4985 matches found
VulnCheck KEV: CVE-2023-25446
HappyFiles Pro is vulnerable to a data modification due to a missing capability check. This could allow actions to be performed by unatuhorised users such as deleting arbitrary files...
VulnCheck KEV: CVE-2021-27877
Veritas Backup Exec BE Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme...
VulnCheck KEV: CVE-2021-27876
Veritas Backup Exec BE Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a data management protocol command to access files on the BE Agent machine...
VulnCheck KEV: CVE-2022-42948
Fortra Cobalt Strike User Interface contains an unspecified vulnerability rooted in Java Swing that may allow remote code execution...
VulnCheck KEV: CVE-2022-27926
Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting vulnerability by allowing an endpoint URL to accept parameters without sanitizing...
VulnCheck KEV: CVE-2022-38181
Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information...
VulnCheck KEV: CVE-2023-25445
HappyFiles Pro is vulnerable to a data modification due to improper authorization methods. This could allow actions to be performed by unatuhorised users such as accessing, modification or data loss...
VulnCheck KEV: CVE-2023-0266
Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user...
VulnCheck KEV: CVE-2021-30900
Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges...
VulnCheck KEV: CVE-2023-29059
3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX...
VulnCheck KEV: CVE-2022-3038
Google Chromium Network Service contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...
VulnCheck KEV: CVE-2023-32435
Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products...
VulnCheck KEV: CVE-2023-28432
MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure...
VulnCheck KEV: CVE-2017-7504
HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server = Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via...
VulnCheck KEV: CVE-2023-28725
General Bytes Crypto Application Server CAS 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in...
VulnCheck KEV: CVE-2023-27637
An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised productid GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL...
VulnCheck KEV: CVE-2022-45813
BeRocket Plugins for WordPress is vulnerable to an authorization bypass in the closenotice, subscribe, disableratenotice, featurerequestsend, getpluginerrorajax, closenotice, and testkey functions which can allow user level subscribers to invoke these admin level functions...
VulnCheck KEV: CVE-2019-19609
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function...
VulnCheck KEV: CVE-2019-18818
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js...
VulnCheck KEV: CVE-2023-26083
Arm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata...
VulnCheck KEV: CVE-2023-27638
An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised tshirtecommercedesigncartid GET parameter in order to exploit an insecure parameter in the functions hookActionCartSave and...
VulnCheck KEV: CVE-2023-30801
All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and...
VulnCheck KEV: CVE-2022-44626
Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.1.20...
VulnCheck KEV: CVE-2018-15133
Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the application encryption key APPKEY environment variable...
VulnCheck KEV: CVE-2023-26360
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution...
VulnCheck KEV: CVE-2023-24880
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web MOTW defenses via a specially crafted malicious file...
VulnCheck KEV: CVE-2023-23397
Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user...
VulnCheck KEV: CVE-2023-21768
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability...
VulnCheck KEV: CVE-2022-41328
Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write files via crafted CLI commands...
VulnCheck KEV: CVE-2021-39144
XStream contains a remote code execution vulnerability that allows an attacker to manipulate the processed input stream and replace or inject objects that result in the execution of a local command on the server. This vulnerability can affect multiple products, including but not limited to VMware...
VulnCheck KEV: CVE-2022-31678
VMware Cloud Foundation NSX-V contains an XML External Entity XXE vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure...
VulnCheck KEV: CVE-2023-23752
Joomla! contains an improper access control vulnerability that allows unauthorized access to webservice endpoints...
VulnCheck KEV: CVE-2022-4931
The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...
VulnCheck KEV: CVE-2022-27228
In the vote aka "Polls, Votes" module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code...
VulnCheck KEV: CVE-2023-20963
Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed...
VulnCheck KEV: CVE-2023-0037
The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
VulnCheck KEV: CVE-2022-21894
Secure Boot Security Feature Bypass Vulnerability...
VulnCheck KEV: CVE-2020-5741
Plex Media Server contains a remote code execution vulnerability that allows an attacker with access to the server administrator's Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it...
VulnCheck KEV: CVE-2023-0586
The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor+ role to inject...
VulnCheck KEV: CVE-2023-0876
The WP Meta SEO WordPress plugin before 4.5.3 does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability...
VulnCheck KEV: CVE-2023-26009
Improper Privilege Management vulnerability in favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3...
VulnCheck KEV: CVE-2023-26540
Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1...
VulnCheck KEV: CVE-2022-41223
The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application...
VulnCheck KEV: CVE-2022-40765
The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system...
VulnCheck KEV: CVE-2022-4257
A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be...
VulnCheck KEV: CVE-2022-36267
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code...
VulnCheck KEV: CVE-2020-15415
DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain an OS command injection vulnerability in cgi-bin/mainfunction.cgi/cvmcfgupload that allows for remote code execution via shell metacharacters in a filename when the text/x-python-script content type is used...
VulnCheck KEV: CVE-2013-4786
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol RAKP authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC...
VulnCheck KEV: CVE-2023-23376
Microsoft Windows Common Log File System CLFS driver contains an unspecified vulnerability that allows for privilege escalation...
VulnCheck KEV: CVE-2022-36537
ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to...