Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2020/06/24 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-1000861

A code execution vulnerability exists in the Stapler web framework used by Jenkins...

10CVSS7.3AI score0.98326EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2020/06/24 12:0 a.m.•2 views

VulnCheck KEV: CVE-2017-9791

The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage...

9.8CVSS7.8AI score0.98931EPSS
Exploits19References1
VulnCheck KEV
VulnCheck KEV
•added 2020/06/24 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-9081

The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the destruct method of the PendingCommand class in PendingCommand.php...

7.8AI score
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/06/19 12:0 a.m.•1 views

VulnCheck KEV: CVE-2017-11317

Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code...

9.8CVSS7.7AI score0.83476EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2020/06/11 12:0 a.m.•2 views

VulnCheck KEV: CVE-2019-7195

QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files...

9.8CVSS7.3AI score0.89681EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2020/06/11 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-7194

QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files...

9.8CVSS7.3AI score0.82966EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2020/06/11 12:0 a.m.•6 views

VulnCheck KEV: CVE-2019-7192

QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system...

9.8CVSS7.3AI score0.88213EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2020/06/09 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-0986

Microsoft Windows kernel contains an unspecified vulnerability when handling objects in memory that allows attackers to escalate privileges and execute code in kernel mode...

7.8CVSS7.4AI score0.15932EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/06/08 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-11507

In Pulse Secure Pulse Connect Secure PCS 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page...

6.1CVSS6.5AI score0.04055EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/06/05 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-19949

A command injection vulnerability affecting QNAP NAS File Station could allow remote attackers to run commands...

9.8CVSS7.3AI score0.24449EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/06/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2015-5468

Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter to includes/download.php...

7.5CVSS7.3AI score0.24093EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2020/06/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-36714

The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the isadministrator function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and interact with available AJAX functions...

8.1CVSS7.2AI score0.00425EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/06/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-9618

The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the "cfg" parameter...

9.8CVSS7.3AI score0.40771EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2020/06/03 12:0 a.m.•2 views

VulnCheck KEV: CVE-2016-7262

A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands...

7.8CVSS7.5AI score0.58204EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/06/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-4893

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of...

6.5CVSS7AI score0.10992EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/06/03 12:0 a.m.•6 views

VulnCheck KEV: CVE-2015-9406

Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. dot dot in the files parameter to css/css.php...

7.5CVSS7.3AI score0.55008EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/05/27 12:0 a.m.•9 views

VulnCheck KEV: CVE-2020-0796

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 SMBv3 protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client...

10CVSS8AI score0.9981EPSS
Exploits125References1
VulnCheck KEV
VulnCheck KEV
•added 2020/05/18 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-7391

A Cross-Site Scripting XSS was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data prefix passed to the 'magmi-git-master/magmi/web/ajaxgettime.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the...

6.1CVSS6.6AI score0.08173EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/05/17 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-13126

An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor plugin...

9.9CVSS7.2AI score0.08565EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/05/17 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-13125

An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled...

9.9CVSS6.8AI score0.08565EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/05/14 12:0 a.m.•2 views

VulnCheck KEV: CVE-2020-36715

The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible for authenticated attackers to inject arbitrary web scripts into the plugin settings that execute...

7.4CVSS5.9AI score0.00697EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/05/07 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-10173

Comtrend VR-3033 DE11-416SSG-C01R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi...

9CVSS7.3AI score0.77282EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2020/05/07 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-16278

Nostromo nhttpd contains a directory traversal vulnerability in the httpverify function in a non-chrooted nhttpd server allowing for remote code execution...

9.8CVSS7.5AI score0.99057EPSS
Exploits24References1
VulnCheck KEV
VulnCheck KEV
•added 2020/05/07 12:0 a.m.•4 views

VulnCheck KEV: CVE-2007-3010

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands...

10CVSS7.5AI score0.97759EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2020/05/07 12:0 a.m.•4 views

VulnCheck KEV: CVE-2014-9727

AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm...

10CVSS6.1AI score0.71837EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2020/05/07 12:0 a.m.•6 views

VulnCheck KEV: CVE-2019-18935

Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process...

9.8CVSS7.4AI score0.99737EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
•added 2020/05/04 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-1631

A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning ZTP allows an unauthenticated attacker to perform remote code execution...

9.8CVSS7.5AI score0.04725EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/05/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2013-3644

Unspecified vulnerability in JustSystems Ichitaro 2006 through 2013; Ichitaro Pro through 2; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro Portable with oreplug; Ichitaro Viewer; and Ichitaro JUST School through 2010 allows remote attackers to execute arbitrary code via a crafted...

10CVSS6.2AI score0.04174EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/05/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2010-1424

Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government 2006 through 2010 allows user-assisted remote attackers to execute arbitrary code via a crafted font file...

9.3CVSS6.2AI score0.04036EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/05/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2010-2152

Unspecified vulnerability in JustSystems Ichitaro 2004 through 2009, Ichitaro Government 2006 through 2009, and Just School 2008 and 2009 allows remote attackers to execute arbitrary code via unknown vectors related to "product character attribute processing" for a document...

9.3CVSS6.2AI score0.05557EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/04/30 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-2883

Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3...

9.8CVSS7.4AI score0.94928EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2020/04/22 12:0 a.m.•2 views

VulnCheck KEV: CVE-2020-9818

Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processing a maliciously crafted mail message...

8.8CVSS7.3AI score0.02286EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/04/22 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-9819

Apple iOS, iPadOS, and watchOS Mail contains a memory corruption vulnerability that may allow heap corruption when processing a maliciously crafted mail message...

4.3CVSS5.8AI score0.02178EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/04/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-12271

Sophos Firewall operating system SFOS firmware contains a SQL injection vulnerability when configured with either the administration HTTPS service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed...

10CVSS7.9AI score0.42164EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/04/15 12:0 a.m.•2 views

VulnCheck KEV: CVE-2019-17231

includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues...

6.1CVSS6.4AI score0.01216EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/04/15 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-17230

includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes...

5.3CVSS6AI score0.02362EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/04/15 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-1938

Apache Tomcat treats Apache JServ Protocol AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited...

9.8CVSS6.9AI score0.9927EPSS
Exploits45References1
VulnCheck KEV
VulnCheck KEV
•added 2020/04/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-0938

Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts Adobe Type 1 PostScript format that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who...

7.8CVSS7.8AI score0.69166EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/04/14 12:0 a.m.•2 views

VulnCheck KEV: CVE-2020-1020

Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts Adobe Type 1 PostScript format that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who...

8.8CVSS7.5AI score0.65037EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/04/10 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-5200

Minerbabe through V4.16 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...

5.9CVSS5.8AI score0.00175EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/04/10 12:0 a.m.•9 views

VulnCheck KEV: CVE-2019-19753

SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...

9.1CVSS5.8AI score0.00429EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/04/10 12:0 a.m.•9 views

VulnCheck KEV: CVE-2019-19751

easyMINE before 2019-12-05 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...

5.6CVSS5.8AI score0.00286EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/04/10 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-19750

minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product...

9.8CVSS7.3AI score0.01134EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/04/10 12:0 a.m.•7 views

VulnCheck KEV: CVE-2019-19755

ethOS through 1.3.3 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...

9.1CVSS5.8AI score0.00429EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/04/10 12:0 a.m.•9 views

VulnCheck KEV: CVE-2019-19754

HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...

5.7CVSS5.8AI score0.00233EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/04/10 12:0 a.m.•8 views

VulnCheck KEV: CVE-2019-19752

nvOC through 3.2 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...

9.8CVSS5.8AI score0.00512EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/04/03 12:0 a.m.•7 views

VulnCheck KEV: CVE-2020-8515

DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution...

10CVSS7.6AI score0.99993EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2020/04/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-5722

Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitation can allow for code execution as root...

10CVSS7.8AI score0.83926EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2020/04/01 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-6820

Mozilla Firefox and Thunderbird contain a race condition vulnerability when handling a ReadableStream under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts...

8.1CVSS7.3AI score0.06305EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/04/01 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-6572

Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page...

9.3CVSS7.3AI score0.10586EPSS
Exploits0References1
Total number of security vulnerabilities4985