Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2023/10/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-42793

JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server...

9.8CVSS8AI score0.99979EPSS
Exploits17References1
VulnCheck KEV
VulnCheck KEV
•added 2023/10/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-40044

Progress WSFTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system...

10CVSS7.6AI score0.9015EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/29 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-5201

The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the php shortcode setting to...

9.9CVSS7.6AI score0.01429EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/28 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-14667

Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via...

9.8CVSS7.4AI score0.74171EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/28 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-6345

Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a malicious file. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other produc...

9.6CVSS7.5AI score0.1963EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/27 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-23957

Navigations through the Android-specific intent URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox 85...

7.4CVSS7.1AI score0.00793EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/27 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-1801

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy...

6.5CVSS7.1AI score0.01515EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/27 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-5840

Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

4.3CVSS7AI score0.01061EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/27 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-20109

Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN GET VPN feature that could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute malicious code or cause a device to crash...

6.6CVSS7AI score0.02344EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/25 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-5217

Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome...

8.8CVSS7.2AI score0.49013EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/19 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-41179

Trend Micro Apex One and Worry-Free Business Security contain an unspecified vulnerability in the third-party anti-virus uninstaller that could allow an attacker to manipulate the module to conduct remote code execution. An attacker must first obtain administrative console access on the target...

7.2CVSS7.5AI score0.04739EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/18 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-9621

Synacor Zimbra Collaboration Suite ZCS contains a server-side request forgery SSRF vulnerability via the ProxyServlet component...

7.5CVSS7.1AI score0.80906EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/18 12:0 a.m.•14 views

VulnCheck KEV: CVE-2023-4211

Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory...

5.5CVSS6.9AI score0.01361EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/18 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-21746

Windows NTLM Elevation of Privilege Vulnerability...

7.8CVSS7.1AI score0.02517EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/18 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-5054

The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated...

5.8CVSS6.7AI score0.00542EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/15 12:0 a.m.•6 views

VulnCheck KEV: CVE-2023-4994

The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.0.4 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server...

9.9CVSS7.2AI score0.00748EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/12 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-41954

Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1...

8.6CVSS5.8AI score0.01397EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/12 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-26369

Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution...

7.8CVSS7.4AI score0.07036EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/12 12:0 a.m.•8 views

VulnCheck KEV: CVE-2023-36802

Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.3AI score0.261EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/12 12:0 a.m.•7 views

VulnCheck KEV: CVE-2023-36761

Microsoft Word contains an unspecified vulnerability that allows for information disclosure...

6.5CVSS7AI score0.18959EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/12 12:0 a.m.•7 views

VulnCheck KEV: CVE-2023-41991

Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation...

5.5CVSS7AI score0.04547EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/12 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-41993

Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which...

8.8CVSS7.6AI score0.29179EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/12 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-41992

Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation...

7.8CVSS7.3AI score0.02918EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/07 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-4666

The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE...

9.8CVSS7.4AI score0.03283EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/07 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-41061

Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chained with CVE-2023-41064...

7.8CVSS7.4AI score0.15263EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/07 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-41064

Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-2023-41061...

7.8CVSS7.6AI score0.15263EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-25115

Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems...

10CVSS6.1AI score0.08674EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-7307

Sangfor Behavior Management System also referred to as DC Management System in Chinese-language documentation contains an XML external entity XXE injection vulnerability in the /src/sangforindex endpoint. A remote unauthenticated attacker can submit crafted XML data containing external entity...

8.7CVSS5.8AI score0.00482EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/06 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-4863

Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec...

8.8CVSS7.2AI score0.99735EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/05 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-2295

Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.3AI score0.01236EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/05 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-35674

Android Framework contains an unspecified vulnerability that allows for privilege escalation...

8.8CVSS7.2AI score0.02203EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/09/04 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-28434

MinIO contains a security feature bypass vulnerability that allows an attacker to use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket to conduct privilege escalation. To carry out this attack, the attacker requires...

8.8CVSS7.4AI score0.06736EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/30 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-38204

Adobe ColdFusion versions 2018u18 and earlier, 2021u8 and earlier and 2023u2 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction...

9.8CVSS7.5AI score0.65488EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/30 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-29300

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution...

9.8CVSS7.5AI score0.99984EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/30 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-35708

In Progress MOVEit Transfer before 2021.0.8 13.0.8, 2021.1.6 13.1.6, 2022.0.6 14.0.6, 2022.1.7 14.1.7, and 2023.0.3 15.0.3, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access...

9.8CVSS7.4AI score0.96682EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/29 12:0 a.m.•8 views

VulnCheck KEV: CVE-2023-36844

Juniper Junos OS on EX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables, leading to...

5.3CVSS7AI score0.89628EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/29 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-4596

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the uploadpostimage function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to...

9.8CVSS7.3AI score0.12749EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/29 12:0 a.m.•9 views

VulnCheck KEV: CVE-2023-36846

Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication, an attacker is...

5.3CVSS6.2AI score0.94205EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/29 12:0 a.m.•9 views

VulnCheck KEV: CVE-2023-36847

Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication, an...

5.3CVSS6.2AI score0.84692EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/29 12:0 a.m.•9 views

VulnCheck KEV: CVE-2023-36851

Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication,...

5.3CVSS6.2AI score0.01091EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/29 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-20269

Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or establish a clientless SSL VPN...

9.1CVSS7.3AI score0.21583EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/29 12:0 a.m.•8 views

VulnCheck KEV: CVE-2023-36845

Juniper Junos OS on EX Series and SRX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control an important environment variable. Using a crafted request, which sets the variable PHPRC, an attacker is able to modify the...

9.8CVSS7AI score0.93546EPSS
Exploits25References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/28 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-33246

Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running...

9.8CVSS7.5AI score0.96604EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/23 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-6693

Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key...

6.5CVSS6.7AI score0.05663EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/22 12:0 a.m.•6 views

VulnCheck KEV: CVE-2023-38035

Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration...

9.8CVSS7.5AI score0.99949EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/22 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-38389

JupiterX Core Plugin for WordPress is vulnerable to a privilege escalation vulnerability...

9.8CVSS7.1AI score0.01153EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/21 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-26359

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user...

9.8CVSS7.8AI score0.17937EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/19 12:0 a.m.•6 views

VulnCheck KEV: CVE-2023-40711

Veilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelope receipt, which allows remote attackers to cause a denial of service out-of-memory abort via crafted packet data, as exploited in the wild in August 2023...

7.5CVSS7.2AI score0.00741EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/17 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-3722

An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier...

9.8CVSS7.8AI score0.03334EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/08/17 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-1000367

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation embedded spaces in the getprocessttyname function resulting in information disclosure and command execution...

6.9CVSS6.9AI score0.08018EPSS
Exploits8References1
Total number of security vulnerabilities4985