Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2022/11/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-4135

Google Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but...

9.6CVSS7.7AI score0.31864EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/11/22 12:0 a.m.•6 views

VulnCheck KEV: CVE-2022-45349

Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1...

4.3CVSS5.8AI score0.00405EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/11/21 12:0 a.m.•8 views

VulnCheck KEV: CVE-2022-45351

Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1...

5.4CVSS5.8AI score0.00465EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/11/18 12:0 a.m.•8 views

VulnCheck KEV: CVE-2021-25094

The Tatsu WordPress plugin before 3.3.12 addcustomfont action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control...

8.1CVSS7.2AI score0.83535EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2022/11/17 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-45077

Auth. subscriber+ PHP Object Injection vulnerability in Betheme theme = 26.5.1.4 on WordPress...

8.8CVSS7.3AI score0.00615EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/11/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-1599

Windows Spoofing Vulnerability...

5.5CVSS6AI score0.19124EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/11/11 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-41049

Microsoft Windows Mark of the Web MOTW contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features...

5.4CVSS6.9AI score0.02482EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/11/08 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-9810

Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox 66.0.1, Firefox ESR 60.6.1, and Thunderbird 60.6.1...

8.8CVSS7.7AI score0.29514EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2022/11/08 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-41073

Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges...

7.8CVSS7.3AI score0.02389EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/11/08 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-41128

Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution...

8.8CVSS7.7AI score0.24623EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/11/08 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-41125

Microsoft Windows Cryptographic Next Generation CNG Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges...

7.8CVSS7.3AI score0.03021EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/11/08 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-41091

Microsoft Windows Mark of the Web MOTW contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features...

5.4CVSS7AI score0.01986EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/11/08 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-30170

Windows Credential Roaming Service Elevation of Privilege Vulnerability...

7.3CVSS7.3AI score0.0147EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/11/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2016-0095

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of...

7.8CVSS7.1AI score0.04404EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/11/03 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-7199

Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue...

7.8CVSS7.1AI score0.00353EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/11/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-1300

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain...

7.2CVSS5.8AI score0.1218EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2022/11/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-3881

win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka "Win32k NULL Page Vulnerability."...

7.2CVSS5.8AI score0.14835EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2022/10/27 12:0 a.m.•5 views

VulnCheck KEV: CVE-2016-5680

Stack-based buffer overflow in cgi-bin/cgimain in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transferlicense command...

9CVSS7.9AI score0.16752EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2022/10/25 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-3723

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft...

8.8CVSS7.5AI score0.0675EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/10/24 12:0 a.m.•1 views

VulnCheck KEV: CVE-2022-3477

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address...

9.8CVSS7.3AI score0.03546EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/10/24 12:0 a.m.•6 views

VulnCheck KEV: CVE-2018-19321

The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges...

7.8CVSS7.1AI score0.03671EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/10/24 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-26606

A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A...

10CVSS7.4AI score0.02432EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/10/24 12:0 a.m.•7 views

VulnCheck KEV: CVE-2022-26500

The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...

8.8CVSS7.5AI score0.05942EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/10/24 12:0 a.m.•6 views

VulnCheck KEV: CVE-2018-19323

The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges...

9.8CVSS7.2AI score0.08523EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2022/10/24 12:0 a.m.•5 views

VulnCheck KEV: CVE-2018-19322

The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges...

7.8CVSS7AI score0.01872EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/10/24 12:0 a.m.•10 views

VulnCheck KEV: CVE-2022-26504

Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager SCVMM allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe...

9CVSS7.6AI score0.02474EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/10/24 12:0 a.m.•6 views

VulnCheck KEV: CVE-2022-26501

The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...

10CVSS7.5AI score0.04279EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/10/24 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-42827

Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges...

7.8CVSS7.6AI score0.01136EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/10/21 12:0 a.m.•7 views

VulnCheck KEV: CVE-2020-16875

A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an...

9CVSS8AI score0.47145EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2022/10/20 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-41352

Synacor Zimbra Collaboration Suite ZCS allows an attacker to upload arbitrary files using cpio package to gain incorrect access to any other user accounts...

9.8CVSS7.5AI score0.95478EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2022/10/20 12:0 a.m.•7 views

VulnCheck KEV: CVE-2020-3153

Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and...

6.5CVSS7AI score0.28307EPSS
Exploits15References1
VulnCheck KEV
VulnCheck KEV
•added 2022/10/20 12:0 a.m.•2 views

VulnCheck KEV: CVE-2020-3433

Cisco AnyConnect Secure Mobility Client for Windows interprocess communication IPC channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM...

7.8CVSS7.1AI score0.10049EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2022/10/20 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-3493

The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation...

8.8CVSS6.9AI score0.43988EPSS
Exploits27References1
VulnCheck KEV
VulnCheck KEV
•added 2022/10/11 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-41033

Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.3AI score0.01777EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/10/11 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-42458

Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered...

9.8CVSS7.2AI score0.01078EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/10/10 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-40684

Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests...

9.8CVSS7.3AI score0.99984EPSS
Exploits25References1
VulnCheck KEV
VulnCheck KEV
•added 2022/10/05 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-35914

Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed...

9.8CVSS8AI score0.99628EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
•added 2022/10/04 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-16098

The driver in Micro-Star MSI Afterburner 4.6.2.15658 aka RTCore64.sys and RTCore32.sys allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure...

7.8CVSS7.8AI score0.18188EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2022/09/30 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-36804

Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to a private one, can execute code by sending a malicious HTTP request...

8.8CVSS7.5AI score0.99077EPSS
Exploits24References1
VulnCheck KEV
VulnCheck KEV
•added 2022/09/29 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-41082

Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution...

8.8CVSS7.2AI score0.99964EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
•added 2022/09/29 12:0 a.m.•6 views

VulnCheck KEV: CVE-2022-41040

Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution...

8.8CVSS7.2AI score0.99964EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
•added 2022/09/28 12:0 a.m.•4 views

VulnCheck KEV: CVE-2012-4867

Directory traversal vulnerability in modules/comvtigerworkflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. dot dot in the modulename parameter...

5CVSS5.9AI score0.03496EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/09/22 12:0 a.m.•7 views

VulnCheck KEV: CVE-2022-35405

Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability that allows for remote code execution...

9.8CVSS7.7AI score0.9994EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2022/09/18 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-40769

profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022...

7.5CVSS7.1AI score0.01036EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/09/16 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-3236

A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution...

9.8CVSS7.7AI score0.98905EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/09/15 12:0 a.m.•5 views

VulnCheck KEV: CVE-2013-2597

The Code Aurora audio calibration database acdb audio driver contains a stack-based buffer overflow vulnerability that allows for privilege escalation. Code Aurora is used in third-party products such as Qualcomm and Android...

8.4CVSS6.4AI score0.01516EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/09/15 12:0 a.m.•3 views

VulnCheck KEV: CVE-2013-2596

Linux kernel fbmmap function in drivers/video/fbmem.c contains an integer overflow vulnerability that allows for privilege escalation...

7.8CVSS6.9AI score0.03373EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/09/14 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-31196

Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution...

7.2CVSS7.4AI score0.4638EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2022/09/14 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-33768

Microsoft Exchange Server Elevation of Privilege Vulnerability...

8CVSS7.4AI score0.0116EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/09/14 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-40734

UniSharp laravel-filemanager aka Laravel Filemanager before 2.6.4 allows download?workingdir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0...

6.5CVSS6.7AI score0.04056EPSS
Exploits1References1
Total number of security vulnerabilities4985