Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2022/05/23 12:0 a.m.•2 views

VulnCheck KEV: CVE-2019-8720

WebKitGTK contains a memory corruption vulnerability which can allow an attacker to perform remote code execution...

8.8CVSS7AI score0.01543EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/20 12:0 a.m.•10 views

VulnCheck KEV: CVE-2022-1609

The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site...

9.8CVSS7.8AI score0.64321EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/20 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-20821

Cisco IOS XR software health check opens TCP port 6379 by default on activation. An attacker can connect to the Redis instance on the open port and allow access to the Redis instance that is running within the NOSi container...

6.5CVSS6.8AI score0.1176EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/14 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-30525

A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device...

10CVSS7.5AI score0.99938EPSS
Exploits27References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/11 12:0 a.m.•4 views

VulnCheck KEV: CVE-2014-0112

ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for...

7.5CVSS7.2AI score0.98094EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/11 12:0 a.m.•4 views

VulnCheck KEV: CVE-2012-5469

The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod...

7.5CVSS5.8AI score0.23745EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/11 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-31805

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. Using forced OGNL evaluation on untrusted user input can lead...

9.8CVSS7.1AI score0.95922EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/11 12:0 a.m.•3 views

VulnCheck KEV: CVE-2014-0114

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute...

7.5CVSS6.9AI score0.96121EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/11 12:0 a.m.•5 views

VulnCheck KEV: CVE-2014-0094

The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method...

5CVSS7.3AI score0.99614EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/11 12:0 a.m.•1 views

VulnCheck KEV: CVE-2014-0113

CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists...

7.5CVSS7.2AI score0.78451EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/10 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-26925

Microsoft Windows Local Security Authority LSA contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM...

8.1CVSS7AI score0.10461EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/04 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-21311

Adminer contains a server-side request forgery vulnerability that, when exploited, allows a remote attacker to obtain potentially sensitive information...

7.2CVSS7.2AI score0.90461EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2022/05/02 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-29444

Plugin Settings Change leading to Cross-Site Scripting XSS vulnerability in Cloudways Breeze plugin = 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wpajax actions in the class BreezeConfiguration which includes the ability to change any of...

6.5CVSS6.2AI score0.00538EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/27 12:0 a.m.•8 views

VulnCheck KEV: CVE-2022-22947

Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured...

10CVSS7.2AI score0.98253EPSS
Exploits54References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/26 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

7.5CVSS7AI score0.81147EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/25 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-21919

Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation...

7CVSS7.3AI score0.0295EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/25 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-0847

Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe."...

7.8CVSS6.9AI score0.88106EPSS
Exploits100References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/25 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-41357

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.1AI score0.01968EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/25 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-40450

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.1AI score0.01968EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-29464

Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution...

10CVSS7.7AI score0.99999EPSS
Exploits22References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-22718

Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation...

7.8CVSS7.3AI score0.18464EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/14 12:0 a.m.•6 views

VulnCheck KEV: CVE-2022-28810

Zoho ManageEngine ADSelfService Plus contains an unspecified vulnerability allowing for remote code execution when performing a password change or reset...

7.1CVSS7.6AI score0.70479EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-26904

Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation...

7CVSS7.3AI score0.09817EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-6882

Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML...

6.1CVSS6.9AI score0.23717EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-26809

Remote Procedure Call Runtime Remote Code Execution Vulnerability...

10CVSS7.5AI score0.91316EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/13 12:0 a.m.•2 views

VulnCheck KEV: CVE-2014-8356

The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference...

8.8CVSS7.3AI score0.05636EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/13 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-1329

The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the /core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious...

8.8CVSS7.3AI score0.92658EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-1364

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft...

8.8CVSS7.5AI score0.1372EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2014-8357

backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf...

8.8CVSS7.4AI score0.05441EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-15368

AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3...

5.5CVSS6.2AI score0.01349EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/12 12:0 a.m.•7 views

VulnCheck KEV: CVE-2022-27226

A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor's defined interval, leading to remote code execution, allowing the threat...

9.3CVSS7.7AI score0.34531EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/12 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-24521

Microsoft Windows Common Log File System CLFS Driver contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.3AI score0.07304EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/12 12:0 a.m.•5 views

VulnCheck KEV: CVE-2014-9118

The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd...

9CVSS7.6AI score0.53364EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/12 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-17456

SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the systemlog.cgi page...

9.8CVSS7.5AI score0.71691EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/12 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-18426

A vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading...

8.2CVSS7.3AI score0.67859EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/11 12:0 a.m.•7 views

VulnCheck KEV: CVE-2020-2509

QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution...

9.8CVSS7.6AI score0.328EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/11 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-42287

Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation...

8.8CVSS6.9AI score0.74265EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/11 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-27852

Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code...

9.8CVSS7.7AI score0.31946EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/11 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-42278

Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation...

7.5CVSS7.3AI score0.70207EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/11 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-24990

TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint...

9.8CVSS7.6AI score0.8405EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/06 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-3156

Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation...

7.8CVSS7.2AI score0.99295EPSS
Exploits81References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/06 12:0 a.m.•11 views

VulnCheck KEV: CVE-2022-22954

VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection...

10CVSS7.9AI score0.99997EPSS
Exploits25References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/06 12:0 a.m.•8 views

VulnCheck KEV: CVE-2022-22960

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts...

7.8CVSS7.3AI score0.37171EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/04 12:0 a.m.•13 views

VulnCheck KEV: CVE-2022-22965

Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding...

9.8CVSS7.5AI score0.99677EPSS
Exploits102References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-25080

TOTOLink A830R V5.9c.4729B20191112 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS7.5AI score0.0322EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/01 12:0 a.m.•8 views

VulnCheck KEV: CVE-2022-25079

TOTOLink A810R V4.1.2cu.5182B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS7.5AI score0.0322EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/01 12:0 a.m.•8 views

VulnCheck KEV: CVE-2022-25083

TOTOLink A860R V4.1.2cu.5182B20201027 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS7.5AI score0.03158EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-26186

TOTOLINK N600R V4.3.0cu.7570B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi...

9.8CVSS7.4AI score0.03986EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-4045

TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera...

10CVSS7.4AI score0.72185EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/01 12:0 a.m.•13 views

VulnCheck KEV: CVE-2022-25075

TOTOLink A3000RU V5.9c.2280B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS7.7AI score0.56248EPSS
Exploits1References1
Total number of security vulnerabilities4985