Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2023/05/12 12:0 a.m.•5 views

VulnCheck KEV: CVE-2010-3904

Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets RDS protocol implementation that allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls...

7.8CVSS6.6AI score0.11217EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
•added 2023/05/12 12:0 a.m.•3 views

VulnCheck KEV: CVE-2015-5317

Jenkins User Interface UI contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages...

7.5CVSS7.3AI score0.22429EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/05/12 12:0 a.m.•5 views

VulnCheck KEV: CVE-2016-8735

Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension JMX ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues...

9.8CVSS7.7AI score0.90338EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/05/12 12:0 a.m.•4 views

VulnCheck KEV: CVE-2014-0196

Linux Kernel contains a race condition vulnerability within the nttywrite function that allows local users to cause a denial-of-service DoS or gain privileges via read and write operations with long strings...

6.9CVSS6.4AI score0.22475EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2023/05/11 12:0 a.m.•7 views

VulnCheck KEV: CVE-2023-32244

Improper Privilege Management vulnerability in XTemos Woodmart Core allows Privilege Escalation.This issue affects Woodmart Core: from n/a through 1.0.36...

9.8CVSS7.3AI score0.00789EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/05/11 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-30777

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins = 6.1.5 versions...

7.1CVSS7AI score0.38768EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2023/05/11 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-32242

Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme.This issue affects WoodMart - Multipurpose WooCommerce Theme: from n/a through 1.0.36...

9.8CVSS7.3AI score0.00798EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/05/10 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-45354

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60...

7.5CVSS7.1AI score0.38083EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/05/09 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-24932

Secure Boot Security Feature Bypass Vulnerability...

6.7CVSS7.1AI score0.10561EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/05/09 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-29336

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges...

7.8CVSS7.3AI score0.40919EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2023/05/08 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-25717

Ruckus Wireless Access Point AP software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery CSRF or remote code execution RCE. This vulnerability impacts Ruckus...

9.8CVSS8AI score0.95326EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/05/05 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-27856

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002...

9.8CVSS7.2AI score0.05598EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/05/03 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-27372

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...

9.8CVSS7.4AI score0.99637EPSS
Exploits23References1
VulnCheck KEV
VulnCheck KEV
•added 2023/05/02 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-33035

Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow...

7.8CVSS7.1AI score0.50563EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/05/02 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-31602

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicationContext-spring-security.xml...

7.5CVSS7.2AI score0.51653EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2023/05/02 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-1118

Connected Components Workbench v13.00.00 and prior, ISaGRAF Workbench v6.0 though v6.6.9, and Safety Instrumented System Workstation v1.2 and prior for Trusted Controllers do not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that,...

8.6CVSS7.1AI score0.11368EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/05/02 12:0 a.m.•5 views

VulnCheck KEV: CVE-2018-5713

In Malwarefox Anti-Malware 2.72.169, the driver file zam64.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002010...

7.8CVSS7.2AI score0.01056EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/05/02 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-30136

Windows Network File System Remote Code Execution Vulnerability...

10CVSS7.5AI score0.74677EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/05/02 12:0 a.m.•2 views

VulnCheck KEV: CVE-2021-43287

An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers...

7.5CVSS7.1AI score0.28039EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/05/02 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-30869

Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1...

9.8CVSS7.3AI score0.031EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/05/01 12:0 a.m.•2 views

VulnCheck KEV: CVE-2023-28204

Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari...

6.5CVSS7.1AI score0.14292EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/05/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-32373

Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple...

8.8CVSS7.8AI score0.12172EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/05/01 12:0 a.m.•2 views

VulnCheck KEV: CVE-2023-21839

Oracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server...

7.5CVSS7.3AI score0.99811EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/28 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-27351

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 Build 63914. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper...

8.2CVSS7.4AI score0.7842EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/27 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-29013

A command injection in the command parameter of Razer Sila Gaming Router v2.0.441api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request...

9.8CVSS7.6AI score0.77136EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/27 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-31290

Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023. This occurs because the mt19937 Mersenne Twister takes a single 32-bit value as an input...

5.9CVSS6.2AI score0.00983EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/26 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-27532

Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This...

7.5CVSS7.3AI score0.7761EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/25 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-29552

The Service Location Protocol SLP contains a denial-of-service DoS vulnerability that could allow an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a denial-of-service DoS attack with a significant amplification factor...

7.5CVSS7.3AI score0.65873EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/24 12:0 a.m.•8 views

VulnCheck KEV: CVE-2023-24055

KeePass through 2.53 in a default installation allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who...

5.5CVSS6.2AI score0.03661EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/18 12:0 a.m.•1 views

VulnCheck KEV: CVE-2020-8949

Gocloud S2AWL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters in a ping operation, as demonstrated by the...

9CVSS7.6AI score0.02829EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/18 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-27350

PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system...

9.8CVSS7.8AI score0.99999EPSS
Exploits24References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/17 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-6742

The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload...

9CVSS7.6AI score0.21424EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-4290

The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the 'ctlsanitizetitle' function in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This potentially...

8.8CVSS7.4AI score0.00766EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-29492

Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account...

9.8CVSS7.7AI score0.0269EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/12 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-2136

Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other...

9.6CVSS7.5AI score0.05786EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/12 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-1389

TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution...

8.8CVSS7.6AI score0.99999EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/11 12:0 a.m.•2 views

VulnCheck KEV: CVE-2021-22713

A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 see security notifcation for affected versions, which could cause the meter to reboot...

7.8CVSS7.3AI score0.01185EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/11 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-28252

Microsoft Windows Common Log File System CLFS driver contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.3AI score0.48973EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/11 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-38153

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

5.9CVSS6.8AI score0.05773EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/11 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-2033

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft...

8.8CVSS7.5AI score0.40798EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/07 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-28206

Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges...

8.6CVSS7.6AI score0.24513EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/07 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-1930

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfcclearcacheofallsitescallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to...

4.3CVSS6.6AI score0.00389EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/07 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-28205

Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which...

8.8CVSS7.6AI score0.27076EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/07 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-1931

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform...

4.3CVSS6.6AI score0.00389EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/07 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-1928

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfcpreloadsinglecallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to...

4.3CVSS6.6AI score0.00386EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/06 12:0 a.m.•1 views

VulnCheck KEV: CVE-2023-1929

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfcpurgecachevarnishcallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access...

4.3CVSS6.6AI score0.00389EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/06 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-4940

The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions...

7.3CVSS6.9AI score0.01084EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/05 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-29389

Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle by accessing the control CAN bus after pulling the bumper away and reaching the headlight connector, and then sending forged "Key is validated"...

6.8CVSS6.7AI score0.00655EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/03 12:0 a.m.•2 views

VulnCheck KEV: CVE-2021-27878

Veritas Backup Exec BE Agent contains a command execution vulnerability that could allow an attacker to use a data management protocol command to execute a command on the BE Agent machine...

9CVSS7.7AI score0.23952EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2023/04/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-29218

The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service reduction of reputation score by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as...

7.5CVSS7.1AI score0.01091EPSS
Exploits0References1
Total number of security vulnerabilities4985