Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2020/12/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-14847

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface...

9.1CVSS7.6AI score0.96087EPSS
Exploits23References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/01 12:0 a.m.•10 views

VulnCheck KEV: CVE-2017-8222

Wireless IP Camera P2P WIFICAM devices have an "Apple Production IOS Push Services" private RSA key and certificate stored in /system/www/pem/ck.pem inside the firmware, which allows attackers to obtain sensitive information...

7.5CVSS7.2AI score0.04258EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2020/11/22 12:0 a.m.•3 views

VulnCheck KEV: CVE-2015-7571

Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension...

7.8CVSS7.5AI score0.08439EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2020/11/22 12:0 a.m.•3 views

VulnCheck KEV: CVE-2015-2067

Directory traversal vulnerability in web/ajaxpluginconf.php in the MAGMI aka Magento Mass Importer plugin for Magento Server allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

5CVSS7.4AI score0.39424EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/11/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-9841

PHPUnit allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI...

9.8CVSS7.4AI score0.99999EPSS
Exploits19References1
VulnCheck KEV
VulnCheck KEV
•added 2020/11/22 12:0 a.m.•7 views

VulnCheck KEV: CVE-2019-9194

elFinder before 2.1.48 has a command injection vulnerability in the PHP connector...

9.8CVSS7.3AI score0.96633EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2020/11/17 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-1906

Multiple Qualcomm chipsets contain a detection of error condition without action vulnerability when improper handling of address deregistration on failure can lead to new GPU address allocation failure...

6.2CVSS7AI score0.0052EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/11/17 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-1905

Multiple Qualcomm Chipsets contain a use after free vulnerability due to improper handling of memory mapping of multiple processes simultaneously...

8.4CVSS7.3AI score0.0115EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/11/11 12:0 a.m.•7 views

VulnCheck KEV: CVE-2019-5544

VMware ESXi and Horizon Desktop as a Service DaaS OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrite the heap of the OpenSLP service to perform remote code execution...

9.8CVSS7.8AI score0.96823EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/11/11 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-3992

VMware ESXi OpenSLP contains a use-after-free vulnerability that allows an attacker residing in the management network with access to port 427 to perform remote code execution...

10CVSS7.6AI score0.83015EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2020/11/09 12:0 a.m.•6 views

VulnCheck KEV: CVE-2020-16013

Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...

8.8CVSS7.5AI score0.02826EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/11/09 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-36155

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wpcapabilities user meta that defines a user's role. During the...

10CVSS7.3AI score0.08975EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2020/11/07 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-16017

Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page...

9.6CVSS7.5AI score0.02747EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/11/06 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-24217

An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. The file-upload endpoint does not enforce authentication. Attackers can send an unauthenticated HTTP request to upload a custom firmware component, possibly in conjunction with command injection, to...

9.8CVSS7.2AI score0.40302EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2020/11/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-5948

The Network Analysis tab MainAnalysisContent.asp in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field destIP parameter...

8.5CVSS6.1AI score0.09522EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/11/06 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-10987

Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter...

10CVSS7.6AI score0.79673EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2020/11/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-15893

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play UPnP is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target ST field of the SSDP M-SEARCH discover packet...

9.8CVSS7AI score0.20856EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2020/11/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-10758

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON method...

9.9CVSS7.4AI score0.84845EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2020/11/05 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-19006

Sangoma FreePBX contains an improper authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services provided by the FreePBX admin...

9.8CVSS7.4AI score0.36615EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/11/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-25337

Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370...

7.1CVSS6.4AI score0.02831EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/11/02 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-14882

Oracle WebLogic Server contains an unspecified vulnerability, which is assessed to allow for remote code execution, based on this vulnerability being related to CVE-2020-14750...

10CVSS7.7AI score0.99997EPSS
Exploits43References1
VulnCheck KEV
VulnCheck KEV
•added 2020/11/02 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-6111

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are...

5.9CVSS6.9AI score0.58204EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/31 12:0 a.m.•8 views

VulnCheck KEV: CVE-2020-16010

Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page...

9.6CVSS7.7AI score0.06414EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/29 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-27950

Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory...

7.1CVSS6.8AI score0.1652EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/29 12:0 a.m.•7 views

VulnCheck KEV: CVE-2020-16009

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft...

8.8CVSS7.3AI score0.48574EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/29 12:0 a.m.•9 views

VulnCheck KEV: CVE-2020-28034

WordPress before 5.5.2 allows XSS associated with global variables...

6.1CVSS6.7AI score0.017EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/26 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-27930

Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front...

7.8CVSS7.4AI score0.22178EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/26 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-27932

Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges...

9.3CVSS7.2AI score0.10337EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/22 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-17087

Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.3AI score0.05387EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/22 12:0 a.m.•6 views

VulnCheck KEV: CVE-2025-34054

An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgiquery. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence...

10CVSS5.8AI score0.02709EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-9248

Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey, perform cross-site-scripting XSS attacks, compromise the ASP.NET...

9.8CVSS7.4AI score0.75098EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/20 12:0 a.m.•2 views

VulnCheck KEV: CVE-2020-1350

Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed...

10CVSS8AI score0.92178EPSS
Exploits21References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/20 12:0 a.m.•6 views

VulnCheck KEV: CVE-2020-3118

Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administrative privileges or cause a reload on an affected device...

8.8CVSS7.5AI score0.11685EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/20 12:0 a.m.•6 views

VulnCheck KEV: CVE-2018-4939

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution...

10CVSS7.4AI score0.63304EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/20 12:0 a.m.•3 views

VulnCheck KEV: CVE-2015-4852

Oracle WebLogic Server contains a deserialization of untrusted data vulnerability within Apache Commons, which can allow for for remote code execution...

9.8CVSS7.5AI score0.96032EPSS
Exploits17References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/20 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-1040

Microsoft Hyper-V RemoteFX vGPU contains an improper input validation vulnerability due to the host server failing to properly validate input from an authenticated user on a guest operating system. Successful exploitation allows for remote code execution on the host operating system...

9CVSS7.9AI score0.06903EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/20 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-6327

Symantec Messaging Gateway contains an unspecified vulnerability which can allow for remote code execution. With the ability to perform remote code execution, an attacker may also desire to perform privilege escalating actions...

8.8CVSS7.5AI score0.35341EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/20 12:0 a.m.•2 views

VulnCheck KEV: CVE-2020-15505

Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database RDB products contain an unspecified vulnerability that allows for remote code execution...

9.8CVSS7.7AI score0.99737EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/20 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-1040

A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC Message Integrity Check protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. To...

5.9CVSS7AI score0.48043EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/20 12:0 a.m.•2 views

VulnCheck KEV: CVE-2019-11580

Atlassian Crowd and Crowd Data Center contain a remote code execution vulnerability resulting from a pdkinstall development plugin being incorrectly enabled in release builds...

9.8CVSS8AI score0.95355EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/20 12:0 a.m.•13 views

VulnCheck KEV: CVE-2020-2555

Multiple Oracle products contain a remote code execution vulnerability that allows an unauthenticated attacker with network access via T3 or HTTP to takeover the affected system. Impacted Oracle products: Oracle Coherence in Fusion Middleware, Oracle Utilities Framework, Oracle Retail...

9.8CVSS7.8AI score0.97116EPSS
Exploits26References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/20 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-11357

Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution...

9.8CVSS7.7AI score0.75709EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-1054

Microsoft Win32k contains a privilege escalation vulnerability when the Windows kernel-mode driver fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kernel mode...

7.8CVSS7.4AI score0.52778EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-15999

Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function LoadSBitPng when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and...

9.6CVSS7.2AI score0.5063EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/16 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-36725

The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins for WordPress are vulnerable to an Options Change vulnerability in versions up to, and including, 1.21.11 and 1.21.4 via the 'ti-woocommerce-wishlist/includes/export.class.php' file. This makes it possible for authenticated...

8.8CVSS7.2AI score0.01147EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/15 12:0 a.m.•5 views

VulnCheck KEV: CVE-2013-2618

Cross-site scripting XSS vulnerability in editor.php in Network Weathermap before 0.97b allows remote attackers to inject arbitrary web script or HTML via the maptitle parameter...

4.3CVSS5.9AI score0.04682EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/15 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-12808

Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution...

9.8CVSS7.7AI score0.07512EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/15 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-8389

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from...

7.6CVSS7.7AI score0.28646EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/14 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-7276

Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console...

10CVSS7.3AI score0.93384EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/14 12:0 a.m.•1 views

VulnCheck KEV: CVE-2018-19276

OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body...

10CVSS7.6AI score0.98811EPSS
Exploits10References1
Total number of security vulnerabilities4985