Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2019/06/06 12:0 a.m.•2 views

VulnCheck KEV: CVE-2018-17173

LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsrserver/device/getThumbnail...

9.8CVSS7.8AI score0.56237EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/06 12:0 a.m.•5 views

VulnCheck KEV: CVE-2018-6961

VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution...

8.1CVSS7.5AI score0.86431EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-7841

A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered...

9.8CVSS7.8AI score0.72486EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/06 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-5174

An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution...

9.8CVSS7.4AI score0.5229EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/06 12:0 a.m.•2 views

VulnCheck KEV: CVE-2019-3929

Multiple Crestron products are vulnerable to command injection via the filetransfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root...

10CVSS7.4AI score0.98952EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/03 12:0 a.m.•5 views

VulnCheck KEV: CVE-2014-6287

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server HFS or HttpFileServer allows remote attackers to execute arbitrary programs...

10CVSS7.5AI score0.99323EPSS
Exploits23References1
VulnCheck KEV
VulnCheck KEV
•added 2019/05/23 12:0 a.m.•3 views

VulnCheck KEV: CVE-2015-2051

D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface...

10CVSS7.7AI score0.97101EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2019/05/20 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-8046

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...

9.8CVSS7.4AI score0.72782EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2019/05/15 12:0 a.m.•6 views

VulnCheck KEV: CVE-2019-14950

The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page...

6.1CVSS6.3AI score0.01211EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/05/14 12:0 a.m.•6 views

VulnCheck KEV: CVE-2019-0863

Microsoft Windows Error Reporting WER contains a privilege escalation vulnerability due to the way it handles files, allowing for code execution in kernel mode...

7.8CVSS7.4AI score0.05207EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/05/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-3568

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number...

9.8CVSS8.2AI score0.39166EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/05/10 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-0604

Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of the SharePoint application pool and the SharePoint server farm account...

9.8CVSS7.2AI score0.99913EPSS
Exploits29References1
VulnCheck KEV
VulnCheck KEV
•added 2019/05/09 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-11869

The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can inject a payload into the plugin...

6.1CVSS6.4AI score0.05331EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/05/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-11510

Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI...

10CVSS7.6AI score0.99999EPSS
Exploits22References1
VulnCheck KEV
VulnCheck KEV
•added 2019/05/01 12:0 a.m.•6 views

VulnCheck KEV: CVE-2019-2729

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

9.8CVSS7.4AI score0.8883EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2019/04/30 12:0 a.m.•2 views

VulnCheck KEV: CVE-2019-2725

Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services...

9.8CVSS7.3AI score0.99964EPSS
Exploits35References1
VulnCheck KEV
VulnCheck KEV
•added 2019/04/23 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-3396

Atlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and remote code execution...

10CVSS7.7AI score0.99913EPSS
Exploits20References1
VulnCheck KEV
VulnCheck KEV
•added 2019/04/17 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-6736

The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code...

9CVSS7.3AI score0.70559EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2019/04/17 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-0296

Cisco Adaptive Security Appliance ASA contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service DoS condition or information disclosure...

7.5CVSS7.1AI score0.99903EPSS
Exploits18References1
VulnCheck KEV
VulnCheck KEV
•added 2019/04/17 12:0 a.m.•7 views

VulnCheck KEV: CVE-2017-12617

When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server...

8.1CVSS7AI score0.99988EPSS
Exploits23References1
VulnCheck KEV
VulnCheck KEV
•added 2019/04/12 12:0 a.m.•6 views

VulnCheck KEV: CVE-2017-13315

In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a write size mismatch. This could lead to an elevation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is...

7.8CVSS7.2AI score0.00097EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/04/12 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-13156

An elevation of privilege vulnerability in the Android system art. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847...

7.8CVSS7.3AI score0.20089EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2019/04/11 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-11886

The WaspThemes Visual CSS Style Editor aka yellow-pencil-visual-theme-customizer plugin before 7.2.1 for WordPress allows ypoptionupdate CSRF, as demonstrated by use of ypremoteget to obtain admin access...

8.8CVSS7.3AI score0.0189EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/04/09 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-0803

Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode...

7.8CVSS7.4AI score0.4523EPSS
Exploits26References1
VulnCheck KEV
VulnCheck KEV
•added 2019/04/09 12:0 a.m.•4 views

VulnCheck KEV: CVE-2015-1427

The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands...

9.8CVSS7.6AI score0.99906EPSS
Exploits19References1
VulnCheck KEV
VulnCheck KEV
•added 2019/04/04 12:0 a.m.•6 views

VulnCheck KEV: CVE-2018-19127

A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cachetemplate/.tpl.php file...

9.8CVSS7.5AI score0.20766EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/04/02 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-7139

An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2...

9.8CVSS7.5AI score0.1545EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2019/04/01 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-0666

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0667, CVE-2019-0772...

9.3CVSS7.4AI score0.3126EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/04/01 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-0633

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 SMBv2 server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0630...

9CVSS7.9AI score0.17843EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/04/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-0630

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 SMBv2 server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0633...

9CVSS7.9AI score0.17843EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/04/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-0667

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0772...

9.3CVSS7.4AI score0.3126EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/04/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-0784

A remote code execution vulnerability exists in the way that the ActiveX Data objects ADO handles objects in memory, aka 'Windows ActiveX Remote Code Execution Vulnerability'...

7.6CVSS7.4AI score0.08261EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/03/24 12:0 a.m.•8 views

VulnCheck KEV: CVE-2019-9978

WordPress Social Warfare plugin contains a cross-site scripting XSS vulnerability that allows for remote code execution. This vulnerability affects Social Warfare and Social Warfare Pro...

6.1CVSS7.1AI score0.73543EPSS
Exploits20References1
VulnCheck KEV
VulnCheck KEV
•added 2019/03/19 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-8750

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of...

7.6CVSS7.5AI score0.09202EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/03/17 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-0859

Microsoft Win32k fails to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode...

7.8CVSS7.3AI score0.04151EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2019/03/12 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-0808

Microsoft Win32k contains a privilege escalation vulnerability due to the component failing to properly handle objects in memory. Successful exploitation allows an attacker to run code in kernel mode...

7.8CVSS7.3AI score0.53298EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2019/03/12 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-0703

An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, which could lead to information disclosure from the server...

6.5CVSS7.1AI score0.0964EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/03/11 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-25152

The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping...

7.2CVSS6.3AI score0.01353EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/03/06 12:0 a.m.•3 views

VulnCheck KEV: CVE-2016-0051

The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation of Privilege...

7.8CVSS7.1AI score0.23383EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
•added 2019/03/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-1663

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The...

10CVSS7.7AI score0.95707EPSS
Exploits15References1
VulnCheck KEV
VulnCheck KEV
•added 2019/03/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-7816

ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Successful exploitation could lead to arbitrary code execution...

10CVSS7.7AI score0.67091EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/02/28 12:0 a.m.•8 views

VulnCheck KEV: CVE-2018-20250

WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution...

7.8CVSS7AI score0.96274EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
•added 2019/02/27 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-5786

Google Chrome Blink contains a heap use-after-free vulnerability that allows an attacker to potentially perform out of bounds memory access via a crafted HTML page...

6.5CVSS7.1AI score0.61537EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2019/02/22 12:0 a.m.•7 views

VulnCheck KEV: CVE-2019-0797

Microsoft Win32k contains a privilege escalation vulnerability when the Win32k component fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kernel mode...

7.8CVSS7.4AI score0.0189EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/02/21 12:0 a.m.•5 views

VulnCheck KEV: CVE-2013-3739

Directory traversal vulnerability in editor.php in Network Weathermap 0.97c and earlier allows remote attackers to read arbitrary files via a .. dot dot in the mapname parameter in a showconfig action...

5CVSS5.9AI score0.03679EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2019/02/21 12:0 a.m.•3 views

VulnCheck KEV: CVE-2012-0791

Multiple cross-site scripting XSS vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 composeCache, 2 rtemode, or 3 filename parameters to the compose page; 4 formname...

4.3CVSS5.8AI score0.02437EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/02/21 12:0 a.m.•5 views

VulnCheck KEV: CVE-2018-10225

thinkphp 3.1.3 has SQL Injection via the index.php s parameter...

9.8CVSS7.4AI score0.01135EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/02/21 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-11510

The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecatejs.cgi file by embedding OS commands in the 'script' parameter...

9.8CVSS7.9AI score0.4476EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2019/02/20 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-45045

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated...

8.8CVSS7.6AI score0.01239EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/02/19 12:0 a.m.•9 views

VulnCheck KEV: CVE-2018-8406

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel DXGKRNL driver improperly handles objects in memory...

7.8CVSS7.1AI score0.03444EPSS
Exploits0References1
Total number of security vulnerabilities4985