4985 matches found
VulnCheck KEV: CVE-2023-4762
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...
VulnCheck KEV: CVE-2023-40211
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50...
VulnCheck KEV: CVE-2021-29476
Requests is a HTTP library written in PHP. Requests mishandles deserialization in FilteredIterator. The issue has been patched and users of Requests 1.6.0, 1.6.1 and 1.7.0 should update to version 1.8.0...
VulnCheck KEV: CVE-2025-52572
Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own Telegram account to gain RCE to the server by authorizing in the dangling web interface. 2. Web...
VulnCheck KEV: CVE-2023-39312
Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1...
VulnCheck KEV: CVE-2023-38180
Microsoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial-of-service DoS...
VulnCheck KEV: CVE-2024-25461
Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM v.7.18.4.1532 allows a remote attacker to obtain sensitive information via a crafted request to the terrasoft.axd component...
VulnCheck KEV: CVE-2023-4243
The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing...
VulnCheck KEV: CVE-2023-39910
The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the internal entropy to 32 bits regardless of settings. This allows remote attackers to recover any wallet...
VulnCheck KEV: CVE-2021-4332
The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 pro and 2.0.6 free. The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately,...
VulnCheck KEV: CVE-2023-35081
Ivanti Endpoint Manager Mobile EPMM contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can be used in conjunction with CVE-2023-35078 to bypass authentication and ACLs restrictions if...
VulnCheck KEV: CVE-2022-0732
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR Insecure Direct Object Reference vulnerability...
VulnCheck KEV: CVE-2023-24489
Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers...
VulnCheck KEV: CVE-2023-38408
The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOTE: this issue exists...
VulnCheck KEV: CVE-2023-34478
Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or...
VulnCheck KEV: CVE-2023-35078
Ivanti Endpoint Manager Mobile EPMM, previously branded MobileIron Core contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information PII such as names,...
VulnCheck KEV: CVE-2023-38606
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state...
VulnCheck KEV: CVE-2023-38205
Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass...
VulnCheck KEV: CVE-2020-11514
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint...
VulnCheck KEV: CVE-2011-0105
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data...
VulnCheck KEV: CVE-2023-33999
Freemius SDK for WordPress is vulnerable to a reflected cross site scripting vulnerability due to improper sanitization...
VulnCheck KEV: CVE-2023-26255
An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system...
VulnCheck KEV: CVE-2023-26256
An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system...
VulnCheck KEV: CVE-2023-3519
Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution...
VulnCheck KEV: CVE-2023-28121
An issue in WooCommerce Payments plugin for WordPress versions 5.6.1 and lower allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of...
VulnCheck KEV: CVE-2023-38203
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution...
VulnCheck KEV: CVE-2023-29298
Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass...
VulnCheck KEV: CVE-2023-34960
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11. up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name...
VulnCheck KEV: CVE-2023-37999
Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0...
VulnCheck KEV: CVE-2023-38198
acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023...
VulnCheck KEV: CVE-2023-32049
Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt...
VulnCheck KEV: CVE-2023-32046
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation...
VulnCheck KEV: CVE-2023-35311
Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt...
VulnCheck KEV: CVE-2023-38831
RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file within a ZIP archive...
VulnCheck KEV: CVE-2023-37450
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which...
VulnCheck KEV: CVE-2010-1573
Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username Gemtek and password gemtekswd for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the 1 data1, 2 data2, or 3 data3 parameters to a Debugcommandpage.asp...
VulnCheck KEV: CVE-2022-39952
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via...
VulnCheck KEV: CVE-2023-23333
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php...
VulnCheck KEV: CVE-2019-7580
ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code via the portal/admincategory/addpost.html alias parameter because the mishandling of a single quote character allows data/conf/route.php injection...
VulnCheck KEV: CVE-2021-29256
Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information...
VulnCheck KEV: CVE-2018-20122
The web interface on FASTGate Fastweb devices with firmware through 0.00.47FW200Askey 2017-05-17 software through 1.0.1b exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges. No authentication...
VulnCheck KEV: CVE-2023-36884
Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web MOTW defenses via a specially crafted malicious file, leading to remote code execution...
VulnCheck KEV: CVE-2022-31374
An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file...
VulnCheck KEV: CVE-2022-44354
SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file...
VulnCheck KEV: CVE-2023-1119
The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin before 2.4.1 use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability...
VulnCheck KEV: CVE-2022-46690
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges...
VulnCheck KEV: CVE-2023-36874
Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation...
VulnCheck KEV: CVE-2023-3460
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild...
VulnCheck KEV: CVE-2023-37580
Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting vulnerability impacting the confidentiality and integrity of data...
VulnCheck KEV: CVE-2019-0623
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'...