Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2019/02/19 12:0 a.m.•10 views

VulnCheck KEV: CVE-2018-8405

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel DXGKRNL driver improperly handles objects in memory...

7.8CVSS7.1AI score0.03444EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/02/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-25296

The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type validation in the lfbuploadform and lfbremoveFile AJAX actions in versions up to, and including, 9.642. This makes it possible for unauthenticated attackers to upload...

9.8CVSS5.9AI score0.00597EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/02/12 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-0676

An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk...

6.5CVSS7.1AI score0.07505EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/02/08 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-6223

Apple iOS and macOS Group FaceTime contains an unspecified vulnerability where the call initiator can cause the recipient's Apple device to answer unknowingly or without user interaction...

7.5CVSS7.3AI score0.02629EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/02/08 12:0 a.m.•7 views

VulnCheck KEV: CVE-2017-18362

ConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database...

9.8CVSS7.3AI score0.86706EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/02/07 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-7286

Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation...

7.8CVSS7.3AI score0.15705EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2019/02/07 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-7287

Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution...

9.3CVSS7.5AI score0.04589EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/02/06 12:0 a.m.•6 views

VulnCheck KEV: CVE-2019-11695

A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts, doorhanger...

4.3CVSS6.6AI score0.00737EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/02/04 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-9806

A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. This allows for a denial of service DOS attack. This vulnerability affects Firefox 66...

7.5CVSS7.1AI score0.01081EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/01/29 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-0938

Denial of Service attack in airMAX 8.3.2 , airMAX 6.0.7 and EdgeMAX 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks...

7.5CVSS7.1AI score0.20974EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/01/13 12:0 a.m.•2 views

VulnCheck KEV: CVE-2019-9082

ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command...

9.3CVSS7.9AI score0.97419EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2019/01/08 12:0 a.m.•2 views

VulnCheck KEV: CVE-2018-2894

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS - Web Services. Supported versions that are affected are 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

9.8CVSS7.3AI score0.50224EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2019/01/08 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-12615

When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server...

8.1CVSS7.3AI score0.99607EPSS
Exploits18References1
VulnCheck KEV
VulnCheck KEV
•added 2019/01/08 12:0 a.m.•5 views

VulnCheck KEV: CVE-2018-1273

Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution...

9.8CVSS7.5AI score0.95649EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2019/01/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2015-4464

Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server...

9.8CVSS7.3AI score0.0466EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2018/12/21 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-0213

Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application...

7.3CVSS6.7AI score0.84138EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
•added 2018/12/21 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-11774

Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute commands...

7.8CVSS7.2AI score0.59893EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2018/12/20 12:0 a.m.•2 views

VulnCheck KEV: CVE-2018-7522

In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Modifying the data in this location could allow attackers to gain supervisor-level access and control system states...

7.2CVSS6.8AI score0.00431EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2018/12/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-8653

Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution...

7.6CVSS7.5AI score0.29822EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2018/12/18 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-11776

Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurations and in same time, its upper package configuration have no or...

9.3CVSS7.9AI score0.99993EPSS
Exploits41References1
VulnCheck KEV
VulnCheck KEV
•added 2018/11/29 12:0 a.m.•9 views

VulnCheck KEV: CVE-2017-12824

Special crafted InPage document leads to arbitrary code execution in InPage reader...

7.8CVSS7.6AI score0.01498EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2018/11/29 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-0798

Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0802...

9.3CVSS7.8AI score0.95121EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2018/11/29 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-15982

Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free Vulnerability...

10CVSS7.3AI score0.81971EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
•added 2018/11/20 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-20838

ampforwpsavestepsdata in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS...

5.4CVSS6AI score0.01078EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2018/11/12 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-11869

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current...

7.6CVSS7.1AI score0.09825EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2018/11/09 12:0 a.m.•2 views

VulnCheck KEV: CVE-2018-19207

The Van Ons WP GDPR Compliance aka wp-gdpr-compliance plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb-prepare input is mishandled, as exploited in the wild in November 2018...

9.8CVSS7.7AI score0.87294EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2018/11/05 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-18956

The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service segfault and daemon crash via crafted input to the SMTP parser, as exploited in the wild in November 2018...

7.5CVSS7.2AI score0.02794EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2018/10/31 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-15454

A vulnerability in the Session Initiation Protocol SIP inspection engine of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting...

8.6CVSS7.3AI score0.04381EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2018/10/29 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-8611

A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory...

7.8CVSS7.3AI score0.04161EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2018/10/27 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-9866

A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System GMS virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier...

9.8CVSS7.6AI score0.04504EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2018/10/17 12:0 a.m.•6 views

VulnCheck KEV: CVE-2018-8589

A privilege escalation vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run remote code in the security context of the local system...

7.8CVSS7.5AI score0.03023EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2018/09/26 12:0 a.m.•5 views

VulnCheck KEV: CVE-2018-1000207

MODX Revolution version =2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability...

7.2CVSS7AI score0.64088EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2018/09/25 12:0 a.m.•6 views

VulnCheck KEV: CVE-2018-25117

VestaCP commit a3f0fa1 2018-05-31 up to commit ee03eff 2018-06-13 contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a multi-stage DDoS...

9.3CVSS5.8AI score0.00402EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2018/09/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2016-3088

The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request...

9.8CVSS7.5AI score0.98518EPSS
Exploits19References1
VulnCheck KEV
VulnCheck KEV
•added 2018/09/05 12:0 a.m.•7 views

VulnCheck KEV: CVE-2018-8440

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call ALPC...

7.8CVSS7.3AI score0.18386EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2018/08/30 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-3066

Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution...

10CVSS7.7AI score0.90597EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2018/08/17 12:0 a.m.•5 views

VulnCheck KEV: CVE-2018-8453

Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges...

7.8CVSS7.3AI score0.69833EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2018/08/15 12:0 a.m.•7 views

VulnCheck KEV: CVE-2018-11687

An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red BTCR, an Ethereum ERC20 token, allows the owner to accomplish an unauthorized increase of digital assets by providing a large address array, as exploited in the wild in May 2018, aka the...

7.5CVSS7.2AI score0.01277EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2018/08/14 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-8414

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths...

9.3CVSS8AI score0.73968EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2018/07/24 12:0 a.m.•2 views

VulnCheck KEV: CVE-2025-34051

A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgiquery endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP...

6.9CVSS5.9AI score0.0051EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2018/07/20 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-2893

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS Core Components. Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to...

9.8CVSS7.3AI score0.71196EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
•added 2018/07/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-7602

A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site...

9.8CVSS7.5AI score0.99236EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
•added 2018/07/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-5521

Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management server...

8.1CVSS7.4AI score0.89294EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2018/07/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2014-9583

common.c in infosvr in ASUS WRT firmware 3.0.0.4.3761071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via...

10CVSS7.5AI score0.80731EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
•added 2018/07/13 12:0 a.m.•2 views

VulnCheck KEV: CVE-2013-0230

Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method...

10CVSS6.6AI score0.69151EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
•added 2018/07/13 12:0 a.m.•6 views

VulnCheck KEV: CVE-2012-5959

Stack-based buffer overflow in the uniqueservicename function in ssdp/ssdpserver.c in the SSDP parser in the portable SDK for UPnP Devices aka libupnp, formerly the Intel SDK for UPnP devices before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN aka uuid field...

10CVSS6.4AI score0.75796EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2018/07/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-0229

The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service service crash via a crafted request that triggers a buffer over-read...

7.8CVSS6.2AI score0.76396EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2018/07/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2015-7261

The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21...

9.8CVSS7.3AI score0.01598EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2018/07/13 12:0 a.m.•2 views

VulnCheck KEV: CVE-2017-8877

ASUS RT-AC and RT-N devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID...

6.5CVSS6.6AI score0.00856EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2018/07/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-6549

Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware...

9.3CVSS7.3AI score0.07552EPSS
Exploits6References1
Total number of security vulnerabilities4985