4985 matches found
VulnCheck KEV: CVE-2019-18988
TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt protected information stored in registry or configuration files or decryption of the Unattended...
VulnCheck KEV: CVE-2020-0646
Microsoft .NET Framework contains an improper input validation vulnerability that allows for remote code execution...
VulnCheck KEV: CVE-2020-10221
rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter...
VulnCheck KEV: CVE-2020-1147
Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source markup of XML file input. Successful exploitation allows an attacker to execute code in the context of the process responsible for...
VulnCheck KEV: CVE-2021-42359
WP DSGVO Tools GDPR = 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As such, it was possible for an attacker to...
VulnCheck KEV: CVE-2021-24755
The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user...
VulnCheck KEV: CVE-2020-0041
Android Kernel bindertransaction of binder.c contains an out-of-bounds write vulnerability due to an incorrect bounds check that could allow for local privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and CVE-2020-0069 under exploit chain "AbstractEmu."...
VulnCheck KEV: CVE-2020-0069
Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an out-of-bounds write leading to privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and...
VulnCheck KEV: CVE-2021-39341
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the loggedinorhasapikey function in the /OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on...
VulnCheck KEV: CVE-2021-24876
The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting...
VulnCheck KEV: CVE-2021-38003
Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...
VulnCheck KEV: CVE-2021-26605
An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF launcher received and executed crafted input values through JSON-RPC communication...
VulnCheck KEV: CVE-2021-42258
BQE BillQuick Web Suite contains an SQL injection vulnerability when accessing the username parameter that may allow for unauthenticated, remote code execution...
VulnCheck KEV: CVE-2021-36901
Unauthenticated Stored Cross-Site Scripting XSS vulnerability in Phil Baker's Age Gate plugin = 2.17.0 at WordPress...
VulnCheck KEV: CVE-2021-24644
The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include function, which could lead to a Local File Inclusion issue...
VulnCheck KEV: CVE-2019-1003029
Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox...
VulnCheck KEV: CVE-2019-1003030
Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution...
VulnCheck KEV: CVE-2012-0391
The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution...
VulnCheck KEV: CVE-2021-40449
Unspecified vulnerability allows for an authenticated user to escalate privileges...
VulnCheck KEV: CVE-2021-30883
Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution...
VulnCheck KEV: CVE-2021-1789
A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution...
VulnCheck KEV: CVE-2021-24647
The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or userna...
VulnCheck KEV: CVE-2021-30895
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, tvOS 15.1, watchOS 8.1, macOS Monterey 12.0.1. A malicious application may be able to access information about a user's contacts...
VulnCheck KEV: CVE-2021-30896
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, tvOS 15.1, watchOS 8.1, macOS Monterey 12.0.1. A malicious application may be able to read user's gameplay data...
VulnCheck KEV: CVE-2019-8506
A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution...
VulnCheck KEV: CVE-2020-15568
TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with for example OS commands in the opt parameter...
VulnCheck KEV: CVE-2021-1472
Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details...
VulnCheck KEV: CVE-2021-1473
Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details...
VulnCheck KEV: CVE-2021-21983
Arbitrary file write vulnerability in vRealize Operations Manager API CVE-2021-21983 prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system...
VulnCheck KEV: CVE-2021-28152
Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn...
VulnCheck KEV: CVE-2021-28149
Hongdian H8922 3.0.5 devices allow Directory Traversal. The /logdownload.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ e.g., ../../etc/passwd This can be carried out with a web...
VulnCheck KEV: CVE-2021-2135
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Coherence Container. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to...
VulnCheck KEV: CVE-2021-22204
Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image...
VulnCheck KEV: CVE-2021-41773
Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default �require all denied� or if CGI scripts are enabled. The original patch issued under this CVE...
VulnCheck KEV: CVE-2021-22005
VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 to execute code...
VulnCheck KEV: CVE-2021-37975
Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft...
VulnCheck KEV: CVE-2022-1388
F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services...
VulnCheck KEV: CVE-2021-30869
Apple iOS, iPadOS, and macOS contain a type confusion vulnerability in the XNU which may allow a malicious application to execute code with kernel privileges...
VulnCheck KEV: CVE-2021-34648
The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the triggeremailaction function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the...
VulnCheck KEV: CVE-2020-9496
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03...
VulnCheck KEV: CVE-2021-34647
The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulkexportsubmissions function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data...
VulnCheck KEV: CVE-2021-37976
Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium,...
VulnCheck KEV: CVE-2009-3960
Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure...
VulnCheck KEV: CVE-2021-37973
Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and...
VulnCheck KEV: CVE-2010-2861
A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files...
VulnCheck KEV: CVE-2021-20091
The web interfaces of Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution...
VulnCheck KEV: CVE-2014-3206
Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the authname parameter to localhost/backupmgmt/preconnectcheck.php...
VulnCheck KEV: CVE-2021-33544
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code...
VulnCheck KEV: CVE-2021-38649
Microsoft Open Management Infrastructure OMI within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation...
VulnCheck KEV: CVE-2021-38648
Microsoft Open Management Infrastructure OMI within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation...