4985 matches found
VulnCheck KEV: CVE-2018-1000861
A code execution vulnerability exists in the Stapler web framework used by Jenkins...
VulnCheck KEV: CVE-2017-9791
The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage...
VulnCheck KEV: CVE-2019-9081
The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the destruct method of the PendingCommand class in PendingCommand.php...
VulnCheck KEV: CVE-2017-11317
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code...
VulnCheck KEV: CVE-2019-7195
QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files...
VulnCheck KEV: CVE-2019-7194
QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files...
VulnCheck KEV: CVE-2019-7192
QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system...
VulnCheck KEV: CVE-2020-0986
Microsoft Windows kernel contains an unspecified vulnerability when handling objects in memory that allows attackers to escalate privileges and execute code in kernel mode...
VulnCheck KEV: CVE-2019-11507
In Pulse Secure Pulse Connect Secure PCS 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page...
VulnCheck KEV: CVE-2018-19949
A command injection vulnerability affecting QNAP NAS File Station could allow remote attackers to run commands...
VulnCheck KEV: CVE-2015-5468
Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter to includes/download.php...
VulnCheck KEV: CVE-2020-36714
The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the isadministrator function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and interact with available AJAX functions...
VulnCheck KEV: CVE-2019-9618
The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the "cfg" parameter...
VulnCheck KEV: CVE-2016-7262
A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands...
VulnCheck KEV: CVE-2018-4893
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of...
VulnCheck KEV: CVE-2015-9406
Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. dot dot in the files parameter to css/css.php...
VulnCheck KEV: CVE-2020-0796
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 SMBv3 protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client...
VulnCheck KEV: CVE-2017-7391
A Cross-Site Scripting XSS was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data prefix passed to the 'magmi-git-master/magmi/web/ajaxgettime.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the...
VulnCheck KEV: CVE-2020-13126
An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor plugin...
VulnCheck KEV: CVE-2020-13125
An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled...
VulnCheck KEV: CVE-2020-36715
The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible for authenticated attackers to inject arbitrary web scripts into the plugin settings that execute...
VulnCheck KEV: CVE-2020-10173
Comtrend VR-3033 DE11-416SSG-C01R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi...
VulnCheck KEV: CVE-2019-16278
Nostromo nhttpd contains a directory traversal vulnerability in the httpverify function in a non-chrooted nhttpd server allowing for remote code execution...
VulnCheck KEV: CVE-2007-3010
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands...
VulnCheck KEV: CVE-2014-9727
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm...
VulnCheck KEV: CVE-2019-18935
Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process...
VulnCheck KEV: CVE-2020-1631
A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning ZTP allows an unauthenticated attacker to perform remote code execution...
VulnCheck KEV: CVE-2013-3644
Unspecified vulnerability in JustSystems Ichitaro 2006 through 2013; Ichitaro Pro through 2; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro Portable with oreplug; Ichitaro Viewer; and Ichitaro JUST School through 2010 allows remote attackers to execute arbitrary code via a crafted...
VulnCheck KEV: CVE-2010-1424
Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government 2006 through 2010 allows user-assisted remote attackers to execute arbitrary code via a crafted font file...
VulnCheck KEV: CVE-2010-2152
Unspecified vulnerability in JustSystems Ichitaro 2004 through 2009, Ichitaro Government 2006 through 2009, and Just School 2008 and 2009 allows remote attackers to execute arbitrary code via unknown vectors related to "product character attribute processing" for a document...
VulnCheck KEV: CVE-2020-2883
Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3...
VulnCheck KEV: CVE-2020-9818
Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processing a maliciously crafted mail message...
VulnCheck KEV: CVE-2020-9819
Apple iOS, iPadOS, and watchOS Mail contains a memory corruption vulnerability that may allow heap corruption when processing a maliciously crafted mail message...
VulnCheck KEV: CVE-2020-12271
Sophos Firewall operating system SFOS firmware contains a SQL injection vulnerability when configured with either the administration HTTPS service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed...
VulnCheck KEV: CVE-2019-17231
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues...
VulnCheck KEV: CVE-2019-17230
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes...
VulnCheck KEV: CVE-2020-1938
Apache Tomcat treats Apache JServ Protocol AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited...
VulnCheck KEV: CVE-2020-0938
Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts Adobe Type 1 PostScript format that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who...
VulnCheck KEV: CVE-2020-1020
Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts Adobe Type 1 PostScript format that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who...
VulnCheck KEV: CVE-2020-5200
Minerbabe through V4.16 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...
VulnCheck KEV: CVE-2019-19753
SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...
VulnCheck KEV: CVE-2019-19751
easyMINE before 2019-12-05 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...
VulnCheck KEV: CVE-2019-19750
minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product...
VulnCheck KEV: CVE-2019-19755
ethOS through 1.3.3 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...
VulnCheck KEV: CVE-2019-19754
HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...
VulnCheck KEV: CVE-2019-19752
nvOC through 3.2 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...
VulnCheck KEV: CVE-2020-8515
DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution...
VulnCheck KEV: CVE-2020-5722
Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitation can allow for code execution as root...
VulnCheck KEV: CVE-2020-6820
Mozilla Firefox and Thunderbird contain a race condition vulnerability when handling a ReadableStream under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts...
VulnCheck KEV: CVE-2020-6572
Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page...