Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2023/08/16 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-4762

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...

8.8CVSS7.6AI score0.37987EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/14 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-40211

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50...

7.5CVSS7.1AI score0.02041EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/14 12:0 a.m.•8 views

VulnCheck KEV: CVE-2021-29476

Requests is a HTTP library written in PHP. Requests mishandles deserialization in FilteredIterator. The issue has been patched and users of Requests 1.6.0, 1.6.1 and 1.7.0 should update to version 1.8.0...

9.8CVSS7.2AI score0.02142EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/12 12:0 a.m.•6 views

VulnCheck KEV: CVE-2025-52572

Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own Telegram account to gain RCE to the server by authorizing in the dangling web interface. 2. Web...

10CVSS5.8AI score0.00619EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/10 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-39312

Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1...

9.1CVSS7.3AI score0.00465EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/09 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-38180

Microsoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial-of-service DoS...

7.5CVSS7.3AI score0.15519EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/08 12:0 a.m.•8 views

VulnCheck KEV: CVE-2024-25461

Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM v.7.18.4.1532 allows a remote attacker to obtain sensitive information via a crafted request to the terrasoft.axd component...

7.5CVSS5.8AI score0.00965EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/08 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-4243

The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing...

8.8CVSS7.4AI score0.00765EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/08 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-39910

The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the internal entropy to 32 bits regardless of settings. This allows remote attackers to recover any wallet...

7.5CVSS7.1AI score0.01312EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/07 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-4332

The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 pro and 2.0.6 free. The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately,...

6.5CVSS6.7AI score0.00796EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/28 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-35081

Ivanti Endpoint Manager Mobile EPMM contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can be used in conjunction with CVE-2023-35078 to bypass authentication and ACLs restrictions if...

10CVSS7.2AI score0.99999EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/27 12:0 a.m.•7 views

VulnCheck KEV: CVE-2022-0732

The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR Insecure Direct Object Reference vulnerability...

7.5CVSS7.1AI score0.0247EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/26 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-24489

Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers...

9.8CVSS7.4AI score0.95076EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/26 12:0 a.m.•7 views

VulnCheck KEV: CVE-2023-38408

The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOTE: this issue exists...

9.8CVSS7.5AI score0.76768EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/26 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-34478

Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or...

9.8CVSS7.1AI score0.01533EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/24 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-35078

Ivanti Endpoint Manager Mobile EPMM, previously branded MobileIron Core contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information PII such as names,...

10CVSS7.4AI score0.99999EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/24 12:0 a.m.•8 views

VulnCheck KEV: CVE-2023-38606

Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state...

5.5CVSS6.9AI score0.01002EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/20 12:0 a.m.•6 views

VulnCheck KEV: CVE-2023-38205

Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass...

7.5CVSS7.3AI score0.99732EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/19 12:0 a.m.•2 views

VulnCheck KEV: CVE-2020-11514

The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint...

9.8CVSS7.4AI score0.09106EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/19 12:0 a.m.•5 views

VulnCheck KEV: CVE-2011-0105

Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data...

9.3CVSS6.5AI score0.71129EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/18 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-33999

Freemius SDK for WordPress is vulnerable to a reflected cross site scripting vulnerability due to improper sanitization...

6.9AI score0.00284EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/18 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-26255

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system...

7.5CVSS7AI score0.47907EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/18 12:0 a.m.•2 views

VulnCheck KEV: CVE-2023-26256

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system...

7.5CVSS7AI score0.11615EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/18 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-3519

Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution...

9.8CVSS7.7AI score0.99445EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/17 12:0 a.m.•6 views

VulnCheck KEV: CVE-2023-28121

An issue in WooCommerce Payments plugin for WordPress versions 5.6.1 and lower allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of...

9.8CVSS7.4AI score0.86919EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/17 12:0 a.m.•6 views

VulnCheck KEV: CVE-2023-38203

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution...

9.8CVSS7.5AI score0.97003EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/17 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-29298

Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass...

7.5CVSS7.3AI score0.99754EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/16 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-34960

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11. up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name...

9.8CVSS7.7AI score0.99397EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/14 12:0 a.m.•7 views

VulnCheck KEV: CVE-2023-37999

Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0...

9.8CVSS6AI score0.03043EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/12 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-38198

acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023...

9.8CVSS7.5AI score0.00934EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/11 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-32049

Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt...

8.8CVSS7.4AI score0.04401EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/11 12:0 a.m.•6 views

VulnCheck KEV: CVE-2023-32046

Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.3AI score0.09083EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/11 12:0 a.m.•2 views

VulnCheck KEV: CVE-2023-35311

Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt...

8.8CVSS7.4AI score0.15028EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/10 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-38831

RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file within a ZIP archive...

7.8CVSS7AI score0.97798EPSS
Exploits49References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/10 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-37450

Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which...

8.8CVSS7.6AI score0.18185EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/05 12:0 a.m.•3 views

VulnCheck KEV: CVE-2010-1573

Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username Gemtek and password gemtekswd for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the 1 data1, 2 data2, or 3 data3 parameters to a Debugcommandpage.asp...

10CVSS7.6AI score0.20792EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/05 12:0 a.m.•7 views

VulnCheck KEV: CVE-2022-39952

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via...

9.8CVSS7.5AI score0.99815EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/05 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-23333

There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php...

9.8CVSS7.4AI score0.99273EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/05 12:0 a.m.•7 views

VulnCheck KEV: CVE-2019-7580

ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code via the portal/admincategory/addpost.html alias parameter because the mishandling of a single quote character allows data/conf/route.php injection...

8.8CVSS7.6AI score0.09935EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/05 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-29256

Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information...

9CVSS7.4AI score0.0302EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/05 12:0 a.m.•6 views

VulnCheck KEV: CVE-2018-20122

The web interface on FASTGate Fastweb devices with firmware through 0.00.47FW200Askey 2017-05-17 software through 1.0.1b exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges. No authentication...

10CVSS7.9AI score0.04821EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/05 12:0 a.m.•7 views

VulnCheck KEV: CVE-2023-36884

Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web MOTW defenses via a specially crafted malicious file, leading to remote code execution...

7.5CVSS7.2AI score0.99083EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/05 12:0 a.m.•6 views

VulnCheck KEV: CVE-2022-31374

An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file...

9.8CVSS7.6AI score0.0241EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/05 12:0 a.m.•11 views

VulnCheck KEV: CVE-2022-44354

SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file...

9.8CVSS7.3AI score0.02131EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/04 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-1119

The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin before 2.4.1 use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability...

6.1CVSS6.8AI score0.01099EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/07/01 12:0 a.m.•6 views

VulnCheck KEV: CVE-2022-46690

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges...

7.8CVSS7.6AI score0.00533EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/06/30 12:0 a.m.•12 views

VulnCheck KEV: CVE-2023-36874

Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.3AI score0.32309EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2023/06/29 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-3460

The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild...

9.8CVSS7.6AI score0.72306EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
•added 2023/06/29 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-37580

Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting vulnerability impacting the confidentiality and integrity of data...

6.1CVSS6.5AI score0.59041EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/06/28 12:0 a.m.•6 views

VulnCheck KEV: CVE-2019-0623

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'...

7.8CVSS7.1AI score0.0593EPSS
Exploits1References1
Total number of security vulnerabilities4985