Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2022/04/01 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-25082

TOTOLink A950RG V5.9c.4050B20190424 and V4.1.2cu.5204B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS7.5AI score0.16089EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/01 12:0 a.m.•14 views

VulnCheck KEV: CVE-2022-25076

TOTOLink A800R V4.1.2cu.5137B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS7.5AI score0.0322EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2016-5674

debuggingcenterutils.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter...

10CVSS7.7AI score0.9461EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-25081

TOTOLink T10 V5.9c.5061B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS7.5AI score0.03158EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/01 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-25078

TOTOLink A3600R V4.1.2cu.5182B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS7.5AI score0.0322EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-26210

Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the...

9.8CVSS7.5AI score0.05748EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/01 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-45382

A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file...

10CVSS8AI score0.97836EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-25077

TOTOLink A3100R V4.1.2cu.5050B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS7.5AI score0.32552EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/04/01 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-25084

TOTOLink T6 V5.9c.4085B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS7.7AI score0.24845EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/31 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-22674

macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory...

5.5CVSS6.9AI score0.01132EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/31 12:0 a.m.•8 views

VulnCheck KEV: CVE-2021-21551

Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service DoS, or information disclosure...

8.8CVSS7.3AI score0.57474EPSS
Exploits17References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/31 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-26871

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution...

9.8CVSS7.8AI score0.19633EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/31 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-22675

macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges...

9.3CVSS7.6AI score0.12642EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/28 12:0 a.m.•5 views

VulnCheck KEV: CVE-2016-0040

The kernel in Microsoft Windows allows local users to gain privileges via a crafted application...

7.8CVSS7.1AI score0.24554EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/28 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-34484

Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.3AI score0.14393EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/28 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-26085

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint...

5.3CVSS6.2AI score0.99937EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/28 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-38646

Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution...

7.8CVSS7.4AI score0.04044EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/28 12:0 a.m.•6 views

VulnCheck KEV: CVE-2019-7483

In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server...

7.5CVSS7.1AI score0.03977EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/28 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-34486

Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation...

7.8CVSS7.1AI score0.07428EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/28 12:0 a.m.•8 views

VulnCheck KEV: CVE-2016-0151

The Client-Server Run-time Subsystem CSRSS in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application...

7.8CVSS7.1AI score0.63195EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/28 12:0 a.m.•4 views

VulnCheck KEV: CVE-2012-2034

Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service DoS...

9.3CVSS6.4AI score0.078EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/25 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-7247

smtpmailaddr in smtpsession.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session...

10CVSS7.6AI score0.98946EPSS
Exploits27References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/25 12:0 a.m.•5 views

VulnCheck KEV: CVE-2010-3035

Cisco IOS XR, when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service DoS...

7.5CVSS5.8AI score0.05562EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/25 12:0 a.m.•6 views

VulnCheck KEV: CVE-2016-10174

The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution...

10CVSS7.8AI score0.8345EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/25 12:0 a.m.•3 views

VulnCheck KEV: CVE-2014-3120

Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code...

8.1CVSS7.5AI score0.88559EPSS
Exploits17References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/25 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-2616

Oracle BI Publisher, formerly XML Publisher, contains an unspecified vulnerability that allows for various unauthorized actions. Open-source reporting attributes this vulnerability to allowing for authentication bypass...

7.2CVSS7.1AI score0.92183EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/25 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-14839

LG N1A1 NAS 3718.510 is affected by a remote code execution vulnerability...

9.8CVSS7.8AI score0.89354EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/25 12:0 a.m.•3 views

VulnCheck KEV: CVE-2009-2055

Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service DoS...

5.9CVSS5.8AI score0.03326EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/25 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-25223

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM...

10CVSS8AI score0.96693EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/25 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-21999

Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation...

7.8CVSS7.2AI score0.41683EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/25 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-42237

Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution...

10CVSS7.7AI score0.99214EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/25 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-10068

Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution...

9.8CVSS7.6AI score0.96031EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/25 12:0 a.m.•7 views

VulnCheck KEV: CVE-2015-3035

Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. dot dot in the PATHINFO to login/...

7.8CVSS5.9AI score0.83772EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/25 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-0125

A vulnerability in the web interface of the Cisco VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as root and gain full control of an affected system...

10CVSS7.7AI score0.54763EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/24 12:0 a.m.•6 views

VulnCheck KEV: CVE-2022-0543

Redis is prone to a Debian-specific Lua sandbox escape, which could result in remote code execution...

10CVSS7.6AI score0.9967EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/24 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-1385

A privilege escalation vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files...

7.8CVSS6.9AI score0.03595EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/24 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-1130

A privilege escalation vulnerability exists when Windows AppX Deployment Service AppXSVC improperly handles hard links...

7.8CVSS7.1AI score0.02284EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/24 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-36198

A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Malware Remover versions prior to 4.6.1.0. This issue does not affect:...

7.2CVSS6.9AI score0.01123EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/24 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-1388

Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context...

7.8CVSS7.3AI score0.08589EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/24 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-0638

Microsoft Update Notification Manager contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.1AI score0.02928EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/24 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-31166

Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution...

9.8CVSS7.6AI score0.99647EPSS
Exploits24References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/23 12:0 a.m.•1 views

VulnCheck KEV: CVE-2022-1096

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft...

8.8CVSS7.5AI score0.24237EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-24934

wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEYCURRENTUSER in the registry...

9.8CVSS8AI score0.2047EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/21 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-1040

An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution...

9.8CVSS7.7AI score0.99796EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/20 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-36749

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not...

6.5CVSS6.8AI score0.81038EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/20 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-26920

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not...

6.5CVSS6.6AI score0.09877EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/17 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-26318

On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code...

9.8CVSS7.6AI score0.78303EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/17 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-23176

WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access...

9CVSS7.5AI score0.13318EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/16 12:0 a.m.•4 views

VulnCheck KEV: CVE-2015-2370

The authentication implementation in the RPC subsystem in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not prevent DCE/RPC connection...

7.2CVSS5.8AI score0.04417EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/16 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-23812

This affects the package node-ipc from 10.1.1 and before 10.1.3. This package contains malicious code, that targets users with IP located in Russia or Belarus, and overwrites their files with a heart emoji. Note: from versions 11.0.0 onwards, instead of having malicious code directly in the...

10CVSS7.5AI score0.04194EPSS
Exploits1References1
Total number of security vulnerabilities4985