Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2023/04/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-25446

HappyFiles Pro is vulnerable to a data modification due to a missing capability check. This could allow actions to be performed by unatuhorised users such as deleting arbitrary files...

7.7CVSS7.4AI score0.00348EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-27877

Veritas Backup Exec BE Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme...

9.8CVSS7.4AI score0.6491EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/03 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-27876

Veritas Backup Exec BE Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a data management protocol command to access files on the BE Agent machine...

8.1CVSS7.5AI score0.13411EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/30 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-42948

Fortra Cobalt Strike User Interface contains an unspecified vulnerability rooted in Java Swing that may allow remote code execution...

9.8CVSS7.7AI score0.02706EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/30 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-27926

Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting vulnerability by allowing an endpoint URL to accept parameters without sanitizing...

6.1CVSS6.5AI score0.17634EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/29 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-38181

Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information...

8.8CVSS7.4AI score0.12588EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/29 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-25445

HappyFiles Pro is vulnerable to a data modification due to improper authorization methods. This could allow actions to be performed by unatuhorised users such as accessing, modification or data loss...

5.4CVSS7.2AI score0.0021EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/29 12:0 a.m.•6 views

VulnCheck KEV: CVE-2023-0266

Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user...

7.9CVSS6.9AI score0.03702EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/29 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-30900

Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges...

9.3CVSS7.4AI score0.05204EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/29 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-29059

3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX...

7.8CVSS7.3AI score0.04373EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/29 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-3038

Google Chromium Network Service contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...

8.8CVSS7.5AI score0.24738EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/27 12:0 a.m.•9 views

VulnCheck KEV: CVE-2023-32435

Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products...

8.8CVSS7.6AI score0.22951EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/24 12:0 a.m.•7 views

VulnCheck KEV: CVE-2023-28432

MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure...

7.5CVSS7.3AI score0.83957EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/23 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-7504

HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server = Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via...

9.8CVSS7.8AI score0.29323EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/21 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-28725

General Bytes Crypto Application Server CAS 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in...

9.1CVSS7.6AI score0.20614EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/21 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-27637

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised productid GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL...

9.8CVSS7.2AI score0.03299EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/21 12:0 a.m.•7 views

VulnCheck KEV: CVE-2022-45813

BeRocket Plugins for WordPress is vulnerable to an authorization bypass in the closenotice, subscribe, disableratenotice, featurerequestsend, getpluginerrorajax, closenotice, and testkey functions which can allow user level subscribers to invoke these admin level functions...

5.8AI score0.00227EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/21 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-19609

The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function...

9CVSS7.3AI score0.54081EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/21 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-18818

strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js...

9.8CVSS7.3AI score0.97639EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/21 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-26083

Arm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata...

3.3CVSS6.7AI score0.01417EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/21 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-27638

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised tshirtecommercedesigncartid GET parameter in order to exploit an insecure parameter in the functions hookActionCartSave and...

9.8CVSS7.2AI score0.03299EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/19 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-30801

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and...

9.8CVSS7.3AI score0.00908EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/17 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-44626

Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.1.20...

6.3CVSS7.3AI score0.00397EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/17 12:0 a.m.•6 views

VulnCheck KEV: CVE-2018-15133

Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the application encryption key APPKEY environment variable...

8.1CVSS7.3AI score0.76814EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/14 12:0 a.m.•9 views

VulnCheck KEV: CVE-2023-26360

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution...

9.8CVSS7.7AI score0.97339EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/14 12:0 a.m.•7 views

VulnCheck KEV: CVE-2023-24880

Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web MOTW defenses via a specially crafted malicious file...

4.4CVSS6.9AI score0.78152EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-23397

Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user...

9.8CVSS7.1AI score0.97408EPSS
Exploits18References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/14 12:0 a.m.•6 views

VulnCheck KEV: CVE-2023-21768

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability...

7.8CVSS7.1AI score0.65417EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/09 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-41328

Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write files via crafted CLI commands...

7.1CVSS7.3AI score0.12316EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/08 12:0 a.m.•7 views

VulnCheck KEV: CVE-2021-39144

XStream contains a remote code execution vulnerability that allows an attacker to manipulate the processed input stream and replace or inject objects that result in the execution of a local command on the server. This vulnerability can affect multiple products, including but not limited to VMware...

8.5CVSS7.6AI score0.98124EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/08 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-31678

VMware Cloud Foundation NSX-V contains an XML External Entity XXE vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure...

9.1CVSS7.1AI score0.08085EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/08 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-23752

Joomla! contains an improper access control vulnerability that allows unauthorized access to webservice endpoints...

5.3CVSS6.5AI score0.99827EPSS
Exploits43References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/07 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-4931

The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00458EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/07 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-27228

In the vote aka "Polls, Votes" module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code...

10CVSS7.5AI score0.20318EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-20963

Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed...

7.8CVSS7.4AI score0.01445EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-0037

The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

9.8CVSS7.4AI score0.03911EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/03/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-21894

Secure Boot Security Feature Bypass Vulnerability...

4.9CVSS6.3AI score0.06567EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/02/27 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-5741

Plex Media Server contains a remote code execution vulnerability that allows an attacker with access to the server administrator's Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it...

7.2CVSS7.8AI score0.72936EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2023/02/24 12:0 a.m.•6 views

VulnCheck KEV: CVE-2023-0586

The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor+ role to inject...

6.4CVSS6.4AI score0.02526EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/02/24 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-0876

The WP Meta SEO WordPress plugin before 4.5.3 does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability...

6.1CVSS6.5AI score0.00713EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/02/23 12:0 a.m.•2 views

VulnCheck KEV: CVE-2023-26009

Improper Privilege Management vulnerability in favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3...

9.8CVSS7.3AI score0.0273EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/02/23 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-26540

Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1...

9.8CVSS7.3AI score0.0273EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/02/21 12:0 a.m.•10 views

VulnCheck KEV: CVE-2022-41223

The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application...

6.8CVSS7AI score0.10571EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/02/21 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-40765

The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system...

6.8CVSS7AI score0.10481EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/02/15 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-4257

A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be...

9.8CVSS7AI score0.4393EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/02/15 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-36267

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code...

9.8CVSS7.4AI score0.53752EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2023/02/15 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-15415

DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain an OS command injection vulnerability in cgi-bin/mainfunction.cgi/cvmcfgupload that allows for remote code execution via shell metacharacters in a filename when the text/x-python-script content type is used...

9.8CVSS7.5AI score0.84599EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/02/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-4786

The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol RAKP authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC...

7.8CVSS7.2AI score0.81802EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/02/14 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-23376

Microsoft Windows Common Log File System CLFS driver contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.3AI score0.10853EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/02/14 12:0 a.m.•1 views

VulnCheck KEV: CVE-2022-36537

ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to...

7.5CVSS7.3AI score0.95335EPSS
Exploits5References1
Total number of security vulnerabilities4985