Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2021/04/29 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-28799

QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device...

10CVSS7.5AI score0.78395EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/29 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-20016

SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker...

9.8CVSS7.6AI score0.40038EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/26 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-30661

Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit Storage contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and...

8.8CVSS7.3AI score0.04528EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/26 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-30657

Apple macOS contains an unspecified logic issue in System Preferences that may allow a malicious application to bypass Gatekeeper checks...

5.5CVSS6.6AI score0.68531EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/24 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-16846

SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users running the Salt API...

9.8CVSS7.2AI score0.99585EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-24557

Trend Micro Apex One, OfficeScan, and Worry-Free Business Security on Microsoft Windows contain an improper access control vulnerability that may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function, and attain...

7.8CVSS7.1AI score0.02639EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-22893

Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services...

10CVSS7.6AI score0.47172EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/20 12:0 a.m.2 views

VulnCheck KEV: CVE-2021-20021

SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with...

9.8CVSS7.4AI score0.83425EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-8260

Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction...

7.2CVSS7.4AI score0.9648EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/20 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-8243

Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution...

7.2CVSS7.4AI score0.90759EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-20022

SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and...

9.8CVSS7.1AI score0.83425EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/20 12:0 a.m.2 views

VulnCheck KEV: CVE-2021-20023

SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve privilege escalation...

9.8CVSS6.9AI score0.83425EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/16 12:0 a.m.5 views

VulnCheck KEV: CVE-2019-1069

A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations...

7.8CVSS7.1AI score0.06117EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/14 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-31956

Microsoft Windows New Technology File System NTFS contains an unspecified vulnerability that allows attackers to escalate privileges via a specially crafted application...

9.3CVSS7.3AI score0.20268EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/14 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-31955

Microsoft Windows Kernel contains an unspecified vulnerability that allows for information disclosure. Successful exploitation allows attackers to read the contents of kernel memory from a user-mode process...

5.5CVSS7AI score0.81107EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-27104

Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints...

10CVSS7.5AI score0.56686EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/13 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-28310

Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.3AI score0.0833EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-27102

Accellion FTA contains an OS command injection vulnerability exploited via a local web service call...

7.8CVSS7.3AI score0.03654EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/13 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-14558

Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker to execute OS commands via a crafted goform/setUsbUnload request...

10CVSS7.5AI score0.08672EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/13 12:0 a.m.2 views

VulnCheck KEV: CVE-2021-27101

Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to documentroot.html...

9.8CVSS7.5AI score0.05998EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/13 12:0 a.m.7 views

VulnCheck KEV: CVE-2021-27103

Accellion FTA contains a server-side request forgery SSRF vulnerability exploited via a crafted POST request to wmProgressstat.html...

9.8CVSS7.5AI score0.11406EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.2 views

VulnCheck KEV: CVE-2017-12542

A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 iLO 4 version prior to 2.53 was found...

10CVSS7.5AI score0.99335EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2014-2617

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2104...

10CVSS6.2AI score0.12235EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-9205

Vulnerability in avataruploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path...

7.5CVSS7.1AI score0.56924EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-5766

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields...

7.5CVSS7.2AI score0.06052EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-6605

SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request...

9.8CVSS7.4AI score0.58324EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.6 views

VulnCheck KEV: CVE-2020-17519

Apache Flink contains an improper access control vulnerability that allows an attacker to read any file on the local filesystem of the JobManager through its REST interface...

9.1CVSS7.3AI score0.97856EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-9881

The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled...

5.3CVSS6.4AI score0.18832EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.2 views

VulnCheck KEV: CVE-2019-17554

The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attacks...

5.5CVSS6AI score0.12245EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.7 views

VulnCheck KEV: CVE-2014-8244

Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows...

7.5CVSS5.8AI score0.03976EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-12720

vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control...

9.8CVSS7.4AI score0.88948EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.6 views

VulnCheck KEV: CVE-2020-11975

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process...

10CVSS7.4AI score0.29885EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-13671

Improper sanitization in the extension file names is present in Drupal core...

8.8CVSS7.3AI score0.04269EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-8942

WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted...

8.8CVSS8AI score0.82736EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.6 views

VulnCheck KEV: CVE-2017-5215

The Codextrous B2J Contact aka b2jcontact extension before 2.1.13 for Joomla! allows a rename attack that bypasses a "safe file extension" protection mechanism, leading to remote code execution...

9.8CVSS7.5AI score0.03571EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2013-1599

A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04US, DCS-2102/2121 1.05RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410...

10CVSS7.3AI score0.40353EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.2 views

VulnCheck KEV: CVE-2019-13372

/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication...

9.8CVSS7.6AI score0.80682EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-29227

An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution...

9.8CVSS7.5AI score0.16822EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2017-17411

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user...

10CVSS7.7AI score0.87929EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-11732

The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mlagallery link=download...

7.5CVSS7.1AI score0.04917EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.6 views

VulnCheck KEV: CVE-2018-7482

The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1../configuration.php&download=1 request. The specific pathname ../configuration.php...

7.5CVSS7.2AI score0.02353EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.6 views

VulnCheck KEV: CVE-2019-0232

When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by...

9.3CVSS7.4AI score0.99652EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-0606

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'...

7.6CVSS7.7AI score0.11107EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.6 views

VulnCheck KEV: CVE-2018-7422

A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajaxpath parameter to editor/extensions/pagebuilder/includes/ajaxshortcodepattern.php, aka absolute path traversal...

7.5CVSS7.3AI score0.63102EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.5 views

VulnCheck KEV: CVE-2015-7808

The vBApiHook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments...

7.5CVSS7.6AI score0.80635EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-1957

Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

9.8CVSS7.3AI score0.24163EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-23972

In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double...

7.5CVSS7.1AI score0.31444EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-14205

A Local File Inclusion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to retrieve arbitrary files via the $REQUEST'adaptive-images-settings''sourcefile' parameter in adaptive-images-script.php...

7.5CVSS7.3AI score0.63375EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.1 views

VulnCheck KEV: CVE-2020-13942

It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In Apache Unomi version 1.5.2 scripts are now completely filtered from the input. It is highly recommended to upgrade to the...

9.8CVSS7.2AI score0.68398EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.5 views

VulnCheck KEV: CVE-2018-9118

exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename parameter...

7.5CVSS7.1AI score0.48158EPSS
Exploits4References1
Total number of security vulnerabilities4985