Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2022/08/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-34154

Authenticated author or higher user role Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin = 1.0.1 at WordPress...

8.8CVSS7.3AI score0.00998EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/07/29 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-26138

Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group...

9.8CVSS7.5AI score0.9817EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/07/26 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-2383

The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.4AI score0.04873EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/07/25 12:0 a.m.•6 views

VulnCheck KEV: CVE-2022-2461

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient permissions checking on the 'tptranslation' AJAX action and default settings which makes it...

5.3CVSS6.8AI score0.03644EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2022/07/22 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-31181

PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users...

9.8CVSS7.4AI score0.0517EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/07/20 12:0 a.m.•5 views

VulnCheck KEV: CVE-2018-6055

Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page...

8.8CVSS7.5AI score0.01143EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/07/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-9934

Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information...

5.5CVSS6.9AI score0.03208EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/07/19 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-2856

Google Chromium Intents contains an insufficient validation of untrusted input vulnerability that allows a remote attacker to browse to a malicious website via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google...

6.5CVSS7.2AI score0.04493EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/07/14 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-26352

dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution...

9.8CVSS7.5AI score0.91501EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2022/07/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-2003

AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect...

9.1CVSS7.4AI score0.00621EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/07/12 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-22047

Microsoft Windows CSRSS contains an unspecified vulnerability that allows for privilege escalation to SYSTEM privileges...

7.8CVSS7.3AI score0.18765EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/07/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-2294

WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome...

8.8CVSS7.5AI score0.70461EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/06/30 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-33198

Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin = 2.0.2 at WordPress...

9.8CVSS6AI score0.02654EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/06/30 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-34487

Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin = 3.0.2 at WordPress...

9.8CVSS6AI score0.02654EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/06/28 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-26878

Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API /service/v1/createUser endpoint, injecting arbitrary commands that will be executed as root user via web.py...

9CVSS7.4AI score0.11453EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2022/06/28 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-28666

Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin = 1.7.7 at WordPress leading to &yikes-the-content-toggle option update...

5.3CVSS6AI score0.01226EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/06/28 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-26879

Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validatetoken.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header...

10CVSS7.3AI score0.42479EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/06/23 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-4344

Apple iOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability which can allow for code execution...

9.3CVSS7.4AI score0.02939EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/06/23 12:0 a.m.•8 views

VulnCheck KEV: CVE-2022-29499

The Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation...

10CVSS8AI score0.56967EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/06/23 12:0 a.m.•6 views

VulnCheck KEV: CVE-2020-9907

Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges...

9.3CVSS7.4AI score0.03738EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/06/23 12:0 a.m.•9 views

VulnCheck KEV: CVE-2019-8605

A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges...

9.3CVSS7.4AI score0.17438EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2022/06/23 12:0 a.m.•10 views

VulnCheck KEV: CVE-2020-3837

Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges...

9.3CVSS7.4AI score0.16111EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/06/22 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-20655

FileZen V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2 allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors...

9CVSS7.4AI score0.0397EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/06/22 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-34730

A vulnerability in the Universal Plug-and-Play UPnP service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service DoS...

10CVSS7.7AI score0.13578EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/06/15 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-34478

The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild although we know of none exploited through Thunderbird, so in this release...

6.5CVSS6.9AI score0.00783EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/06/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-43226

Microsoft Windows Common Log File System Driver contains a privilege escalation vulnerability that could allow a local, privileged attacker to bypass certain security mechanisms...

7.8CVSS7.2AI score0.03072EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/06/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-43207

Windows Common Log File System Driver Elevation of Privilege Vulnerability...

7.8CVSS7.1AI score0.00632EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/06/09 12:0 a.m.•7 views

VulnCheck KEV: CVE-2021-38163

SAP NetWeaver contains a vulnerability that allows unrestricted file upload...

9.9CVSS7.3AI score0.37149EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/06/09 12:0 a.m.•6 views

VulnCheck KEV: CVE-2016-2386

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

9.8CVSS7.2AI score0.7106EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2022/06/09 12:0 a.m.•5 views

VulnCheck KEV: CVE-2016-2388

The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request...

5.3CVSS6.4AI score0.51553EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2022/06/08 12:0 a.m.•3 views

VulnCheck KEV: CVE-2009-0557

Microsoft Office contains an object record corruption vulnerability that allows remote attackers to execute code via a crafted Excel file with a malformed record object...

9.3CVSS6AI score0.58551EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/06/07 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-15271

A deserialization of untrusted data vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an attacker to execute code with root privileges...

9CVSS7.4AI score0.05979EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/06/07 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-6862

Multiple NETGEAR devices contain a buffer overflow vulnerability that allows for authentication bypass and remote code execution...

9.8CVSS7.8AI score0.42696EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/06/07 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-4034

The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights...

7.8CVSS6.9AI score0.94921EPSS
Exploits152References1
VulnCheck KEV
VulnCheck KEV
•added 2022/06/06 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-1903

The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover even the administrator due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username...

8.1CVSS7.3AI score0.0852EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/31 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-41951

ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpresssso/pages/index.php via the wordpressuser parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the...

6.1CVSS6.3AI score0.77892EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/31 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-20837

Movable Type 7 r.5002 and earlier Movable Type 7 Series, Movable Type 6.8.2 and earlier Movable Type 6 Series, Movable Type Advanced 7 r.5002 and earlier Movable Type Advanced 7 Series, Movable Type Advanced 6.8.2 and earlier Movable Type Advanced 6 Series, Movable Type Premium 1.46 and...

9.8CVSS7.3AI score0.88144EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/31 12:0 a.m.•7 views

VulnCheck KEV: CVE-2021-43778

Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the front/send.php file...

9.1CVSS7.1AI score0.52658EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/31 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-41277

Metabase contains a local file inclusion vulnerability in the custom map support in the API to read GeoJSON formatted data...

10CVSS7.3AI score0.97178EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/31 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-22053

Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements...

8.8CVSS7.4AI score0.13035EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/31 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-41349

Microsoft Exchange Server Spoofing Vulnerability...

6.5CVSS6.6AI score0.93877EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/31 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-21980

The vSphere Web Client FLEX/Flash contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information...

7.5CVSS7.4AI score0.04601EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/31 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-24750

The WP Visitor Statistics Real Time Traffic WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks...

8.8CVSS7.3AI score0.38298EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/31 12:0 a.m.•8 views

VulnCheck KEV: CVE-2021-41174

Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the...

6.9CVSS6.9AI score0.84607EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/30 12:0 a.m.•6 views

VulnCheck KEV: CVE-2022-30190

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application...

9.3CVSS7.5AI score0.99374EPSS
Exploits62References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/26 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-35064

KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg...

10CVSS7.4AI score0.70753EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/26 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-4039

A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device...

10CVSS7.7AI score0.71048EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/26 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-36356

KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames even though browseSystemFiles.php is no longer reachable via the GUI. NOTE: this issue exists because of an incomplete fix...

10CVSS7.8AI score0.54393EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/26 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-16763

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution...

9.8CVSS7.4AI score0.82937EPSS
Exploits17References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/25 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-3010

Oracle Solaris component: XScreenSaver contains an unspecified vulnerability that allows for privilege escalation...

8.8CVSS7.3AI score0.13506EPSS
Exploits8References1
Total number of security vulnerabilities4985