Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2021/03/02 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-26858

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain...

7.8CVSS7.6AI score0.89509EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2021/02/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-0787

Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrary code with system-level privileges...

7.8CVSS7.6AI score0.42524EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2021/02/25 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-21973

VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure...

5.3CVSS7AI score0.88012EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
added 2021/02/25 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-21972

VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system...

10CVSS8.1AI score0.9957EPSS
Exploits47References1
VulnCheck KEV
VulnCheck KEV
added 2021/02/22 12:0 a.m.5 views

VulnCheck KEV: CVE-2013-3128

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5, allow remote attackers to execute...

9.3CVSS5.8AI score0.50374EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/02/16 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-13374

Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server...

4.3CVSS7.4AI score0.38088EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2021/02/11 12:0 a.m.2 views

VulnCheck KEV: CVE-2013-3896

Microsoft Silverlight does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application...

5.5CVSS7.3AI score0.6961EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2021/02/11 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-21166

Google Chromium contains a race condition vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Oper...

8.8CVSS7.3AI score0.26525EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/02/11 12:0 a.m.1 views

VulnCheck KEV: CVE-2015-1671

A remote code execution vulnerability exists when components of Windows, .NET Framework, Office, Lync, and Silverlight fail to properly handle TrueType fonts...

9.3CVSS6.4AI score0.54628EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/02/11 12:0 a.m.3 views

VulnCheck KEV: CVE-2012-1710

Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Designer...

9.8CVSS5.8AI score0.11636EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2021/02/11 12:0 a.m.3 views

VulnCheck KEV: CVE-2008-3431

An input validation vulnerability exists in the VBoxDrv.sys driver of Sun xVM VirtualBox which allows attackers to locally execute arbitrary code...

8.8CVSS7AI score0.06932EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
added 2021/02/09 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-21017

Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user...

8.8CVSS8AI score0.8621EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2021/02/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-3122

CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021...

10CVSS7.6AI score0.87383EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/28 12:0 a.m.4 views

VulnCheck KEV: CVE-2017-16238

Tgsoft Vir.itexplorer arbitrary write kernel vulnerability via 0x82730080 ioctls...

7.2AI score
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/27 12:0 a.m.2 views

VulnCheck KEV: CVE-2016-4119

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified...

10CVSS7.6AI score0.03958EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/26 12:0 a.m.5 views

VulnCheck KEV: CVE-2015-1000013

Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1...

7.8CVSS7.1AI score0.02043EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/26 12:0 a.m.9 views

VulnCheck KEV: CVE-2020-8269

An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9...

9CVSS7.6AI score0.0257EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/26 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-1871

Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing...

9.8CVSS7.1AI score0.0712EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/26 12:0 a.m.5 views

VulnCheck KEV: CVE-2019-13608

Citrix StoreFront Server contains an XML External Entity XXE processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information...

7.5CVSS7.1AI score0.3026EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/26 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-8283

An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9...

9CVSS7.6AI score0.0257EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/26 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-8270

An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342...

9CVSS7.5AI score0.03336EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/26 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-1870

Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing...

9.8CVSS7.4AI score0.07921EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/26 12:0 a.m.5 views

VulnCheck KEV: CVE-2019-11634

Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives...

9.8CVSS7.8AI score0.08091EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/26 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-1782

Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges...

7CVSS7.3AI score0.02222EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/24 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-21148

Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...

8.8CVSS7.5AI score0.19815EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/22 12:0 a.m.6 views

VulnCheck KEV: CVE-2019-9193

In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pgexecuteserverprogram' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary...

9CVSS7.4AI score0.91877EPSS
Exploits17References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-8637

An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization KASLR bypass, aka "Win32k Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10,...

5.5CVSS6.4AI score0.01849EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/21 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-8627

An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Office 365 ProPlus,...

5.5CVSS6.7AI score0.08662EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/21 12:0 a.m.6 views

VulnCheck KEV: CVE-2018-8580

An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks a variant of cross-site request forgery, CSRF, aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects...

4.3CVSS6.6AI score0.043EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/21 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-8598

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8627...

5.5CVSS6.3AI score0.08662EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2018-8638

An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 10, Windows Server 2019...

5.5CVSS6.4AI score0.01819EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/21 12:0 a.m.2 views

VulnCheck KEV: CVE-2017-1182

IBM Tivoli Monitoring Portal v6 could allow a local network adjacent attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493...

7.5CVSS7.4AI score0.08544EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2017-9822

DotNetNuke DNN contains a vulnerability that may allow for remote code execution via cookie deserialization...

8.8CVSS7.8AI score0.94789EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/21 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-8596

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019,...

6.5CVSS6.7AI score0.06874EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2018-8616

A vulnerability is present in Microsoft Word that may allow for disclosure of sensitive information...

5.8AI score
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2018-8595

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019,...

6.5CVSS6.7AI score0.06728EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/21 12:0 a.m.2 views

VulnCheck KEV: CVE-2018-8621

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows Server 2012, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8477, CVE-2018-8622...

5.5CVSS6.4AI score0.01835EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/21 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-8622

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows...

5.5CVSS6.4AI score0.01835EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-8514

An information disclosure vulnerability exists when Remote Procedure Call runtime improperly initializes objects in memory, aka "Remote Procedure Call runtime Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server...

5.5CVSS6.8AI score0.01889EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/21 12:0 a.m.8 views

VulnCheck KEV: CVE-2018-8477

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012,...

5.5CVSS6.8AI score0.01796EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/21 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

6.1CVSS6.8AI score0.87218EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/21 12:0 a.m.4 views

VulnCheck KEV: CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...

6.1CVSS6.8AI score0.29726EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-11022

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

6.9CVSS6.7AI score0.99019EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-11023

JQuery contains a persistent cross-site scripting XSS vulnerability. When passing maliciously formed, untrusted input enclosed in HTML tags, JQuery's DOM manipulators can execute untrusted code in the context of the user's browser...

6.9CVSS6.8AI score0.8383EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/19 12:0 a.m.6 views

VulnCheck KEV: CVE-2020-28188

Remote Command Execution RCE vulnerability in TerraMaster TOS = 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter...

10CVSS7.6AI score0.96598EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/17 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-21492

Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization ASLR bypass...

4.4CVSS6AI score0.02554EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/14 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-10823

An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip...

9CVSS7.7AI score0.78191EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/14 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-7961

Liferay Portal contains a deserialization of untrusted data vulnerability that allows remote attackers to execute code via JSON web services...

9.8CVSS7.6AI score0.99783EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/14 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-35665

An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation...

10CVSS7.3AI score0.78141EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/14 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-3007

Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer...

9.8CVSS8AI score0.75313EPSS
Exploits3References1
Total number of security vulnerabilities4985