4985 matches found
VulnCheck KEV: CVE-2020-20634
Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog...
VulnCheck KEV: CVE-2019-1322
A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context...
VulnCheck KEV: CVE-2018-25126
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...
VulnCheck KEV: CVE-2019-1405
A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation...
VulnCheck KEV: CVE-2020-9514
An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user with the Subscriber role to permanently delete arbitrary posts and pages, create new posts with arbitrary subjects, and modify the subjects of existing posts and pages...
VulnCheck KEV: CVE-2020-6453
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
VulnCheck KEV: CVE-2020-10189
Zoho ManageEngine Desktop Central contains a file upload vulnerability that allows for unauthenticated remote code execution...
VulnCheck KEV: CVE-2019-1652
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands...
VulnCheck KEV: CVE-2019-1653
Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download the router configuration or detailed diagnostic information...
VulnCheck KEV: CVE-2020-1027
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions...
VulnCheck KEV: CVE-2025-34132
A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvrbox fails to properly sanitize input, allowing remote attackers to inject and...
VulnCheck KEV: CVE-2025-34129
A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a...
VulnCheck KEV: CVE-2025-34130
An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be...
VulnCheck KEV: CVE-2020-8468
Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components...
VulnCheck KEV: CVE-2020-8467
Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution...
VulnCheck KEV: CVE-2020-0688
Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution...
VulnCheck KEV: CVE-2020-10257
The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trxaddons/v2/get/sclayout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trxaddonsrestgetsclayout with an unsafe sc parameter...
VulnCheck KEV: CVE-2020-6819
Mozilla Firefox and Thunderbird contain a race condition vulnerability when running the nsDocShell destructor under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts...
VulnCheck KEV: CVE-2020-36852
The Custom Searchable Data Entry System plugin for WordPress is vulnerable to unauthenticated database wiping in versions up to, and including 1.7.1, due to a missing capability check and lack of sufficient validation on the ghazalesdsdeleteentriestablerow function. This makes it...
VulnCheck KEV: CVE-2020-36853
The 10WebMapBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Plugin Settings Change in versions up to, and including, 1.0.63 due to insufficient input sanitization and output escaping and a lack of capability checks. This makes it possible for unauthenticated...
VulnCheck KEV: CVE-2020-36731
The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to missing authorization checks on the updateSettingsAction...
VulnCheck KEV: CVE-2020-9459
Multiple Stored Cross-site scripting XSS vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users with minimal permissions to inject arbitrary JavaScript, HTML, or CSS via Ajax actions. This affects mecsavenotifications...
VulnCheck KEV: CVE-2020-36854
The Async JavaScript plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.19.07.14. This is due to missing authorization checks on the ajsteps AJAX aciton along with a lack on sanitization on the settings saved via the function. This makes it...
VulnCheck KEV: CVE-2018-5383
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key...
VulnCheck KEV: CVE-2016-10057
Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service application crash or have other unspecified impact via a crafted file...
VulnCheck KEV: CVE-2018-6789
Exim contains a buffer overflow vulnerability in the base64d function part of the SMTP listener that may allow for remote code execution...
VulnCheck KEV: CVE-2018-1000136
Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node...
VulnCheck KEV: CVE-2018-0986
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." This affects Windows Defender, Windows Intune...
VulnCheck KEV: CVE-2018-9995
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin"...
VulnCheck KEV: CVE-2018-3639
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative...
VulnCheck KEV: CVE-2018-10115
Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service segmentation fault or execute arbitrary code via a crafted RAR archive...
VulnCheck KEV: CVE-2018-5391
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation...
VulnCheck KEV: CVE-2020-9054
Multiple Zyxel network-attached storage NAS devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code...
VulnCheck KEV: CVE-2020-6418
Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and...
VulnCheck KEV: CVE-2020-36333
themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a resetwizardactions hook...
VulnCheck KEV: CVE-2020-0674
Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote code execution in the context of the current user...
VulnCheck KEV: CVE-2018-19320
The GDrv low-level driver in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system...
VulnCheck KEV: CVE-2014-8739
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form formerly Sexy Contact Form before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to...
VulnCheck KEV: CVE-2019-7256
Nice Linear eMerge E3-Series contains an OS command injection vulnerability that allows an attacker to conduct remote code execution...
VulnCheck KEV: CVE-2019-1003000
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM...
VulnCheck KEV: CVE-2020-0640
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'...
VulnCheck KEV: CVE-2020-0650
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0651, CVE-2020-0653...
VulnCheck KEV: CVE-2020-0642
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0624...
VulnCheck KEV: CVE-2020-0624
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0642...
VulnCheck KEV: CVE-2020-0651
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0650, CVE-2020-0653...
VulnCheck KEV: CVE-2020-0652
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Memory Corruption Vulnerability'...
VulnCheck KEV: CVE-2020-0653
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0650, CVE-2020-0651...
VulnCheck KEV: CVE-2020-36875
AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the loginerror parameter as PHP code, allowing an attacker to supply and execute arbitrary PHP in the context of the WordPress web...
VulnCheck KEV: CVE-2019-9489
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan versions XG and 11.0, and Worry-Free Business Security versions 10.0, 9.5 and 9.0 could allow an attacker to modify arbitrary files on the affected product's management console...
VulnCheck KEV: CVE-2019-19781
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution...