Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2022/09/14 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-34470

Microsoft Exchange Server Elevation of Privilege Vulnerability...

8CVSS7.3AI score0.03265EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/09/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-3180

A privilege escalation flaw exists in the WordPress WPGateway plugin that enables unauthenticated adversaries to add a user with administrator rights...

9.8CVSS6AI score0.08841EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/09/13 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-40139

Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution...

7.2CVSS7.4AI score0.03054EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/09/13 12:0 a.m.•6 views

VulnCheck KEV: CVE-2022-37969

Microsoft Windows Common Log File System CLFS driver contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.3AI score0.28483EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2022/09/12 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-32917

Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges...

7.8CVSS7.4AI score0.05557EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/09/08 12:0 a.m.•5 views

VulnCheck KEV: CVE-2018-2628

Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 network access to compromise the server...

9.8CVSS7.4AI score0.99448EPSS
Exploits69References1
VulnCheck KEV
VulnCheck KEV
•added 2022/09/07 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-3124

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...

5.3CVSS6.2AI score0.06199EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/09/07 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-3125

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE...

8.8CVSS7.4AI score0.01113EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/09/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-6530

Multiple D-Link routers contain an unspecified vulnerability that allows for execution of OS commands...

10CVSS7.6AI score0.96626EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/09/06 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-26258

D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution...

9.8CVSS7.7AI score0.81218EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/09/03 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-27593

Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign...

10CVSS7.3AI score0.87908EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/09/02 12:0 a.m.•6 views

VulnCheck KEV: CVE-2022-4980

General Bytes Crypto Application Server CAS beginning with version 20201208 prior to 20220531.38 backport and 20220725.22 mainline contains an authentication bypass in the admin web interface. An unauthenticated attacker could invoke the same URL used by the product's default-installation /...

9.3CVSS5.8AI score0.00813EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/30 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-3075

Google Chromium Mojo contains an insufficient data validation vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium,...

9.6CVSS7.5AI score0.0568EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/25 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-36193

PEAR ArchiveTar Tar.php allows write operations with directory traversal due to inadequate checking of symbolic links. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party...

7.5CVSS7.3AI score0.70595EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/25 12:0 a.m.•2 views

VulnCheck KEV: CVE-2020-28949

PEAR ArchiveTar allows an unserialization attack because phar: is blocked but PHAR: is not blocked. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as...

7.8CVSS7.2AI score0.84554EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/25 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-38406

Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files improper input validation resulting in an out-of-bounds write that allows for code execution...

7.8CVSS7.3AI score0.77892EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/25 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-5736

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary and consequently obtain host root access by leveraging the ability to execute a command as root within one of these types of containers: 1 a new container with an...

9.3CVSS7AI score0.9857EPSS
Exploits33References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/19 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-21371

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Web Container. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP...

7.5CVSS6.9AI score0.92331EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/19 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-31589

A cross-site scripting XSS vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitization...

6.1CVSS6.2AI score0.28307EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-25134

A command injection vulnerability in the function setUpgradeFW of TOTOLINK Technology router T6 V3Firmware T6V3V4.1.5cu.748B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet...

9.8CVSS7.5AI score0.03021EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/19 12:0 a.m.•10 views

VulnCheck KEV: CVE-2022-22963

When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

9.8CVSS7.8AI score0.99939EPSS
Exploits36References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/19 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-25060

TP-LINK TL-WR840NESV6.20180709 was discovered to contain a command injection vulnerability via the component oalstartPing...

10CVSS7.3AI score0.52427EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-21881

An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.9CVSS7.3AI score0.37064EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/19 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-20166

Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton...

8.8CVSS7.5AI score0.02195EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/19 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-39226

Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss...

9.8CVSS6.9AI score0.99888EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/19 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-24762

The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the questionid GET parameter before using it in a SQL statement in the getquestion AJAX action, allowing unauthenticated users to perform SQL injection...

9.8CVSS7.3AI score0.86896EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/19 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-24112

Apache APISIX contains an authentication bypass vulnerability that allows for remote code execution...

9.8CVSS7.7AI score0.96182EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-20167

Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter...

8CVSS7.2AI score0.0853EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/19 12:0 a.m.•8 views

VulnCheck KEV: CVE-2021-28169

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can...

5.3CVSS6.7AI score0.7848EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/19 12:0 a.m.•8 views

VulnCheck KEV: CVE-2022-21662

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users like author in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been...

8CVSS6.9AI score0.63418EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/19 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-24260

A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level...

10CVSS7.5AI score0.50926EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/19 12:0 a.m.•9 views

VulnCheck KEV: CVE-2021-43711

The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution...

9.8CVSS7.3AI score0.36272EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/18 12:0 a.m.•8 views

VulnCheck KEV: CVE-2017-15944

Palo Alto Networks PAN-OS contains multiple, unspecified vulnerabilities which can allow for remote code execution when chained...

9.8CVSS7.9AI score0.9834EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/18 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-21971

Microsoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution...

9.3CVSS7.6AI score0.53655EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/18 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-22536

SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server and SAP Web Dispatcher allow HTTP request smuggling. An unauthenticated attacker can prepend a victim's request with arbitrary data, allowing for function execution impersonating the...

10CVSS7.7AI score0.97945EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/18 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-26923

An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalation to SYSTEM...

9CVSS7.4AI score0.83277EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/17 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-32894

Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges...

7.8CVSS7.4AI score0.03259EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/17 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-32893

Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content...

8.8CVSS8AI score0.09785EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/15 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-1097

NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefox ESR 91.8...

6.5CVSS6.9AI score0.00917EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/15 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-1802

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR 91.9.1, Firefox 100.0.2, Firefox for Android...

8.8CVSS7.6AI score0.26709EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/15 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-1529

An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR...

8.8CVSS7.3AI score0.17103EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/15 12:0 a.m.•9 views

VulnCheck KEV: CVE-2022-28281

If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox...

8.8CVSS7.3AI score0.02556EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-34151

Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac...

8.1CVSS7.3AI score0.0131EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/11 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-27925

Synacor Zimbra Collaboration Suite ZCS contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution...

9.8CVSS7.7AI score0.98234EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/10 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-0028

A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service RDoS attacks...

8.6CVSS7.3AI score0.02041EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/10 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-37042

Synacor Zimbra Collaboration Suite ZCS contains an authentication bypass vulnerability in MailboxImportServlet. This vulnerability was chained with CVE-2022-27925 which allows for unauthenticated remote code execution...

9.8CVSS7.5AI score0.98234EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/09 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-34713

A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application...

7.8CVSS7.9AI score0.6798EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/09 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-30333

RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract unpack operation...

7.5CVSS7.3AI score0.98975EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/04 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-29303

SolarView Compact contains a command injection vulnerability due to improper validation of input values on the send test mail console of the product's web server...

10CVSS7.3AI score0.97961EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2022/08/04 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-27924

Synacor Zimbra Collaboration Suite ZCS allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries...

7.5CVSS7.5AI score0.85398EPSS
Exploits2References1
Total number of security vulnerabilities4985