CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2022/03/08 12:0 a.m.•145 views

KB5011487: Windows 10 Version 20H2 / 21H1 / 21H2 Security Update (March 2022)

The remote Windows host is missing security update 5011487. It is, therefore, affected by multiple vulnerabilities: - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. CVE-2022-23283, CVE-2022-23284, CVE-2022-23291, CVE-2022-24459, CVE-2022-23296,...

9CVSS7.6AI score0.56376EPSS

Exploits0References32

OSV•added 2022/03/04 1:51 p.m.•8 views

SUSE-SU-2022:0735-1 Security update for zsh

This update for zsh fixes the following issues: - CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be executed related to prompt expansion bsc1196435. - CVE-2019-20044: Fixed a vulnerability where shell privileges would not be properly dropped when unsetting the PRIVILEG...

7.8CVSS7.8AI score0.0198EPSS

Exploits0References5

CNVD•added 2022/03/01 12:0 a.m.•12 views

Command Execution Vulnerability in TOTOLINK A850R

The A850R is a Gigabit dual band wireless router. A command execution vulnerability exists in the TOTOLINK A850R, which can be exploited by an attacker to gain control of the server...

7.5AI score

Vulnrichment•added 2022/02/28 3:45 p.m.•3 views

CVE-2022-24711 Remote CLI Command Execution Vulnerability in CodeIgniter4

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerabilit...

9.4CVSS9.6AI score0.01127EPSS

ATTACKERKB•added 2022/02/24 3:15 p.m.•3 views

CVE-2022-25101

A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file...

7.8CVSS7.4AI score0.01146EPSS

Exploits1References2

CNVD•added 2022/02/21 12:0 a.m.•21 views

Command Execution Vulnerability in SuperMap iServer 10i of Beijing SuperMap Software Co.

SuperMap iServer is a cloud GIS application server based on high-performance cross-platform GIS kernel. A command execution vulnerability exists in SuperMap iServer 10i of Beijing SuperMap Software Co. Ltd. that can be exploited by an attacker to gain control of the server...

7.5AI score

CNVD•added 2022/02/18 12:0 a.m.•15 views

Command Execution Vulnerability in BossCMS of Wenzhou Huyin Information Technology Co.

BossCMS is a content management system based on self-developed PHP framework MySQL architecture developed by Wenzhou Huyin Information Technology Co. A command execution vulnerability exists in BossCMS, which can be exploited to gain server privileges...

7.5AI score

CNVD•added 2022/02/14 12:0 a.m.•63 views

Command Execution Vulnerability in Sunflower Personal Edition for Windows at Shanghai Berry Information Technology Co.

Sunflower is a free, all-in-one remote control management tool software that integrates remote control of computer and cell phone, remote desktop connection, remote boot, remote management, and intranet penetration support. Ltd. Sunflower Personal Edition for Windows has a command execution...

7.8AI score

NVD•added 2022/02/11 6:15 p.m.•15 views

CVE-2022-24927

Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allows attackers to execute video files without permission...

9.8CVSS0.00336EPSS

OSV•added 2022/02/11 6:15 p.m.•8 views

CVE-2020-14521

Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition...

9.8CVSS7.7AI score0.01216EPSS

Vulnrichment•added 2022/02/11 5:40 p.m.•6 views

CVE-2020-14521 Mitsubishi Electric Factory Automation Engineering Products Unquoted Search Path or Element

8.3CVSS9.5AI score0.01216EPSS

CISA•added 2022/02/11 12:0 a.m.•41 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerability listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and po...

6.8CVSS2.1AI score0.16342EPSS

Exploits0References5

OSV•added 2022/02/10 7:15 p.m.•3 views

CVE-2021-45364

A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. NOTE: the vendor indicates that there was an error in publishing this CVE Record, and that all parties agree that the affected code was not used in any Statamic product...

9.8CVSS7.4AI score

NVD•added 2022/02/09 5:15 p.m.•17 views

CVE-2022-21927

HEVC Video Extensions Remote Code Execution Vulnerability...

7.8CVSS0.02183EPSS

Cvelist•added 2022/02/09 4:36 p.m.•23 views

CVE-2022-21991 Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability

...

8.1CVSS8.3AI score0.02007EPSS

NCSC•added 2022/02/08 12:0 a.m.•3 views

Vulnerabilities fixed in Microsoft Developer Tools

Vulnerabilities have been fixed in the Kestrel Web Server and Visual Studio Code. The vulnerabilities allow a malicious party to execute arbitrary code or cause a denial-of-service cause. The Denial-of-Service vulnerability with reference CVE-2022-21986 is located in the Kestrel web server. This...

8.1CVSS7.3AI score0.03481EPSS