Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2022/01/26 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-19953

A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code...

6.1CVSS6.3AI score0.23894EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/26 12:0 a.m.•6 views

VulnCheck KEV: CVE-2018-19943

A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code...

8CVSS6AI score0.17705EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/26 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-7193

QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system...

10CVSS7.4AI score0.14367EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/26 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-5039

An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. A specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can craft a weave certificate to trigger...

8.8CVSS7.5AI score0.01617EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/26 12:0 a.m.•4 views

VulnCheck KEV: CVE-2015-7465

Cross-site request forgery CSRF vulnerability in Lifecycle Query Engine LQE in IBM Jazz Reporting Service JRS 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences...

8.8CVSS7.4AI score0.0055EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/26 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-5611

SQL injection vulnerability in wp-includes/class-wp-query.php in WPQuery in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name...

9.8CVSS7.2AI score0.09933EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/26 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-3993

Certain APIs within BigInsights can take invalid input that might allow attackers unauthorized access to read, write, modify, or delete data...

6.5CVSS5.8AI score0.05236EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/26 12:0 a.m.•6 views

VulnCheck KEV: CVE-2018-8639

Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode...

8.4CVSS7.5AI score0.22349EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/26 12:0 a.m.•7 views

VulnCheck KEV: CVE-2017-8295

WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to...

5.9CVSS6.9AI score0.26699EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/26 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-14726

Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor...

6.1CVSS6.8AI score0.02657EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/26 12:0 a.m.•7 views

VulnCheck KEV: CVE-2017-14723

Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb-prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks...

9.8CVSS7.4AI score0.10357EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/26 12:0 a.m.•5 views

VulnCheck KEV: CVE-2016-10033

PHPMailer contains a command injection vulnerability because it fails to sanitize user-supplied input. Specifically, this issue affects the 'mail' function of 'class.phpmailer.php' script. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed...

9.8CVSS7.3AI score0.99714EPSS
Exploits58References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/25 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-8526

Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation...

7.8CVSS7.3AI score0.00701EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/24 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-0288

The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the htmlelementselection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.4AI score0.02389EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/21 12:0 a.m.•6 views

VulnCheck KEV: CVE-2006-1547

ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability that allows for denial-of-service DoS...

7.8CVSS7.2AI score0.54635EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/19 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-35247

SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers to build and send queries without sanitization...

5.3CVSS7AI score0.03359EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/18 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-11978

A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow...

8.8CVSS7.3AI score0.99118EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/18 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-32648

In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request...

9.1CVSS7.4AI score0.90418EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/18 12:0 a.m.•6 views

VulnCheck KEV: CVE-2020-14864

Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file...

7.8CVSS7.3AI score0.97233EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/18 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-13927

The previous default setting for Airflow's Experimental API was to allow all API requests without authentication...

9.8CVSS7.3AI score0.99778EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/17 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-31206

Microsoft Exchange Server Remote Code Execution Vulnerability...

8CVSS7.4AI score0.09581EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-0218

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

8.3CVSS6.5AI score0.70511EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/12 12:0 a.m.•2 views

VulnCheck KEV: CVE-2014-0780

InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution...

9.8CVSS6.1AI score0.74548EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/12 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-3949

An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated...

7.5CVSS7.1AI score0.53297EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/12 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-10826

/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode...

10CVSS7.3AI score0.39389EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/12 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-3948

An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an...

7.5CVSS7.1AI score0.23061EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/12 12:0 a.m.•5 views

VulnCheck KEV: CVE-2013-6719

delivery.php in the Passive Capture Application PCA web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the testconnhost parameter...

6CVSS7.6AI score0.26826EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/12 12:0 a.m.•4 views

VulnCheck KEV: CVE-2015-4068

Directory traversal vulnerability in Arcserve UDP allows remote attackers to obtain sensitive information or cause a denial of service...

9.4CVSS5.8AI score0.63643EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/12 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-18952

SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP...

9.8CVSS7.8AI score0.45361EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/12 12:0 a.m.•6 views

VulnCheck KEV: CVE-2016-4523

The WAP interface in Trihedral VTScada formerly VTS allows remote attackers to cause a denial-of-service DoS...

7.5CVSS7.2AI score0.31392EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/12 12:0 a.m.•4 views

VulnCheck KEV: CVE-2015-7254

Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. dot dot in an icon/ URI...

5CVSS5.9AI score0.27528EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/12 12:0 a.m.•4 views

VulnCheck KEV: CVE-2014-0130

Directory traversal vulnerability in actionpack/lib/abstractcontroller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request...

7.5CVSS7.3AI score0.53703EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/12 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-13756

Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors or getSelectorsBySpecificity is called with input from an attacker...

9.8CVSS7.8AI score0.55084EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/12 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-5410

Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files...

7.5CVSS6.9AI score0.95586EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/12 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-10828

A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request...

9.8CVSS8.1AI score0.20881EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/12 12:0 a.m.•2 views

VulnCheck KEV: CVE-2020-10827

A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request...

9.8CVSS8.1AI score0.20881EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/12 12:0 a.m.•2 views

VulnCheck KEV: CVE-2016-8530

A remote denial of service vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version...

7.5CVSS7.1AI score0.48677EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/12 12:0 a.m.•3 views

VulnCheck KEV: CVE-2013-6720

Directory traversal vulnerability in download.php in the Passive Capture Application PCA web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. dot dot in the log parameter, as...

5.5CVSS7.3AI score0.28583EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/12 12:0 a.m.•7 views

VulnCheck KEV: CVE-2017-11512

The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files...

7.5CVSS7.2AI score0.79604EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/12 12:0 a.m.•3 views

VulnCheck KEV: CVE-2010-4598

Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter in an open request...

5CVSS5.9AI score0.26482EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/12 12:0 a.m.•5 views

VulnCheck KEV: CVE-2011-2474

Directory traversal vulnerability in the HTTP Server in Sybase EAServer 6.3.1 Developer Edition allows remote attackers to read arbitrary files via a /.../../\ sequence in a path...

5CVSS5.9AI score0.63612EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/11 12:0 a.m.•6 views

VulnCheck KEV: CVE-2022-21882

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.3AI score0.55711EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/10 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-27860

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem...

9.8CVSS7.3AI score0.39824EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/10 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-22017

Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization...

5.3CVSS7AI score0.47642EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/06 12:0 a.m.•1 views

VulnCheck KEV: CVE-2022-22706

Arm Mali GPU Kernel Driver contains an unspecified vulnerability that allows a non-privileged user to achieve write access to read-only memory pages...

7.8CVSS7.3AI score0.01216EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/05 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-24878

The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the wpsccreateticket shortcode embed, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.4AI score0.01165EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/03 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-37450

Go Ethereum aka geth through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making RUM, as exploited in the wild in 2020 through 2022...

5.9CVSS6.2AI score0.00971EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-22265

Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution...

7.8CVSS7.3AI score0.00392EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/23 12:0 a.m.•9 views

VulnCheck KEV: CVE-2017-9554

An information exposure vulnerability in forgetpasswd.cgi in Synology DiskStation Manager DSM before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors...

5.3CVSS6.4AI score0.75016EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/22 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-45461

FreePBX, when restapps aka Rest Phone Apps 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19...

9.8CVSS7.7AI score0.21657EPSS
Exploits1References1
Total number of security vulnerabilities4985