Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2020/10/14 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-10655

Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow via...

9.8CVSS8.1AI score0.15353EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/14 12:0 a.m.•9 views

VulnCheck KEV: CVE-2019-19356

Netis WF2419 devices contains an unspecified vulnerability that allows an attacker to perform remote code execution as root through the router's web management page...

8.5CVSS7.8AI score0.27962EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/14 12:0 a.m.•5 views

VulnCheck KEV: CVE-2018-13023

System command injection vulnerability in wifiaccess in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter...

9CVSS7.4AI score0.23955EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-2251

Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language OGNL expressions...

9.8CVSS7.5AI score0.99998EPSS
Exploits18References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2011-3587

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p class in OFS/misc.py and the use of Python modules...

9.3CVSS6.1AI score0.78546EPSS
Exploits15References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-1956

Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution...

9CVSS7.5AI score0.97337EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/12 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-15227

Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework...

9.8CVSS7.3AI score0.35228EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/10 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-27481

An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin = 2.1.4 exists due to the usage of "wpajaxnopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlrlmscancelbooking" where POST Parameter "id" was sent straight into SQL query...

9.8CVSS7.4AI score0.1064EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/07 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-28650

The WPBakery plugin before 6.4.1 for WordPress allows XSS because it calls ksesremovefilters to disable the standard WordPress XSS protection mechanism for the Author and Contributor roles...

6.4CVSS6AI score0.00691EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/07 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-26876

The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step for course videos and materials by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because showinrest is enabled for custom post types e.g.,...

7.5CVSS7.2AI score0.09199EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/02 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-0968

Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution...

7.6CVSS7.4AI score0.30018EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-8140

An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status, aka "Cortana Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10...

6.8CVSS7AI score0.01643EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-14665

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root...

7.2CVSS7.2AI score0.2704EPSS
Exploits39References1
VulnCheck KEV
VulnCheck KEV
•added 2020/10/01 12:0 a.m.•7 views

VulnCheck KEV: CVE-2020-10713

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access...

8.2CVSS6.9AI score0.01068EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/09/24 12:0 a.m.•7 views

VulnCheck KEV: CVE-2020-1472

Microsoft's Netlogon Remote Protocol MS-NRPC contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on...

10CVSS7AI score0.99512EPSS
Exploits75References1
VulnCheck KEV
VulnCheck KEV
•added 2020/09/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-25158

GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore...

9.8CVSS7.5AI score0.01072EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/09/22 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-25157

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols...

9.8CVSS7.3AI score0.85247EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2020/09/20 12:0 a.m.•4 views

VulnCheck KEV: CVE-2008-4873

board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a downfile action...

10CVSS6.1AI score0.04929EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/09/17 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-2021

Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication...

10CVSS7.3AI score0.04362EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/09/16 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-16920

Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise...

10CVSS7.3AI score0.99996EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2020/09/15 12:0 a.m.•5 views

VulnCheck KEV: CVE-2018-0978

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8249...

7.6CVSS7.7AI score0.14745EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/09/15 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-8193

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL endpoints. The attacker must have access to the NetScaler IP NSIP in order to perform exploitation...

6.5CVSS6.9AI score0.88411EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2020/09/15 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-8195

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability...

6.5CVSS6.9AI score0.33263EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2020/09/15 12:0 a.m.•2 views

VulnCheck KEV: CVE-2020-8196

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability...

4.3CVSS6.7AI score0.26333EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2020/09/09 12:0 a.m.•6 views

VulnCheck KEV: CVE-2020-25213

WordPress File Manager plugin contains a remote code execution vulnerability that allows unauthenticated users to execute PHP code and upload malicious files on a target site...

10CVSS8AI score0.97328EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
•added 2020/09/04 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-14871

Oracle Solaris and Oracle ZFS Storage Appliance Kit contain an unspecified vulnerability causing high impacts to confidentiality, integrity, and availability of affected systems...

10CVSS7.3AI score0.80291EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
•added 2020/08/29 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-3569

Cisco IOS XR Distance Vector Multicast Routing Protocol DVMRP incorrectly handles Internet Group Management Protocol IGMP packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash...

8.6CVSS7.3AI score0.03293EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/08/29 12:0 a.m.•6 views

VulnCheck KEV: CVE-2020-3566

Cisco IOS XR Distance Vector Multicast Routing Protocol DVMRP incorrectly handles Internet Group Management Protocol IGMP packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash...

8.6CVSS7.3AI score0.03631EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/08/27 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-10621

Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS versions prior to 3.0.2...

10CVSS7.2AI score0.0159EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/08/22 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-6703

Incorrect access control in miglaajaxfunctions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to...

9.8CVSS7.3AI score0.26076EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/08/21 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-36720

The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the updateoption lacking proper authentication checks. This makes it possible for any authenticated attacker to change or delete the plugin's settings...

7.1CVSS7AI score0.00793EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/08/11 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-1464

Microsoft Windows contains a spoofing vulnerability when Windows incorrectly validates file signatures, allowing an attacker to bypass security features and load improperly signed files...

7.8CVSS6.9AI score0.41131EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/08/11 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-1380

Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user...

8.8CVSS7.9AI score0.24188EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/08/06 12:0 a.m.•6 views

VulnCheck KEV: CVE-2020-15654

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work...

6.5CVSS6.9AI score0.01237EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/08/04 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-35945

An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the...

9.9CVSS7.4AI score0.02422EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2020/07/30 12:0 a.m.•6 views

VulnCheck KEV: CVE-2020-36668

The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backupguardgetmanualmodal function called via an AJAX action. This makes it possible...

4.3CVSS5.8AI score0.00639EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/07/22 12:0 a.m.•6 views

VulnCheck KEV: CVE-2020-5902

F5 BIG-IP Traffic Management User Interface TMUI contains a remote code execution vulnerability in undisclosed pages...

10CVSS7.5AI score0.99999EPSS
Exploits60References1
VulnCheck KEV
VulnCheck KEV
•added 2020/07/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-11652

SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability...

6.5CVSS7.1AI score0.86063EPSS
Exploits17References1
VulnCheck KEV
VulnCheck KEV
•added 2020/07/22 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-11651

SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some methods without authentication, which can be used to retrieve user tokens from the salt master...

9.8CVSS7.3AI score0.96405EPSS
Exploits24References1
VulnCheck KEV
VulnCheck KEV
•added 2020/07/20 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-11261

Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

7.8CVSS7AI score0.01772EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/07/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-6109

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

6.8CVSS6.9AI score0.03807EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/07/19 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-6110

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server or Man-in-The-Middle attacker can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred...

6.8CVSS7AI score0.20906EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2020/07/19 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-20685

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side...

5.3CVSS6.9AI score0.03681EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/07/16 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-32993

TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh...

9.8CVSS7.3AI score0.00833EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/07/16 12:0 a.m.•7 views

VulnCheck KEV: CVE-2019-9670

Synacor Zimbra Collaboration Suite ZCS contains an improper restriction of XML external entity XXE vulnerability in the mailboxd component...

9.8CVSS7.3AI score0.99986EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2020/07/08 12:0 a.m.•4 views

VulnCheck KEV: CVE-2011-4275

Multiple cross-site scripting XSS vulnerabilities in iTop aka IT Operations Portal 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted company name, 2 a crafted database server name, 3 a crafted CSV file, 4 a crafted copy-and-paste...

4.3CVSS5.8AI score0.01624EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2020/07/07 12:0 a.m.•6 views

VulnCheck KEV: CVE-2020-36728

The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files which can be used to reset and gain full control of a site...

9.8CVSS7.3AI score0.03159EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/07/07 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-36705

The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ninguploadimage function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS7.4AI score0.06944EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/07/04 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-2578

cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in 1 the ServerName parameter and 2 other unspecified...

10CVSS6.1AI score0.73713EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2020/07/04 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-7765

The vulnerability exists within processing of trackimportexport.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the objectid input parameter...

8.8CVSS7.4AI score0.02917EPSS
Exploits3References1
Total number of security vulnerabilities4985