Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2023/01/23 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-41990

Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file...

7.8CVSS7.7AI score0.01145EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/23 12:0 a.m.2 views

VulnCheck KEV: CVE-2021-24918

The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages...

5.4CVSS5.9AI score0.00654EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/22 12:0 a.m.8 views

VulnCheck KEV: CVE-2023-24059

Grand Theft Auto V for PC allows attackers to achieve partial remote code execution or modify files on a PC, as exploited in the wild in January 2023...

7.3CVSS7.7AI score0.01515EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-47615

Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions...

9.8CVSS7.3AI score0.05063EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-45808

SQL Injection vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions...

9.9CVSS7.4AI score0.04269EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/19 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-24258

The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...

5.4CVSS6.1AI score0.00626EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/19 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-47966

Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario...

9.8CVSS8AI score0.99753EPSS
Exploits15References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/18 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-24164

In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wpajaxnfoauth, and retrieve the connection url needed to establish a connection. They could also retrieve the clientid for an already established OAuth...

4.3CVSS5.8AI score0.00889EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/17 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-39197

Fortra Cobalt Strike contains a cross-site scripting XSS vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code remotely...

6.1CVSS7AI score0.46446EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/17 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-0456

Use after free in Web Search in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via profile destruction...

8.8CVSS7AI score0.0073EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/17 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-23714

A local privilege escalation LPE issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account...

7.8CVSS7.1AI score0.00231EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/17 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-24500

Windows SMB Remote Code Execution Vulnerability...

8.8CVSS7.5AI score0.38165EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/14 12:0 a.m.2 views

VulnCheck KEV: CVE-2023-23488

The Paid Memberships Pro WordPress Plugin, version 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route...

9.8CVSS7.4AI score0.9246EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/13 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-27510

Unauthorized access to Gateway user capabilities...

9.8CVSS7.4AI score0.01231EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/12 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-31474

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1...

7.5CVSS7.2AI score0.63761EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/12 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-2486

A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This affects an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade. The manipulation of the argument key leads to os command injection. The exploit has been disclosed to the public and may be used...

9.8CVSS6.9AI score0.2605EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-31499

Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256...

10CVSS7.5AI score0.97136EPSS
Exploits19References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-42889

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the...

9.8CVSS6.9AI score0.99931EPSS
Exploits41References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-34429

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc...

5.3CVSS6.7AI score0.99298EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/11 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-24184

Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions...

8.8CVSS7.3AI score0.01439EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/11 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-24183

The tutorquizbuildergetquestionform AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students...

6.5CVSS6.7AI score0.01742EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/11 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-24527

The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such...

10CVSS7.2AI score0.07696EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/11 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-44877

CWP Control Web Panel formerly CentOS Web Panel contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter...

9.8CVSS7.6AI score0.99995EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/10 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-4700

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpractivaterequiredtheme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the...

8.8CVSS7.2AI score0.00818EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/10 12:0 a.m.7 views

VulnCheck KEV: CVE-2022-4705

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprfinalsettingssetup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to finalize activation of...

4.3CVSS6.5AI score0.00603EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/10 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-21674

Microsoft Windows Advanced Local Procedure Call ALPC contains an unspecified vulnerability that allows for privilege escalation...

8.8CVSS7.4AI score0.41538EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/10 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-4711

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify...

4.3CVSS6.5AI score0.00688EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/10 12:0 a.m.3 views

VulnCheck KEV: CVE-2015-2291

Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service DoS...

7.8CVSS7.3AI score0.09011EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/10 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-2877

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the...

8.8CVSS7.4AI score0.22452EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/10 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-4709

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprimportlibrarytemplate' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import and activate...

6.5CVSS6.9AI score0.00603EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/10 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-4702

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprfixroyalcompatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to deactivate every plugin...

6.5CVSS6.9AI score0.00798EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/08 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-46169

Cacti contains a command injection vulnerability that allows an unauthenticated user to execute code...

9.8CVSS7.5AI score0.99826EPSS
Exploits48References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/06 12:0 a.m.8 views

VulnCheck KEV: CVE-2023-22278

m-FILTER prior to Ver.5.70R01 Ver.5 Series and m-FILTER prior to Ver.4.87R04 Ver.4 Series allows a remote unauthenticated attacker to bypass authentication and send users' unintended email when email is being sent under the certain conditions. The attacks exploiting this vulnerability have...

5.3CVSS6.1AI score0.00706EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/04 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-22952

Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates...

8.8CVSS8AI score0.80274EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/03 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-3805

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

8.6CVSS7.1AI score0.01594EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/30 12:0 a.m.6 views

VulnCheck KEV: CVE-2019-17232

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import...

7.5CVSS7.3AI score0.03518EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/30 12:0 a.m.10 views

VulnCheck KEV: CVE-2016-10972

The newspaper theme before 6.7.2 for WordPress has a lack of options access control via tdajaxupdatepanel...

9.8CVSS7.4AI score0.09268EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/30 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-17233

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection...

6.1CVSS7AI score0.01843EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/29 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-5430

TIBCO JasperReports Server contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files...

8.8CVSS7.3AI score0.48753EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/29 12:0 a.m.5 views

VulnCheck KEV: CVE-2018-18809

TIBCO JasperReports Library contains a directory-traversal vulnerability that may allow web server users to access contents of the host system...

9.9CVSS7.1AI score0.79064EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/26 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-4060

The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it...

9.8CVSS7.4AI score0.42723EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-45359

Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin = 3.19.0 on WordPress...

9.8CVSS7.3AI score0.13514EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2017-17106

Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages...

10CVSS7.3AI score0.15256EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-20057

An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter...

9CVSS7.6AI score0.07396EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2017-17105

Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 and possibly in-between versions web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a...

10CVSS7.5AI score0.84558EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-31137

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocessexecute function without processing the inputs received from the user in...

10CVSS8AI score0.90387EPSS
Exploits15References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/21 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-30023

Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function...

9CVSS7.5AI score0.43638EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-33891

Apache Spark contains a command injection vulnerability via Spark User Interface UI when Access Control Lists ACLs are enabled...

8.8CVSS7.4AI score0.92984EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-7209

LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2...

9.8CVSS7.8AI score0.98846EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/20 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-41080

Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote code execution...

9.8CVSS7.2AI score0.99964EPSS
Exploits11References1
Total number of security vulnerabilities4985