Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2021/11/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-18988

TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt protected information stored in registry or configuration files or decryption of the Unattended...

7CVSS7.1AI score0.04707EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2021/11/03 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-0646

Microsoft .NET Framework contains an improper input validation vulnerability that allows for remote code execution...

10CVSS7.5AI score0.99193EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2021/11/03 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-10221

rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter...

9CVSS7.5AI score0.36754EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2021/11/03 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-1147

Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source markup of XML file input. Successful exploitation allows an attacker to execute code in the context of the process responsible for...

7.8CVSS7.8AI score0.94243EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
added 2021/11/02 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-42359

WP DSGVO Tools GDPR = 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As such, it was possible for an attacker to...

9.1CVSS7.3AI score0.0393EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/11/01 12:0 a.m.2 views

VulnCheck KEV: CVE-2021-24755

The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user...

8.8CVSS7.4AI score0.01318EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/28 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-0041

Android Kernel bindertransaction of binder.c contains an out-of-bounds write vulnerability due to an incorrect bounds check that could allow for local privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and CVE-2020-0069 under exploit chain "AbstractEmu."...

7.8CVSS7.3AI score0.72105EPSS
Exploits35References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/28 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-0069

Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an out-of-bounds write leading to privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and...

7.8CVSS7.3AI score0.72105EPSS
Exploits29References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/27 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-39341

The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the loggedinorhasapikey function in the /OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on...

8.2CVSS7.2AI score0.2327EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/27 12:0 a.m.7 views

VulnCheck KEV: CVE-2021-24876

The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.4AI score0.01165EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/26 12:0 a.m.2 views

VulnCheck KEV: CVE-2021-38003

Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...

8.8CVSS7.3AI score0.36238EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/26 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-26605

An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF launcher received and executed crafted input values through JSON-RPC communication...

9.8CVSS7.5AI score0.01049EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/22 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-42258

BQE BillQuick Web Suite contains an SQL injection vulnerability when accessing the username parameter that may allow for unauthenticated, remote code execution...

9.8CVSS7.8AI score0.73269EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/21 12:0 a.m.7 views

VulnCheck KEV: CVE-2021-36901

Unauthenticated Stored Cross-Site Scripting XSS vulnerability in Phil Baker's Age Gate plugin = 2.17.0 at WordPress...

6.1CVSS6.4AI score0.00763EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/19 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-24644

The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include function, which could lead to a Local File Inclusion issue...

7.5CVSS7.1AI score0.05028EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-1003029

Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox...

9.9CVSS7.4AI score0.73854EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/13 12:0 a.m.2 views

VulnCheck KEV: CVE-2019-1003030

Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution...

9.9CVSS7.7AI score0.75594EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/13 12:0 a.m.4 views

VulnCheck KEV: CVE-2012-0391

The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution...

9.8CVSS7.4AI score0.75071EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-40449

Unspecified vulnerability allows for an authenticated user to escalate privileges...

7.8CVSS7.3AI score0.73381EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/11 12:0 a.m.7 views

VulnCheck KEV: CVE-2021-30883

Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution...

9.3CVSS7.5AI score0.14721EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/11 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-1789

A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution...

8.8CVSS7.7AI score0.14542EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/11 12:0 a.m.8 views

VulnCheck KEV: CVE-2021-24647

The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or userna...

8.1CVSS7.1AI score0.08377EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/11 12:0 a.m.2 views

VulnCheck KEV: CVE-2021-30895

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, tvOS 15.1, watchOS 8.1, macOS Monterey 12.0.1. A malicious application may be able to access information about a user's contacts...

5.5CVSS6AI score0.00925EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/11 12:0 a.m.2 views

VulnCheck KEV: CVE-2021-30896

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, tvOS 15.1, watchOS 8.1, macOS Monterey 12.0.1. A malicious application may be able to read user's gameplay data...

5.5CVSS6AI score0.00884EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/11 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-8506

A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution...

9.3CVSS7.3AI score0.18108EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/11 12:0 a.m.7 views

VulnCheck KEV: CVE-2020-15568

TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with for example OS commands in the opt parameter...

10CVSS7.3AI score0.28495EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/07 12:0 a.m.11 views

VulnCheck KEV: CVE-2021-1472

Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details...

9.8CVSS7.5AI score0.72472EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/07 12:0 a.m.10 views

VulnCheck KEV: CVE-2021-1473

Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details...

9.8CVSS7.5AI score0.64161EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/07 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-21983

Arbitrary file write vulnerability in vRealize Operations Manager API CVE-2021-21983 prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system...

8.5CVSS7.1AI score0.68557EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/07 12:0 a.m.8 views

VulnCheck KEV: CVE-2021-28152

Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn...

9.8CVSS7.3AI score0.05185EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/07 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-28149

Hongdian H8922 3.0.5 devices allow Directory Traversal. The /logdownload.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ e.g., ../../etc/passwd This can be carried out with a web...

6.5CVSS7AI score0.13751EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-2135

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Coherence Container. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to...

9.8CVSS7.1AI score0.0837EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/09/30 12:0 a.m.2 views

VulnCheck KEV: CVE-2021-22204

Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image...

7.8CVSS7.6AI score0.99981EPSS
Exploits39References1
VulnCheck KEV
VulnCheck KEV
added 2021/09/29 12:0 a.m.2 views

VulnCheck KEV: CVE-2021-41773

Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default �require all denied� or if CGI scripts are enabled. The original patch issued under this CVE...

9.8CVSS7.9AI score0.99992EPSS
Exploits149References1
VulnCheck KEV
VulnCheck KEV
added 2021/09/24 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-22005

VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 to execute code...

9.8CVSS7.4AI score0.99999EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
added 2021/09/24 12:0 a.m.7 views

VulnCheck KEV: CVE-2021-37975

Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft...

8.8CVSS7.3AI score0.34887EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/09/23 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-1388

F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services...

9.8CVSS7.7AI score0.99956EPSS
Exploits63References1
VulnCheck KEV
VulnCheck KEV
added 2021/09/23 12:0 a.m.2 views

VulnCheck KEV: CVE-2021-30869

Apple iOS, iPadOS, and macOS contain a type confusion vulnerability in the XNU which may allow a malicious application to execute code with kernel privileges...

9.3CVSS7.5AI score0.0415EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/09/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-34648

The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the triggeremailaction function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the...

6.4CVSS5.8AI score0.00636EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2021/09/22 12:0 a.m.1 views

VulnCheck KEV: CVE-2020-9496

XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03...

6.1CVSS6.5AI score0.98926EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
added 2021/09/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-34647

The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulkexportsubmissions function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data...

6.5CVSS6.5AI score0.01122EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2021/09/21 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-37976

Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium,...

6.5CVSS7.1AI score0.19901EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/09/21 12:0 a.m.4 views

VulnCheck KEV: CVE-2009-3960

Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure...

6.5CVSS7.1AI score0.90012EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
added 2021/09/21 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-37973

Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and...

9.6CVSS7.3AI score0.11735EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/09/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2010-2861

A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files...

9.8CVSS7.6AI score0.99721EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
added 2021/09/20 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-20091

The web interfaces of Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution...

8.8CVSS7.5AI score0.08689EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/09/20 12:0 a.m.2 views

VulnCheck KEV: CVE-2014-3206

Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the authname parameter to localhost/backupmgmt/preconnectcheck.php...

10CVSS7.7AI score0.51658EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/09/20 12:0 a.m.10 views

VulnCheck KEV: CVE-2021-33544

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code...

7.2CVSS7.3AI score0.95547EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2021/09/17 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-38649

Microsoft Open Management Infrastructure OMI within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation...

7.8CVSS7.3AI score0.01896EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/09/17 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-38648

Microsoft Open Management Infrastructure OMI within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation...

7.8CVSS7.3AI score0.10933EPSS
Exploits4References1
Total number of security vulnerabilities4985