Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2022/12/19 12:0 a.m.7 views

VulnCheck KEV: CVE-2021-25082

The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpbtype parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via...

8.8CVSS7.2AI score0.05365EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/13 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-42837

An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, watchOS 9.2. A remote user may be able to cause unexpected app termination or arbitrary code executi...

9.8CVSS7.5AI score0.02062EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/13 12:0 a.m.1 views

VulnCheck KEV: CVE-2022-42848

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges...

7.8CVSS7.4AI score0.00286EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/13 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-27518

Citrix Application Delivery Controller ADC and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator...

9.8CVSS7.6AI score0.06931EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-42855

A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to use arbitrary entitlements...

7.1CVSS7.1AI score0.00525EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/13 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-42861

This issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2. An app may be able to break out of its sandbox...

8.8CVSS7.2AI score0.0027EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-46703

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. An app may be able to read sensitive location information...

5.5CVSS6AI score0.00221EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/13 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-46692

A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy...

5.5CVSS6.8AI score0.00197EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/13 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-44698

Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web MOTW defenses via a specially crafted malicious file...

5.4CVSS7AI score0.76106EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/13 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-42864

A race condition was addressed with improved state handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges...

7CVSS7.3AI score0.00856EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/13 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-23496

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2, watchOS 9.3, iOS 15.7.2 and iPadOS 15.7.2, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7.5AI score0.0089EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-46694

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2, watchOS 9.2. Parsing a maliciously crafted video file may lead to kernel code execution...

7.8CVSS7.2AI score0.00352EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/13 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-42846

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2. Parsing a maliciously crafted video file may lead to unexpected system termination...

5.5CVSS6AI score0.00335EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/13 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-46689

A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges...

7CVSS7.4AI score0.44678EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/13 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-42840

The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to execute arbitrary code with kernel privileges...

7.8CVSS7.4AI score0.00372EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/13 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-46691

A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7.5AI score0.01508EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-46700

A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7.5AI score0.01204EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/13 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-46705

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing...

4.3CVSS6.5AI score0.00965EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/13 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-42852

The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory...

6.5CVSS6.7AI score0.00939EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/13 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-46695

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Visiting a website that frames malicious content may lead to UI...

6.5CVSS6.6AI score0.01309EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/13 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-46718

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information...

5.5CVSS6AI score0.00357EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/13 12:0 a.m.7 views

VulnCheck KEV: CVE-2022-40303

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault...

7.5CVSS6.9AI score0.22791EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-40304

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked...

7.8CVSS6.8AI score0.06782EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-42475

Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests...

9.8CVSS8AI score0.99474EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-31199

Netwrix Auditor User Activity Video Recording component contains an insecure objection deserialization vulnerability that allows an unauthenticated, remote attacker to execute code as the NT AUTHORITY\SYSTEM user. Successful exploitation requires that the attacker is able to reach port...

9.8CVSS7.6AI score0.36009EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/06 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-34538

Digital Watchdog DW MEGApix IP cameras A7.2.220211029 was discovered to contain a command injection vulnerability in the component /admin/vca/bia/addacph.cgi. This vulnerability is exploitable via a crafted POST request...

8.8CVSS7.3AI score0.02729EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/06 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-46422

Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication...

10CVSS7.4AI score0.9475EPSS
Exploits20References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/06 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-37061

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow...

9.8CVSS7.5AI score0.99618EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/06 12:0 a.m.6 views

VulnCheck KEV: CVE-2018-12613

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include view and potentially execute files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An...

8.8CVSS6.9AI score0.98391EPSS
Exploits21References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/05 12:0 a.m.9 views

VulnCheck KEV: CVE-2022-26523

Avast Anti Rootkit kernel driver user controlled length in aswArPot+0xbb94...

7.4AI score0.0025EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/05 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-17228

includes/options.php in the motors-car-dealership-classified-listings aka Motors - Car Dealer & Classified Ads plugin through 1.4.0 for WordPress allows unauthenticated options changes...

6.5CVSS6.6AI score0.01153EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/05 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-24170

The REST API endpoint getusers in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the uploadfiles capability. This included password hashes, hashed user activation keys, usernames, emails, and other less...

7.5CVSS7.1AI score0.04788EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/05 12:0 a.m.3 views

VulnCheck KEV: CVE-2014-4725

The MailPoet Newsletters wysija-newsletters plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/...

7.5CVSS6.1AI score0.59682EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/05 12:0 a.m.6 views

VulnCheck KEV: CVE-2020-6168

A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenticated users with basic access to enable and disable maintenance-mode settings impacting the availability and confidentiality of a vulnerable site, along with the integrity of the setting...

7.6CVSS7.1AI score0.01953EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/05 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-9043

The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key...

9CVSS7.3AI score0.08173EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/05 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-12075

The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions...

8.8CVSS6.8AI score0.01042EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/05 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-26522

Avast Anti Rootkit kernel driver user controlled length in aswArPot+0xc4a3...

7.4AI score0.00217EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/05 12:0 a.m.2 views

VulnCheck KEV: CVE-2017-16562

The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the upautolog parameter in the QUERYSTRING to the default URI...

9.8CVSS7.2AI score0.27369EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/05 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-24311

The wpajaxupload-remote-file AJAX action of the External Media WordPress plugin before 1.0.34 was vulnerable to arbitrary file uploads via any authenticated users...

8.8CVSS7.4AI score0.01775EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2022/11/30 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-42298

Microsoft Defender Remote Code Execution Vulnerability...

9.3CVSS7.4AI score0.05462EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/11/30 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-42856

Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution...

8.8CVSS7.5AI score0.08523EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/11/30 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-34481

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change,...

9.8CVSS8AI score0.45423EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2022/11/29 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-4262

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft...

8.8CVSS7.5AI score0.16109EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2022/11/28 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-35587

Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to takeover the Access Manager product...

9.8CVSS7.1AI score0.96284EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2022/11/26 12:0 a.m.8 views

VulnCheck KEV: CVE-2022-45363

Auth. subscriber+ Stored Cross-Site Scripting XSS in Muffingroup Betheme theme = 26.6.1 on WordPress...

5.4CVSS6AI score0.00383EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/11/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-34721

Windows Internet Key Exchange IKE Protocol Extensions Remote Code Execution Vulnerability...

9.8CVSS7.5AI score0.75711EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/11/25 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-45353

Broken Access Control in Betheme theme = 26.6.1 on WordPress...

8.1CVSS7.2AI score0.00497EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/11/24 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-37661

SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution RCE via the ping host feature...

9.8CVSS7.4AI score0.36187EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2022/11/24 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-45352

Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1...

5.4CVSS5.8AI score0.00405EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/11/23 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-45356

Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1...

8.8CVSS5.8AI score0.00536EPSS
Exploits0References1
Total number of security vulnerabilities4985