Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2020/03/31 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-20634

Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog...

6.5CVSS6.6AI score0.00989EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2020/03/27 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-1322

A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context...

7.8CVSS7.1AI score0.19205EPSS
Exploits25References1
VulnCheck KEV
VulnCheck KEV
added 2020/03/27 12:0 a.m.6 views

VulnCheck KEV: CVE-2018-25126

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...

9.3CVSS5.8AI score0.03696EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2020/03/27 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-1405

A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation...

7.8CVSS7.2AI score0.2995EPSS
Exploits24References1
VulnCheck KEV
VulnCheck KEV
added 2020/03/26 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-9514

An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user with the Subscriber role to permanently delete arbitrary posts and pages, create new posts with arbitrary subjects, and modify the subjects of existing posts and pages...

6.5CVSS6.7AI score0.00961EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2020/03/26 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-6453

Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.2AI score0.00882EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2020/03/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-10189

Zoho ManageEngine Desktop Central contains a file upload vulnerability that allows for unauthenticated remote code execution...

10CVSS7.7AI score0.99941EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2020/03/25 12:0 a.m.5 views

VulnCheck KEV: CVE-2019-1652

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands...

9CVSS7.5AI score0.95923EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
added 2020/03/25 12:0 a.m.2 views

VulnCheck KEV: CVE-2019-1653

Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download the router configuration or detailed diagnostic information...

7.5CVSS6.9AI score0.99876EPSS
Exploits19References1
VulnCheck KEV
VulnCheck KEV
added 2020/03/23 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-1027

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions...

7.8CVSS7.4AI score0.04447EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2020/03/20 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-34132

A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvrbox fails to properly sanitize input, allowing remote attackers to inject and...

9.3CVSS5.8AI score0.01761EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2020/03/20 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-34129

A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a...

8.7CVSS5.8AI score0.01077EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2020/03/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-34130

An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be...

8.7CVSS5.9AI score0.01149EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2020/03/16 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-8468

Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components...

8.8CVSS7.3AI score0.05754EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2020/03/16 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-8467

Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution...

8.8CVSS7.5AI score0.10793EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2020/03/10 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-0688

Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution...

9CVSS7.6AI score0.99965EPSS
Exploits30References1
VulnCheck KEV
VulnCheck KEV
added 2020/03/09 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-10257

The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trxaddons/v2/get/sclayout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trxaddonsrestgetsclayout with an unsafe sc parameter...

9.8CVSS7.3AI score0.08877EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2020/03/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-6819

Mozilla Firefox and Thunderbird contain a race condition vulnerability when running the nsDocShell destructor under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts...

8.1CVSS7.3AI score0.02978EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2020/03/06 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-36852

The Custom Searchable Data Entry System plugin for WordPress is vulnerable to unauthenticated database wiping in versions up to, and including 1.7.1, due to a missing capability check and lack of sufficient validation on the ghazalesdsdeleteentriestablerow function. This makes it...

9.1CVSS5.8AI score0.00307EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2020/02/27 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-36853

The 10WebMapBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Plugin Settings Change in versions up to, and including, 1.0.63 due to insufficient input sanitization and output escaping and a lack of capability checks. This makes it possible for unauthenticated...

7.2CVSS5.8AI score0.00347EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2020/02/27 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-36731

The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to missing authorization checks on the updateSettingsAction...

7.2CVSS6.3AI score0.01342EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2020/02/27 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-9459

Multiple Stored Cross-site scripting XSS vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users with minimal permissions to inject arbitrary JavaScript, HTML, or CSS via Ajax actions. This affects mecsavenotifications...

5.4CVSS6.2AI score0.01024EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2020/02/27 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-36854

The Async JavaScript plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.19.07.14. This is due to missing authorization checks on the ajsteps AJAX aciton along with a lack on sanitization on the settings saved via the function. This makes it...

6.4CVSS5.8AI score0.00238EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2020/02/25 12:0 a.m.8 views

VulnCheck KEV: CVE-2018-5383

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key...

8CVSS7.1AI score0.00802EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2020/02/25 12:0 a.m.3 views

VulnCheck KEV: CVE-2016-10057

Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service application crash or have other unspecified impact via a crafted file...

7.8CVSS6.8AI score0.01715EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2020/02/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-6789

Exim contains a buffer overflow vulnerability in the base64d function part of the SMTP listener that may allow for remote code execution...

9.8CVSS7.8AI score0.82238EPSS
Exploits19References1
VulnCheck KEV
VulnCheck KEV
added 2020/02/25 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-1000136

Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node...

8.1CVSS7.7AI score0.04778EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2020/02/25 12:0 a.m.5 views

VulnCheck KEV: CVE-2018-0986

A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." This affects Windows Defender, Windows Intune...

9.3CVSS7.9AI score0.61482EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2020/02/25 12:0 a.m.5 views

VulnCheck KEV: CVE-2018-9995

TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin"...

9.8CVSS7.3AI score0.83151EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
added 2020/02/25 12:0 a.m.7 views

VulnCheck KEV: CVE-2018-3639

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative...

5.5CVSS7AI score0.60631EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2020/02/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-10115

Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service segmentation fault or execute arbitrary code via a crafted RAR archive...

7.8CVSS7.5AI score0.04666EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2020/02/25 12:0 a.m.10 views

VulnCheck KEV: CVE-2018-5391

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation...

7.8CVSS6.5AI score0.24575EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2020/02/24 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-9054

Multiple Zyxel network-attached storage NAS devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code...

10CVSS7.7AI score0.99988EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2020/02/18 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-6418

Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and...

8.8CVSS7.1AI score0.78808EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2020/02/16 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-36333

themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a resetwizardactions hook...

9.1CVSS7.3AI score0.03429EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2020/02/11 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-0674

Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote code execution in the context of the current user...

7.6CVSS7.8AI score0.86863EPSS
Exploits17References1
VulnCheck KEV
VulnCheck KEV
added 2020/02/10 12:0 a.m.2 views

VulnCheck KEV: CVE-2018-19320

The GDrv low-level driver in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system...

7.8CVSS7.1AI score0.03597EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2020/02/08 12:0 a.m.23 views

VulnCheck KEV: CVE-2014-8739

Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form formerly Sexy Contact Form before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to...

9.8CVSS7.3AI score0.91656EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2020/02/01 12:0 a.m.5 views

VulnCheck KEV: CVE-2019-7256

Nice Linear eMerge E3-Series contains an OS command injection vulnerability that allows an attacker to conduct remote code execution...

10CVSS7.7AI score0.97136EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
added 2020/01/31 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-1003000

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM...

8.8CVSS7.1AI score0.98428EPSS
Exploits15References1
VulnCheck KEV
VulnCheck KEV
added 2020/01/22 12:0 a.m.6 views

VulnCheck KEV: CVE-2020-0640

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'...

7.6CVSS7.7AI score0.08167EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2020/01/22 12:0 a.m.6 views

VulnCheck KEV: CVE-2020-0650

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0651, CVE-2020-0653...

9.3CVSS7.8AI score0.20398EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2020/01/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-0642

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0624...

7.8CVSS7.1AI score0.01926EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2020/01/22 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-0624

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0642...

7.8CVSS7.1AI score0.01926EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2020/01/22 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-0651

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0650, CVE-2020-0653...

9.3CVSS7.8AI score0.20398EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2020/01/22 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-0652

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Memory Corruption Vulnerability'...

7.8CVSS7.7AI score0.16962EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2020/01/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-0653

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0650, CVE-2020-0651...

9.3CVSS7.8AI score0.20398EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2020/01/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-36875

AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the loginerror parameter as PHP code, allowing an attacker to supply and execute arbitrary PHP in the context of the WordPress web...

9.3CVSS6.3AI score0.00746EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2020/01/17 12:0 a.m.2 views

VulnCheck KEV: CVE-2019-9489

A directory traversal vulnerability in Trend Micro Apex One, OfficeScan versions XG and 11.0, and Worry-Free Business Security versions 10.0, 9.5 and 9.0 could allow an attacker to modify arbitrary files on the affected product's management console...

7.5CVSS7.2AI score0.02257EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2020/01/16 12:0 a.m.5 views

VulnCheck KEV: CVE-2019-19781

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution...

9.8CVSS7.5AI score0.99999EPSS
Exploits48References1
Total number of security vulnerabilities4985