Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2014-3704

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys...

7.5CVSS7AI score0.99974EPSS
Exploits20References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2013-7389

Multiple cross-site scripting XSS vulnerabilities in D-Link DIR-645 Router Rev. A1 with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the 1 deviceid parameter to parentalcontrols/bind.php, 2 RESULT parameter to info.php, or 3 receiver...

4.3CVSS5.8AI score0.27753EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-11738

WordPress Snap Creek Duplicator plugin contains a file download vulnerability when an administrator creates a new copy of their site that allows an attacker to download the generated files from their Wordpress dashboard. This vulnerability affects Duplicator and Dulplicator Pro...

7.5CVSS7AI score0.97822EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2015-1635

Microsoft HTTP protocol stack HTTP.sys contains a vulnerability that allows for remote code execution...

10CVSS7.5AI score0.99999EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-12800

The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supportedtype to php% and uploading a .php% file...

9.8CVSS7.8AI score0.78751EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-7314

SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429...

9.8CVSS7.4AI score0.58373EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.5 views

VulnCheck KEV: CVE-2019-9879

The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation...

9.8CVSS7.3AI score0.46614EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.6 views

VulnCheck KEV: CVE-2019-9880

An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username...

9.1CVSS7.3AI score0.34761EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-27615

The Loginizer plugin before 1.6.4 for WordPress allows SQL injection with resultant XSS, related to loginizerloginfailed and lzvalidip...

9.8CVSS7.4AI score0.53619EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-0192

In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side...

9.8CVSS8.1AI score0.77508EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-19597

D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAPAUTH HTTP header...

8.8CVSS7.9AI score0.20799EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-17530

Forced Object-Graph Navigation Language OGNL evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution...

9.8CVSS7.2AI score0.95922EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.2 views

VulnCheck KEV: CVE-2018-19986

In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in the $pathinfwan1."/web" internal...

10CVSS7.3AI score0.41606EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2017-11610

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups...

9CVSS7.6AI score0.87544EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/08 12:0 a.m.1 views

VulnCheck KEV: CVE-2016-9563

SAP NetWeaver Application Server Java Platforms contains an unspecified vulnerability in BC-BMT-BPM-DSK which allows remote, authenticated users to conduct XML External Entity XXE attacks...

6.5CVSS6.9AI score0.23805EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-6287

SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execute configuration tasks and create administrative users...

10CVSS7.5AI score0.94719EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-6207

SAP Solution Manager User Experience Monitoring contains a missing authentication for critical function vulnerability which results in complete compromise of all SMDAgents connected to the Solution Manager...

10CVSS7.4AI score0.98376EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2016-3976

SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ dot dot backslash in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files...

7.5CVSS7.3AI score0.46605EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/08 12:0 a.m.6 views

VulnCheck KEV: CVE-2018-2380

SAP Customer Relationship Management CRM contains a path traversal vulnerability that allows an attacker to exploit insufficient validation of path information provided by users...

6.6CVSS7AI score0.28892EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-21206

Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge,...

8.8CVSS7.3AI score0.09401EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/02 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-12812

Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication FortiToken if they change the case in their username...

9.8CVSS7.4AI score0.49344EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/02 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-24240

The Business Hours Pro WordPress plugin through 5.5.0 allows a remote attacker to upload arbitrary files using its manual update functionality, leading to an unauthenticated remote code execution vulnerability...

9.8CVSS7.9AI score0.03037EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/02 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-5591

Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Directory Access Protocol LDAP server...

6.5CVSS7.1AI score0.18566EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/26 12:0 a.m.7 views

VulnCheck KEV: CVE-2021-1879

Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting XSS when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple...

6.1CVSS6.8AI score0.07082EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/24 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-24219

The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin...

5.3CVSS6AI score0.02076EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/24 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-24220

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared...

9.1CVSS7.3AI score0.03946EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-24212

The WooCommerce Help Scout WordPress plugin before 2.9.1 https://woocommerce.com/products/woocommerce-help-scout/ allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp...

9.8CVSS7.1AI score0.07908EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/18 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-3129

Laravel Ignition contains a file upload vulnerability that allows unauthenticated remote attackers to execute malicious code due to insecure usage of filegetcontents and fileputcontents...

9.8CVSS7.3AI score0.99943EPSS
Exploits36References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/17 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-24204

In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget includes/widgets/accordion.php accepts a ‘titlehtmltag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send...

5.4CVSS6AI score0.00746EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/17 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-24206

In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget includes/widgets/image-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a...

5.4CVSS6AI score0.00746EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/17 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-24202

In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget includes/widgets/heading.php accepts a ‘headersize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a...

5.4CVSS6AI score0.00746EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/16 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-4367

The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the floimportformsoptions AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with...

6.4CVSS6AI score0.0067EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-27561

Yealink Device Management contains a server-side request forgery SSRF vulnerability that allows for unauthenticated remote code execution...

10CVSS7.7AI score0.82516EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-25506

D-Link DNS-320 device contains a command injection vulnerability in the sytemmgr.cgi component that may allow for remote code execution...

9.8CVSS7.3AI score0.99968EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-24182

The tutorquizbuildergetanswersbyquestion AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students...

6.5CVSS6.7AI score0.01742EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/15 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-24186

The tutoransweringquizquestion/getanswerbyid function pair from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students...

6.5CVSS6.7AI score0.01253EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-22502

Micro Focus Operation Bridge Report OBR contains an unspecified vulnerability that allows for remote code execution...

10CVSS7.7AI score0.9674EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-26919

Netgear JGS516PE devices contain a missing function level access control vulnerability...

9.8CVSS7.4AI score0.57195EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/15 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-27562

Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-secure NS world to trigger a system halt, overwrite secure data, or print out secure data when calling secure functions under the non-secure processing environment NSPE handler mode. This vulnerability affects...

5.5CVSS6.9AI score0.03093EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/12 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-27085

Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution...

8.8CVSS7.5AI score0.03708EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/12 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-27059

Microsoft Office contains an unspecified vulnerability that allows for remote code execution...

8.5CVSS7.4AI score0.03182EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/09 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-21193

Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge,...

8.8CVSS7.3AI score0.0987EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/09 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-26411

Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption...

8.8CVSS7.3AI score0.81103EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-24175

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user including admin by just providing the related username, as well as create accounts with...

9.8CVSS7.3AI score0.14462EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/05 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-2506

QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information...

9.8CVSS7.4AI score0.01982EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/05 12:0 a.m.10 views

VulnCheck KEV: CVE-2020-2507

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3...

9.8CVSS7.6AI score0.03042EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-9020

Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field...

10CVSS7.3AI score0.02535EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/02 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-26855

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain...

9.8CVSS7.6AI score0.99999EPSS
Exploits63References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/02 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-26857

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain...

7.8CVSS7.6AI score0.94008EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/02 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-27065

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain...

7.8CVSS7.6AI score0.99946EPSS
Exploits30References1
Total number of security vulnerabilities4985