Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2021/12/22 12:0 a.m.•10 views

VulnCheck KEV: CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This...

5.9CVSS7AI score0.99999EPSS
Exploits20References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/21 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-33766

Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target...

7.5CVSS7.1AI score0.97502EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/21 12:0 a.m.•2 views

VulnCheck KEV: CVE-2021-24499

The Workreap WordPress theme before 2.2.2 AJAX actions workreapawardtempfileuploader and workreaptempfileuploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the...

9.8CVSS7.4AI score0.60113EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/21 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-33357

A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/getnetcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS commands...

9.8CVSS7.5AI score0.17905EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/21 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-40870

Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal...

9.8CVSS7.6AI score0.93019EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/21 12:0 a.m.•8 views

VulnCheck KEV: CVE-2021-25076

The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting...

8.8CVSS7.3AI score0.1712EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/16 12:0 a.m.•5 views

VulnCheck KEV: CVE-2022-24682

Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting XSS vulnerability in the Calendar feature that allows an attacker to execute arbitrary code...

6.1CVSS7AI score0.3106EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/16 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-36888

Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate versions = 9.6.1 WordPress plugin...

9.8CVSS7.3AI score0.0674EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/15 12:0 a.m.•4 views

VulnCheck KEV: CVE-2015-0096

Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse DLL in...

9.3CVSS6.8AI score0.71075EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/15 12:0 a.m.•3 views

VulnCheck KEV: CVE-2010-3338

The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability."...

7.2CVSS5.8AI score0.1986EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/15 12:0 a.m.•7 views

VulnCheck KEV: CVE-2012-3015

Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse DLL in a STEP7 project folder...

6.9CVSS5.8AI score0.00455EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/15 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-26885

Windows WalletService Elevation of Privilege Vulnerability...

7.8CVSS7.1AI score0.03215EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/15 12:0 a.m.•4 views

VulnCheck KEV: CVE-2010-2743

The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm,...

7.2CVSS5.8AI score0.14849EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-43890

Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability...

7.1CVSS7.3AI score0.10295EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/14 12:0 a.m.•7 views

VulnCheck KEV: CVE-2021-25037

The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected site’s database e.g., usernames and...

6.5CVSS6.7AI score0.01291EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-30983

Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges...

9.3CVSS7.7AI score0.02934EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-15303

In CPUID CPU-Z before 1.43, there is an arbitrary memory write that results directly in elevation of privileges, because any program running on the local machine while CPU-Z is running can issue an ioctl 0x9C402430 call to the kernel-mode driver e.g., cpuz141x64.sys for version 1.41...

7.8CVSS7.2AI score0.01533EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-3956

The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges...

7.2CVSS7.1AI score0.07799EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/10 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-13272

Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access...

7.8CVSS6.9AI score0.52199EPSS
Exploits21References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/10 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-44515

Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server...

10CVSS7.8AI score0.99867EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/09 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-24209

The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated admin+ RCE in the settings page due to input validation failure and weak $cachepath check in the WP Super Cache Settings - Cache Location option. Direct access to the wp-cache-config.php file is not...

9CVSS7AI score0.23844EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/09 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-4102

Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft...

8.8CVSS7.5AI score0.07836EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/08 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-4073

The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, if they knew a valid username on the site due to missing identity validation in the social login function socialloginusingemail of the plugin. This...

9.8CVSS7.1AI score0.07EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/08 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-41653

The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840NEUV5171211 is vulnerable to remote code execution via a crafted payload in an IP address input field...

10CVSS8AI score0.75883EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/07 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-44168

Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files...

7.8CVSS6.7AI score0.00873EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-36260

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation...

9.8CVSS7.3AI score0.99869EPSS
Exploits23References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/06 12:0 a.m.•8 views

VulnCheck KEV: CVE-2021-25032

The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a...

9.8CVSS7.3AI score0.06745EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/06 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-45046

Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations...

10CVSS7.5AI score0.99999EPSS
Exploits353References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/06 12:0 a.m.•12 views

VulnCheck KEV: CVE-2021-44228

Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution...

10CVSS7.2AI score0.99999EPSS
Exploits351References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/01 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-40438

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

9CVSS7AI score0.99999EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-44077

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution...

9.8CVSS8AI score0.93514EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2021/12/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-37415

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication...

9.8CVSS7.3AI score0.99854EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/30 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-41379

Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS6.9AI score0.20099EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/30 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-6079

The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. You can use this page as a web shell essentially to execute commands, though you get no feedback client-side...

10CVSS7.5AI score0.46846EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/29 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-24969

The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages such as admin dashboard and frontend. Due to the lack of authorisation and CSRF checks in the wpdmsavetemplate AJAX action, any authenticated users...

5.4CVSS6AI score0.006EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/28 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-39317

A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the pluginofflineinstaller AJAX action due to a missing capability check in the pluginofflineinstallercallback function found in the /demo-functions.php file or...

8.8CVSS7.2AI score0.01652EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/16 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-24981

The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory...

7.5CVSS7.2AI score0.00811EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/15 12:0 a.m.•5 views

VulnCheck KEV: CVE-2012-0151

The Authenticode Signature Verification function in Microsoft Windows WinVerifyTrust does not properly validate the digest of a signed portable executable PE file, which allows user-assisted remote attackers to execute code...

9.3CVSS6.2AI score0.8878EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/15 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-24946

The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue...

9.8CVSS7.4AI score0.728EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/11 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-18368

Zyxel P660HN-T1A routers contain a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user and exploited via the remotehost parameter of the ViewLog.asp page...

10CVSS7.5AI score0.94508EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/11 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-9377

D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php...

8.8CVSS7.8AI score0.21338EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/11 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-19824

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI syscmd.htm is not available. This allows for full control over the device's internals. This affects A3002RU through...

9CVSS7.5AI score0.25135EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/11 12:0 a.m.•3 views

VulnCheck KEV: CVE-2013-3307

Linksys x3000 firmware is vulnerable to a command injection vulnerability via the pingip parameter...

8.3CVSS7.5AI score0.05618EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/11 12:0 a.m.•8 views

VulnCheck KEV: CVE-2013-5223

A cross-site scripting XSS vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML...

5.4CVSS5.8AI score0.33567EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/11 12:0 a.m.•3 views

VulnCheck KEV: CVE-2016-11021

setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command...

9CVSS7.2AI score0.68525EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/11 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-8958

Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804RGW 1.9.1-181203 through 2.9.0-181024 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the boaform/admin/formPing Dest IP Address field...

9CVSS7.3AI score0.46642EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/09 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-42321

An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution...

8.8CVSS7.6AI score0.90388EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/09 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-42292

A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution...

7.8CVSS7.5AI score0.31949EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/08 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-24943

The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the eventid in the rtecsendunregisterlink AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL injection...

9.8CVSS7.3AI score0.07474EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/06 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-1048

Android kernel contains a use-after-free vulnerability that allows for privilege escalation...

7.8CVSS6.9AI score0.01047EPSS
Exploits0References1
Total number of security vulnerabilities4985