39References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/02 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-22071

Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress...

8.4CVSS7.3AI score0.0045EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/02 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-33107

Multiple Qualcomm chipsets contain an integer overflow vulnerability due to memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call...

8.4CVSS7.3AI score0.00892EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/10/02 12:0 a.m.14 views

VulnCheck KEV: CVE-2023-33106

Multiple Qualcomm chipsets contain a use of out-of-range pointer offset vulnerability due to memory corruption in Graphics while submitting a large list of sync points in an AUX command to the IOCTLKGSLGPUAUXCOMMAND...

8.4CVSS7.3AI score0.00854EPSS
Exploits0References1
Total number of security vulnerabilities4985