CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1501 matches found

Cvelist•added 2021/02/10 10:15 p.m.•18 views

CVE-2020-27870

This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1. Authentication is required to exploit this vulnerability. The specific flaw exists within ExportToPDF.aspx. The issue results from the lack of proper...

7.5CVSS6.3AI score0.09308EPSS

Exploits0References1

Zero Day Initiative•added 2021/02/04 12:0 a.m.•63 views

Cisco Multiple Routers DNIAPI Directory Traversal Arbitrary File Creation Vulnerability

This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Cisco RV16x and RV26x routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 443 by default. When...

8.8CVSS2.4AI score0.00445EPSS

Exploits0References1

Zero Day Initiative•added 2021/02/04 12:0 a.m.•40 views

Cisco Multiple Routers RESTCONF file-upload Directory Traversal Arbitrary File Write Vulnerability

6.5CVSS1.8AI score0.00445EPSS

Exploits0References1

CNVD•added 2021/01/22 12:0 a.m.•10 views

NEC ESMPRO Manager Information Disclosure Vulnerability

NEC ESMPRO Manager is a product from Nippon Electric NEC for managing NEC servers. The product supports management monitoring of server CPU load, memory usage, disk usage, server's hard disk protection status and LAN traffic status. A security vulnerability exists in NEC ESMPRO Manager version 6....

7.5CVSS6.4AI score0.04378EPSS

Exploits0References1

NVD•added 2021/01/20 8:15 p.m.•9 views

CVE-2020-27859

This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetEuaLogDownloadAction class. The issue results from the lack of...

7.5CVSS7.3AI score0.04378EPSS

Exploits0References1

Prion•added 2021/01/20 8:15 p.m.•13 views

Design/Logic Flaw

5CVSS7.3AI score0.04378EPSS

Exploits0References1Affected Software1

Zero Day Initiative•added 2020/12/09 12:0 a.m.•40 views

Microsoft SharePoint Site Import Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the ImportWeb function. The issue results from the lack of proper validation of a...

8.8CVSS4.4AI score0.13467EPSS

Exploits0References1

ATTACKERKB•added 2020/11/19 12:0 a.m.•31 views

CVE-2020-28948

ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. Recent assessments: gwillcox-r7 at January 15, 2021 7:39pm UTC reported: Edit: PoC code for this can be found at along with the original advisory. An interesting vulnerability using the...

7.8CVSS7.7AI score0.76873EPSS

Exploits2References10

OSV•added 2020/11/17 2:15 a.m.•1 views

CVE-2020-15349

BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process copy, move, delete as root and changing permissions...

7.8CVSS5.8AI score

Exploits0References2

NVD•added 2020/11/17 2:15 a.m.•6 views

CVE-2020-15349

7.8CVSS7.7AI score0.00186EPSS

Exploits1References2

Prion•added 2020/11/17 2:15 a.m.•38 views

Privilege escalation

7.2CVSS7.7AI score0.00186EPSS

Exploits1References2Affected Software1

CNNVD•added 2020/11/16 12:0 a.m.•3 views

Binarynights Forklift Security Breach

Binarynights Forklift is a file resource management software from the American company Binarynights. The software references the FINDER file manager and directly manages FTP/SFTP/WebDAV, Amazon S3, iDisk, BLUETOOH and other resources. A security vulnerability exists in BinaryNights ForkLift 3.x...

7.8CVSS7.1AI score0.00186EPSS

Exploits1References3

OSV•added 2020/11/12 8:15 p.m.•1 views

CVE-2020-13774

An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and insecure file operations ...

9.9CVSS7.8AI score0.05174EPSS

Exploits0References1

Prion•added 2020/11/12 8:15 p.m.•10 views

Unrestricted file upload

9CVSS9.4AI score0.05174EPSS

Exploits0References1Affected Software1

Cvelist•added 2020/11/12 7:22 p.m.•10 views

CVE-2020-13774

9.6AI score0.05174EPSS

Exploits0References1

OSV•added 2020/10/16 11:15 p.m.•0 views

CVE-2020-16976

An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges...

7.8CVSS7.2AI score0.00416EPSS

Exploits0References1

NVD•added 2020/10/16 11:15 p.m.•15 views

CVE-2020-16976

7.8CVSS0.00416EPSS

Exploits0References1

NVD•added 2020/10/16 11:15 p.m.•18 views

CVE-2020-16980

An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim...

7.8CVSS0.00386EPSS

Exploits0References1

NVD•added 2020/10/16 11:15 p.m.•14 views

CVE-2020-16972

7.8CVSS0.00416EPSS

Exploits0References1

NVD•added 2020/10/16 11:15 p.m.•15 views

CVE-2020-16975

7.8CVSS0.00416EPSS

Exploits0References1

Rows per page