Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2021/06/28 12:0 a.m.•2 views

VulnCheck KEV: CVE-2020-15251

In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2...

7.7CVSS6.8AI score0.01142EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/28 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-34622

A vulnerability in the user profile update component found in the /src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. This issue affects versions 3.0.0 - 3.1.3...

9.8CVSS7.2AI score0.0412EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/24 12:0 a.m.•7 views

VulnCheck KEV: CVE-2009-4490

minihttpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

5CVSS7.6AI score0.1027EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/24 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-1498

Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user...

9.8CVSS7.5AI score0.99999EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/24 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-35526

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml...

9.8CVSS7.3AI score0.02302EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/24 12:0 a.m.•11 views

VulnCheck KEV: CVE-2021-31755

Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request...

10CVSS7.8AI score0.85849EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/17 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-1000253

Linux kernel contains a position-independent executable PIE stack buffer corruption vulnerability in loadelf binary that allows a local attacker to escalate privileges...

7.8CVSS7AI score0.10695EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/15 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-30554

Google Chromium WebGL contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge,...

8.8CVSS7.3AI score0.07367EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-30762

Apple iOS WebKit contains a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML...

8.8CVSS7.3AI score0.10986EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-30761

Apple iOS WebKit contains a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML...

8.8CVSS7.3AI score0.10591EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/14 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-30737

A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, iOS 12.5.4, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously...

8.8CVSS7AI score0.01499EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/08 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-20028

SonicWall Secure Remote Access SRA products contain an improper neutralization of a SQL Command leading to SQL injection...

9.8CVSS6.8AI score0.30084EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/08 12:0 a.m.•2 views

VulnCheck KEV: CVE-2021-31201

Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS6.9AI score0.02617EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/08 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-21224

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge,...

8.8CVSS7.6AI score0.57736EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/08 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-33739

Microsoft Desktop Window Manager DWM Core Library contains an unspecified vulnerability that allows for privilege escalation...

8.4CVSS7.3AI score0.06555EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/08 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-21220

Google Chromium V8 Engine contains an improper input validation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...

8.8CVSS7.5AI score0.70435EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/08 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-31199

Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS6.9AI score0.02954EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/04 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-21985

VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution...

10CVSS7.7AI score0.99999EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-25494

Xinuos formerly SCO Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook...

9.8CVSS7.5AI score0.39193EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/03 12:0 a.m.•2 views

VulnCheck KEV: CVE-2021-33742

Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution...

8.8CVSS7.6AI score0.59139EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/03 12:0 a.m.•7 views

VulnCheck KEV: CVE-2021-46850

myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the vsftplicense parameter when sending HTTP POST requests to the /edit/server endpoint...

7.2CVSS7.4AI score0.05241EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-12725

Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters...

10CVSS7.5AI score0.89849EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/03 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-30551

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft...

8.8CVSS7.3AI score0.64701EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/02 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-1001000

The registerroutes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a...

7.5CVSS7.3AI score0.81848EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/01 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-25298

Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server...

9CVSS7.3AI score0.75196EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-22986

F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access to execute system commands, create or delete files, and disable services...

10CVSS8AI score0.99898EPSS
Exploits20References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/01 12:0 a.m.•10 views

VulnCheck KEV: CVE-2021-22991

The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls...

9.8CVSS7.6AI score0.61064EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-21224

A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server...

10CVSS7.3AI score0.38745EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-29003

Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sysconfigvalid.xgi, as demonstrated by the sysconfigvalid.xgi?exeshell=%60telnetd%20%26%60 URI...

9.8CVSS7.7AI score0.45417EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/01 12:0 a.m.•7 views

VulnCheck KEV: CVE-2020-25078

D-Link DCS-2530L and DCS-2670L devices contains an unspecified vulnerability that could allow for remote administrator password disclosure. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...

7.5CVSS7.3AI score0.97901EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/01 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-29557

D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution...

10CVSS7.9AI score0.5432EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-21975

Server Side Request Forgery SSRF in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials...

7.5CVSS7.3AI score0.7829EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-21315

In this vulnerability, an attacker can send a malicious payload that will exploit the name parameter. After successful exploitation, attackers can execute remote...

7.8CVSS7.2AI score0.9024EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-24581

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55. It contains an executecmd.cgi feature that is not reachable via the web user interface that lets an authenticated user execute Operating System commands...

8CVSS7.3AI score0.12649EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/01 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-25297

Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server...

9CVSS7.3AI score0.58742EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-5776

Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE via phpcli command is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI...

8.8CVSS7.3AI score0.14725EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/01 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-25296

Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server...

9CVSS7.3AI score0.71536EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/01 12:0 a.m.•7 views

VulnCheck KEV: CVE-2020-29279

PHP remote file inclusion in the assignresumetpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution...

9.8CVSS7.5AI score0.52881EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-24370

The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution...

9.8CVSS7.6AI score0.47091EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2021/05/24 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-30713

Apple macOS Transparency, Consent, and Control TCC contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences...

7.8CVSS7.1AI score0.0658EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/05/20 12:0 a.m.•7 views

VulnCheck KEV: CVE-2019-0752

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer...

7.6CVSS7.4AI score0.81551EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2021/05/11 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-28550

Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user...

9.6CVSS7.7AI score0.52005EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/05/07 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-7609

Kibana contain an arbitrary code execution flaw in the Timelion visualizer...

10CVSS7.6AI score0.95338EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
•added 2021/05/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-28663

Arm Mali Graphics Processing Unit GPU kernel driver contains a use-after-free vulnerability that may allow a non-privileged user to make improper operations on GPU memory to gain root privilege, and/or disclose information...

9CVSS7.3AI score0.12084EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2021/05/03 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-24295

It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The updatelog function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be...

7.5CVSS7.2AI score0.04691EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/05/03 12:0 a.m.•1 views

VulnCheck KEV: CVE-2021-28664

Arm Mali Graphics Processing Unit GPU kernel driver contains an unspecified vulnerability that may allow a non-privileged user to gain write access to read-only memory, gain root privilege, corrupt memory, and modify the memory of other processes...

9CVSS7.3AI score0.05464EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/05/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-30666

Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML...

8.8CVSS7.3AI score0.03031EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/05/03 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-30665

Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products...

8.8CVSS7.5AI score0.03692EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/05/03 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-30663

Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain an integer overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple...

8.8CVSS7.5AI score0.0369EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/04/29 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-10148

SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands...

9.8CVSS7.5AI score0.9198EPSS
Exploits3References1
Total number of security vulnerabilities4985