Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2021/09/17 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-38645

Microsoft Open Management Infrastructure OMI within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.3AI score0.01792EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/09/16 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-24949

Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user not admin to send a crafted request to the server and perform remote command execution RCE...

9CVSS7.5AI score0.67289EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2021/09/16 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-38647

Microsoft Open Management Infrastructure OMI within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution...

9.8CVSS7.2AI score0.99723EPSS
Exploits19References1
VulnCheck KEV
VulnCheck KEV
•added 2021/09/16 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-40539

Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution...

9.8CVSS7.7AI score0.9896EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2021/09/15 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-38000

Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...

6.1CVSS7.1AI score0.04485EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/09/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-30858

Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on...

8.8CVSS7.3AI score0.13486EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/09/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-31010

In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions...

7.5CVSS7.2AI score0.03673EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/09/11 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-8813

graphrealtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege...

9.3CVSS7.1AI score0.73779EPSS
Exploits24References1
VulnCheck KEV
VulnCheck KEV
•added 2021/09/08 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-30632

Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...

8.8CVSS7.3AI score0.64546EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2021/09/08 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-30633

Google Chromium Indexed DB API contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium,...

9.6CVSS7.3AI score0.32657EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/09/08 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-26084

Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language OGNL injection vulnerability that may allow an unauthenticated attacker to execute code...

9.8CVSS7.2AI score0.99999EPSS
Exploits45References1
VulnCheck KEV
VulnCheck KEV
•added 2021/09/07 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-30860

Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known under the moniker of FORCEDENTRY...

7.8CVSS7.3AI score0.75994EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2021/09/07 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-40444

Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution...

8.8CVSS7.2AI score0.96843EPSS
Exploits38References1
VulnCheck KEV
VulnCheck KEV
•added 2021/09/06 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-4374

The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the processform.php file. This makes it possible for unauthenticated attackers to arbitrarily update the...

9.8CVSS7.4AI score0.16408EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2021/09/06 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-24654

The User Registration WordPress plugin before 2.0.2 does not properly sanitise the userregistrationprofilepicurl value when submitted directly via the userregistrationupdateprofiledetails AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored...

5.4CVSS6AI score0.006EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2021/09/06 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-4380

The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wppinterestautomaticparserequest' function and the 'processform.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated...

9.8CVSS7.3AI score0.04528EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/09/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-2471

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to...

10CVSS7AI score0.14749EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/30 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-32305

WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter...

10CVSS7.6AI score0.86716EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/30 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-31207

Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass...

6.6CVSS7.2AI score0.99782EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/30 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-34523

Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation...

9.8CVSS7.3AI score0.99987EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/30 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-34473

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution...

10CVSS7.6AI score0.99999EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/29 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-38154

Certain Canon devices manufactured in 2012 through 2020 such as imageRUNNER ADVANCE iR-ADV C5250, when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker...

7.5CVSS7.1AI score0.04EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/27 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-35394

RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution...

10CVSS7.7AI score0.99861EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/24 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-36942

Microsoft Windows Local Security Authority LSA contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM...

7.5CVSS7AI score0.66023EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/24 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-35395

Realtek AP-Router SDK HTTP web server boa contains a buffer overflow vulnerability due to unsafe copies of some overly long parameters submitted in the form that lead to denial-of-service DoS...

10CVSS7.7AI score0.981EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/20 12:0 a.m.•10 views

VulnCheck KEV: CVE-2021-22899

Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles...

8.8CVSS8AI score0.22343EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/20 12:0 a.m.•8 views

VulnCheck KEV: CVE-2021-22894

Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting room...

9CVSS7.9AI score0.41284EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/20 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-22900

Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface...

7.2CVSS7.3AI score0.14146EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/19 12:0 a.m.•9 views

VulnCheck KEV: CVE-2014-2321

webshellcmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials...

10CVSS7.2AI score0.59259EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/19 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-1108

An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Client Information Disclosure Vulnerability'...

6.5CVSS6.9AI score0.10713EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/19 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-1225

An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to...

7.5CVSS7.2AI score0.09503EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/19 12:0 a.m.•2 views

VulnCheck KEV: CVE-2015-1328

The overlayfs implementation in the linux aka Linux kernel package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs...

7.8CVSS7.1AI score0.37679EPSS
Exploits22References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-1224

An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to...

7.5CVSS7.2AI score0.07603EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/19 12:0 a.m.•8 views

VulnCheck KEV: CVE-2020-16896

An information disclosure vulnerability exists in Remote Desktop Protocol RDP when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s...

7.5CVSS7.1AI score0.097EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-28324

Windows SMB Information Disclosure Vulnerability...

7.5CVSS7.1AI score0.06223EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•3 views

VulnCheck KEV: CVE-2011-1823

The vold volume manager daemon in Android kernel trusts messages from a PFNETLINK socket, which allows an attacker to execute code and gain root privileges. This vulnerability is associated with GingerBreak and Exploit.AndroidOS.Lotoor...

7.8CVSS5.9AI score0.41634EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•11 views

VulnCheck KEV: CVE-2016-0193

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0186 and CVE-2016-0191...

7.6CVSS7.5AI score0.28261EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-28442

Windows TCP/IP Information Disclosure Vulnerability...

6.5CVSS6.6AI score0.06492EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•3 views

VulnCheck KEV: CVE-2016-5165

Cross-site scripting XSS vulnerability in the Developer Tools aka DevTools subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a...

6.1CVSS7AI score0.01246EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•3 views

VulnCheck KEV: CVE-2016-7203

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200,...

8.8CVSS7.6AI score0.8249EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•3 views

VulnCheck KEV: CVE-2016-3377

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3350...

7.6CVSS7.5AI score0.16166EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•2 views

VulnCheck KEV: CVE-2020-29047

The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpresshotelbooking1 cookie in load in includes/class-wphb-sessions.php...

9.8CVSS7.7AI score0.14269EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-5689

Intel products contain a vulnerability which can allow attackers to perform privilege escalation...

10CVSS6.9AI score0.92189EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•6 views

VulnCheck KEV: CVE-2017-0015

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user...

7.6CVSS7.9AI score0.26374EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•5 views

VulnCheck KEV: CVE-2018-8267

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from...

7.6CVSS7.8AI score0.1523EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•3 views

VulnCheck KEV: CVE-2016-3199

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3214...

9.3CVSS7.7AI score0.2659EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•2 views

VulnCheck KEV: CVE-2021-28482

Microsoft Exchange Server Remote Code Execution Vulnerability...

9CVSS7.4AI score0.83337EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•4 views

VulnCheck KEV: CVE-2014-0640

EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors...

4CVSS5.8AI score0.01174EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•12 views

VulnCheck KEV: CVE-2016-3222

Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."...

9.3CVSS7.7AI score0.56767EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-0953

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951,...

7.6CVSS7.7AI score0.66913EPSS
Exploits3References1
Total number of security vulnerabilities4985