4985 matches found
VulnCheck KEV: CVE-2020-15251
In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2...
VulnCheck KEV: CVE-2021-34622
A vulnerability in the user profile update component found in the /src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. This issue affects versions 3.0.0 - 3.1.3...
VulnCheck KEV: CVE-2009-4490
minihttpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...
VulnCheck KEV: CVE-2021-1498
Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user...
VulnCheck KEV: CVE-2022-35526
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml...
VulnCheck KEV: CVE-2021-31755
Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request...
VulnCheck KEV: CVE-2017-1000253
Linux kernel contains a position-independent executable PIE stack buffer corruption vulnerability in loadelf binary that allows a local attacker to escalate privileges...
VulnCheck KEV: CVE-2021-30554
Google Chromium WebGL contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge,...
VulnCheck KEV: CVE-2021-30762
Apple iOS WebKit contains a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML...
VulnCheck KEV: CVE-2021-30761
Apple iOS WebKit contains a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML...
VulnCheck KEV: CVE-2021-30737
A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, iOS 12.5.4, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously...
VulnCheck KEV: CVE-2021-20028
SonicWall Secure Remote Access SRA products contain an improper neutralization of a SQL Command leading to SQL injection...
VulnCheck KEV: CVE-2021-31201
Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation...
VulnCheck KEV: CVE-2021-21224
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge,...
VulnCheck KEV: CVE-2021-33739
Microsoft Desktop Window Manager DWM Core Library contains an unspecified vulnerability that allows for privilege escalation...
VulnCheck KEV: CVE-2021-21220
Google Chromium V8 Engine contains an improper input validation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...
VulnCheck KEV: CVE-2021-31199
Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation...
VulnCheck KEV: CVE-2021-21985
VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution...
VulnCheck KEV: CVE-2020-25494
Xinuos formerly SCO Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook...
VulnCheck KEV: CVE-2021-33742
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution...
VulnCheck KEV: CVE-2021-46850
myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the vsftplicense parameter when sending HTTP POST requests to the /edit/server endpoint...
VulnCheck KEV: CVE-2019-12725
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters...
VulnCheck KEV: CVE-2021-30551
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft...
VulnCheck KEV: CVE-2017-1001000
The registerroutes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a...
VulnCheck KEV: CVE-2021-25298
Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server...
VulnCheck KEV: CVE-2021-22986
F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access to execute system commands, create or delete files, and disable services...
VulnCheck KEV: CVE-2021-22991
The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls...
VulnCheck KEV: CVE-2020-21224
A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server...
VulnCheck KEV: CVE-2021-29003
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sysconfigvalid.xgi, as demonstrated by the sysconfigvalid.xgi?exeshell=%60telnetd%20%26%60 URI...
VulnCheck KEV: CVE-2020-25078
D-Link DCS-2530L and DCS-2670L devices contains an unspecified vulnerability that could allow for remote administrator password disclosure. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...
VulnCheck KEV: CVE-2020-29557
D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution...
VulnCheck KEV: CVE-2021-21975
Server Side Request Forgery SSRF in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials...
VulnCheck KEV: CVE-2021-21315
In this vulnerability, an attacker can send a malicious payload that will exploit the name parameter. After successful exploitation, attackers can execute remote...
VulnCheck KEV: CVE-2020-24581
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55. It contains an executecmd.cgi feature that is not reachable via the web user interface that lets an authenticated user execute Operating System commands...
VulnCheck KEV: CVE-2021-25297
Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server...
VulnCheck KEV: CVE-2020-5776
Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE via phpcli command is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI...
VulnCheck KEV: CVE-2021-25296
Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server...
VulnCheck KEV: CVE-2020-29279
PHP remote file inclusion in the assignresumetpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution...
VulnCheck KEV: CVE-2021-24370
The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution...
VulnCheck KEV: CVE-2021-30713
Apple macOS Transparency, Consent, and Control TCC contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences...
VulnCheck KEV: CVE-2019-0752
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer...
VulnCheck KEV: CVE-2021-28550
Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user...
VulnCheck KEV: CVE-2019-7609
Kibana contain an arbitrary code execution flaw in the Timelion visualizer...
VulnCheck KEV: CVE-2021-28663
Arm Mali Graphics Processing Unit GPU kernel driver contains a use-after-free vulnerability that may allow a non-privileged user to make improper operations on GPU memory to gain root privilege, and/or disclose information...
VulnCheck KEV: CVE-2021-24295
It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The updatelog function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be...
VulnCheck KEV: CVE-2021-28664
Arm Mali Graphics Processing Unit GPU kernel driver contains an unspecified vulnerability that may allow a non-privileged user to gain write access to read-only memory, gain root privilege, corrupt memory, and modify the memory of other processes...
VulnCheck KEV: CVE-2021-30666
Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML...
VulnCheck KEV: CVE-2021-30665
Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products...
VulnCheck KEV: CVE-2021-30663
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain an integer overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple...
VulnCheck KEV: CVE-2020-10148
SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands...