Search
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-14750 | unknown | — | 2.5 | KEVEXP | 5y ago | Oracle WebLogic Server contains an unspecified vulnerability allowing an unauthenticated attacker to perform remote code execution. This vulnerability is related to CVE-2020-14882. | ||
| CVE-2020-1464 | unknown | — | 1.5 | KEV | 5y ago | Microsoft Windows contains a spoofing vulnerability when Windows incorrectly validates file signatures, allowing an attacker to bypass security features and load improperly signed files. | ||
| CVE-2020-1380 | unknown | — | 1.5 | KEV | 5y ago | Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user. | ||
| CVE-2020-1350 | unknown | — | 1.5 | KEV | 5y ago | Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under… | ||
| CVE-2020-12812 | unknown | — | 1.5 | KEV | 5y ago | Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if t… | ||
| CVE-2020-12271 | unknown | — | 1.5 | KEV | 5y ago | Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. S… | ||
| CVE-2020-11738 | unknown | — | 2.5 | KEVEXP | 5y ago | WordPress Snap Creek Duplicator plugin contains a file download vulnerability when an administrator creates a new copy of their site that allows an attacker to download the generated files from their… | ||
| CVE-2020-10987 | unknown | — | 1.5 | KEV | 5y ago | Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter. | ||
| CVE-2020-1054 | unknown | — | 2.5 | KEVEXP | 5y ago | Microsoft Win32k contains a privilege escalation vulnerability when the Windows kernel-mode driver fails to properly handle objects in memory. Successful exploitation allows an attacker to execute co… | ||
| CVE-2020-1040 | unknown | — | 1.5 | KEV | 5y ago | Microsoft Hyper-V RemoteFX vGPU contains an improper input validation vulnerability due to the host server failing to properly validate input from an authenticated user on a guest operating system. S… | ||
| CVE-2020-10221 | unknown | — | 2.5 | KEVEXP | 5y ago | rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter. | ||
| CVE-2020-1020 | unknown | — | 1.5 | KEV | 5y ago | Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code exec… | ||
| CVE-2020-10189 | unknown | — | 2.5 | KEVEXP | 5y ago | Zoho ManageEngine Desktop Central contains a file upload vulnerability that allows for unauthenticated remote code execution. | ||
| CVE-2020-10181 | unknown | — | 1.5 | KEV | 5y ago | Sumavision Enhanced Multimedia Router (EMR) contains a cross-site request forgery (CSRF) vulnerability allowing the creation of users with elevated privileges as administrator on a device. | ||
| CVE-2020-10148 | unknown | — | 1.5 | KEV | 5y ago | SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands. | ||
| CVE-2020-0986 | unknown | — | 1.5 | KEV | 5y ago | Microsoft Windows kernel contains an unspecified vulnerability when handling objects in memory that allows attackers to escalate privileges and execute code in kernel mode. | ||
| CVE-2020-0968 | unknown | — | 1.5 | KEV | 5y ago | Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution. | ||
| CVE-2020-0938 | unknown | — | 1.5 | KEV | 5y ago | Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code exec… | ||
| CVE-2020-0878 | unknown | — | 1.5 | KEV | 5y ago | Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user. | ||
| CVE-2020-0688 | unknown | — | 2.5 | KEVEXP | 5y ago | Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution. | ||
| CVE-2020-0683 | unknown | — | 2.5 | KEVEXP | 5y ago | Microsoft Windows Installer contains a privilege escalation vulnerability when MSI packages process symbolic links, which allows attackers to bypass access restrictions to add or remove files. | ||
| CVE-2020-0674 | unknown | — | 2.5 | KEVEXP | 5y ago | Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote code execution in the … | ||
| CVE-2020-0646 | unknown | — | 2.5 | KEVEXP | 5y ago | Microsoft .NET Framework contains an improper input validation vulnerability that allows for remote code execution. | ||
| CVE-2020-0069 | unknown | — | 1.5 | KEV | 5y ago | Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an out-of-bounds write… | ||
| CVE-2020-0041 | unknown | — | 1.5 | KEVFIX | debian | 5y ago | Android Kernel binder_transaction of binder.c contains an out-of-bounds write vulnerability due to an incorrect bounds check that could allow for local privilege escalation. This vulnerability was ob… | |
| CVE-2019-9978 | unknown | — | 2.5 | KEVEXP | 5y ago | WordPress Social Warfare plugin contains a cross-site scripting (XSS) vulnerability that allows for remote code execution. This vulnerability affects Social Warfare and Social Warfare Pro. | ||
| CVE-2019-9082 | unknown | — | 2.5 | KEVEXP | 5y ago | ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by… | ||
| CVE-2019-8394 | unknown | — | 2.5 | KEVEXP | 5y ago | Zoho ManageEngine ServiceDesk Plus (SDP) contains an unspecified vulnerability that allows remote users to upload files via login page customization. | ||
| CVE-2019-7481 | unknown | — | 1.5 | KEV | 5y ago | SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources. | ||
| CVE-2019-6223 | unknown | — | 1.5 | KEV | 5y ago | Apple iOS and macOS Group FaceTime contains an unspecified vulnerability where the call initiator can cause the recipient's Apple device to answer unknowingly or without user interaction. | ||
| CVE-2019-5591 | unknown | — | 1.5 | KEV | 5y ago | Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Direc… | ||
| CVE-2019-5544 | unknown | — | 1.5 | KEV | sles | 5y ago | VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrite the heap of the Op… | |
| CVE-2019-4716 | unknown | — | 2.5 | KEVEXP | 5y ago | IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. | ||
| CVE-2019-3398 | unknown | — | 2.5 | KEVEXP | 5y ago | Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write files. Exploitation can… | ||
| CVE-2019-3396 | unknown | — | 2.5 | KEVEXP | 5y ago | Atlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and remote code execution. | ||
| CVE-2019-2215 | unknown | — | 2.5 | KEVEXPFIX | debian | 5y ago | Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability was observed chained with CVE-2020-… | |
| CVE-2019-20085 | unknown | — | 2.5 | KEVEXP | 5y ago | TVT devices utilizing NVMS-1000 software contain a directory traversal vulnerability via GET /.. requests. | ||
| CVE-2019-19781 | unknown | — | 2.5 | KEVEXP | 5y ago | Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution. | ||
| CVE-2019-19356 | unknown | — | 1.5 | KEV | 5y ago | Netis WF2419 devices contains an unspecified vulnerability that allows an attacker to perform remote code execution as root through the router's web management page. | ||
| CVE-2019-18988 | unknown | — | 2.5 | KEVEXP | 5y ago | TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt p… | ||
| CVE-2019-18935 | unknown | — | 2.5 | KEVEXP | 5y ago | Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe proce… | ||
| CVE-2019-18187 | unknown | — | 1.5 | KEV | 5y ago | Trend Micro OfficeScan contains a directory traversal vulnerability by extracting files from a zip file to a specific folder on the OfficeScan server, leading to remote code execution. | ||
| CVE-2019-16759 | unknown | — | 2.5 | KEVEXP | 5y ago | The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. | ||
| CVE-2019-1653 | unknown | — | 2.5 | KEVEXP | 5y ago | Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download the router configuration or detailed diag… | ||
| CVE-2019-16256 | unknown | — | 1.5 | KEV | 5y ago | SIMalliance Toolbox Browser contains an command injection vulnerability that could allow remote attackers to retrieve location and IMEI information or execute a range of other attacks by modifying th… | ||
| CVE-2019-15949 | unknown | — | 2.5 | KEVEXP | 5y ago | Nagios XI contains a remote code execution vulnerability in which a user can modify the check_plugin executable and insert malicious commands to execute as root. | ||
| CVE-2019-15752 | unknown | — | 2.5 | KEVEXPFIX | debian | 5y ago | Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop… | |
| CVE-2019-1429 | unknown | — | 2.5 | KEVEXP | 5y ago | Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user. | ||
| CVE-2019-1367 | unknown | — | 1.5 | KEV | 5y ago | Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execution in the context o… | ||
| CVE-2019-13608 | unknown | — | 1.5 | KEV | 5y ago | Citrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information. | ||
| CVE-2019-1215 | unknown | — | 2.5 | KEVEXP | 5y ago | Microsoft Windows contains an unspecified vulnerability due to the way ws2ifsl.sys (Winsock) handles objects in memory, allowing for privilege escalation. Successful exploitation allows an attacker t… | ||
| CVE-2019-1214 | unknown | — | 1.5 | KEV | 5y ago | Microsoft Windows Common Log File System (CLFS) driver improperly handles objects in memory which can allow for privilege escalation. | ||
| CVE-2019-11634 | unknown | — | 1.5 | KEV | 5y ago | Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives. | ||
| CVE-2019-11580 | unknown | — | 2.5 | KEVEXP | 5y ago | Atlassian Crowd and Crowd Data Center contain a remote code execution vulnerability resulting from a pdkinstall development plugin being incorrectly enabled in release builds. | ||
| CVE-2019-11539 | unknown | — | 2.5 | KEVEXP | 5y ago | Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands. | ||
| CVE-2019-11510 | unknown | — | 2.5 | KEVEXP | 5y ago | Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI. | ||
| CVE-2019-0863 | unknown | — | 2.5 | KEVEXP | 5y ago | Microsoft Windows Error Reporting (WER) contains a privilege escalation vulnerability due to the way it handles files, allowing for code execution in kernel mode. | ||
| CVE-2019-0859 | unknown | — | 1.5 | KEV | 5y ago | Microsoft Win32k fails to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode. | ||
| CVE-2019-0808 | unknown | — | 2.5 | KEVEXP | 5y ago | Microsoft Win32k contains a privilege escalation vulnerability due to the component failing to properly handle objects in memory. Successful exploitation allows an attacker to run code in kernel mode. | ||
| CVE-2019-0803 | unknown | — | 2.5 | KEVEXP | 5y ago | Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in k… | ||
| CVE-2019-0797 | unknown | — | 1.5 | KEV | 5y ago | Microsoft Win32k contains a privilege escalation vulnerability when the Win32k component fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kern… | ||
| CVE-2019-0708 | unknown | — | 2.5 | KEVEXP | 5y ago | Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send… | ||
| CVE-2019-0604 | unknown | — | 2.5 | KEVEXP | 5y ago | Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of the SharePoint applica… | ||
| CVE-2019-0541 | unknown | — | 2.5 | KEVEXP | 5y ago | Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability. | ||
| CVE-2019-0211 | high | — | 10.0 | KEVEXPFIX | debian arch sles | 5y ago | In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scrip… | |
| CVE-2018-8653 | unknown | — | 1.5 | KEV | 5y ago | Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution. | ||
| CVE-2018-6789 | high | — | 10.0 | KEVEXPFIX | arch debian | 5y ago | An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely. | |
| CVE-2018-4939 | unknown | — | 1.5 | KEV | 5y ago | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution. | ||
| CVE-2018-4878 | unknown | — | 2.5 | KEVEXP | 5y ago | Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution. | ||
| CVE-2018-2380 | unknown | — | 2.5 | KEVEXP | 5y ago | SAP Customer Relationship Management (CRM) contains a path traversal vulnerability that allows an attacker to exploit insufficient validation of path information provided by users. | ||
| CVE-2018-20062 | unknown | — | 2.5 | KEVEXP | 5y ago | ThinkPHP "noneCms" contains an unspecified vulnerability that allows for remote code execution through crafted use of the filter parameter. | ||
| CVE-2018-15961 | unknown | — | 2.5 | KEVEXP | 5y ago | Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution. | ||
| CVE-2018-14558 | unknown | — | 1.5 | KEV | 5y ago | Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows… | ||
| CVE-2018-13379 | unknown | — | 2.5 | KEVEXP | 5y ago | Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource request… | ||
| CVE-2018-0802 | unknown | — | 1.5 | KEV | 5y ago | Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. … | ||
| CVE-2018-0798 | unknown | — | 1.5 | KEV | 5y ago | Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. … | ||
| CVE-2018-0296 | unknown | — | 2.5 | KEVEXP | 5y ago | Cisco Adaptive Security Appliance (ASA) contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service (DoS) condition or inform… | ||
| CVE-2018-0171 | unknown | — | 2.5 | KEVEXP | 5y ago | Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service (DoS) condition, or p… | ||
| CVE-2017-9248 | unknown | — | 2.5 | KEVEXP | 5y ago | Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey… | ||
| CVE-2017-8759 | unknown | — | 2.5 | KEVEXP | 5y ago | Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system. | ||
| CVE-2017-7269 | unknown | — | 2.5 | KEVEXP | 5y ago | Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 which allows remote attackers to execute code via a long header beginning with "If… | ||
| CVE-2017-6327 | unknown | — | 2.5 | KEVEXP | 5y ago | Symantec Messaging Gateway contains an unspecified vulnerability which can allow for remote code execution. With the ability to perform remote code execution, an attacker may also desire to perform p… | ||
| CVE-2017-16651 | high | — | 10.0 | KEVEXPFIX | arch debian | 5y ago | Roundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default. | |
| CVE-2017-11882 | unknown | — | 2.5 | KEVEXP | 5y ago | Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user. | ||
| CVE-2017-11774 | unknown | — | 1.5 | KEV | 5y ago | Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute commands. | ||
| CVE-2017-0199 | unknown | — | 2.5 | KEVEXP | 5y ago | Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution. | ||
| CVE-2017-0143 | unknown | — | 2.5 | KEVEXP | 5y ago | Microsoft Windows Server Message Block 1.0 (SMBv1) contains an unspecified vulnerability that allows for remote code execution. | ||
| CVE-2016-9563 | unknown | — | 1.5 | KEV | 5y ago | SAP NetWeaver Application Server Java Platforms contains an unspecified vulnerability in BC-BMT-BPM-DSK which allows remote, authenticated users to conduct XML External Entity (XXE) attacks. | ||
| CVE-2016-7255 | unknown | — | 2.5 | KEVEXP | 5y ago | Microsoft Win32k kernel-mode driver fails to properly handle objects in memory which allows for privilege escalation. Successful exploitation allows an attacker to run code in kernel mode. | ||
| CVE-2016-3976 | unknown | — | 2.5 | KEVEXP | 5y ago | SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote at… | ||
| CVE-2016-3718 | unknown | — | 2.5 | KEVEXPFIX | debian | 5y ago | ImageMagick contains an unspecified vulnerability that allows attackers to perform server-side request forgery (SSRF) via a crafted image. | |
| CVE-2016-3715 | unknown | — | 2.5 | KEVEXPFIX | debian | 5y ago | ImageMagick contains an unspecified vulnerability that could allow users to delete files by using ImageMagick's 'ephemeral' pseudo protocol, which deletes files after reading. | |
| CVE-2016-3643 | unknown | — | 2.5 | KEVEXP | 5y ago | SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo. | ||
| CVE-2016-3235 | unknown | — | 2.5 | KEVEXP | 5y ago | Microsoft Office Object Linking & Embedding (OLE) dynamic link library (DLL) contains a side loading vulnerability due to it improperly validating input before loading libraries. Successful exploitat… | ||
| CVE-2016-0185 | unknown | — | 2.5 | KEVEXP | 5y ago | Microsoft Windows Media Center contains a remote code execution vulnerability when Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. | ||
| CVE-2016-0167 | unknown | — | 1.5 | KEV | 5y ago | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation via a crafted application | ||
| CVE-2015-4852 | unknown | — | 2.5 | KEVEXP | 5y ago | Oracle WebLogic Server contains a deserialization of untrusted data vulnerability within Apache Commons, which can allow for for remote code execution. | ||
| CVE-2015-1641 | unknown | — | 1.5 | KEV | 5y ago | Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code execution in the context… | ||
| CVE-2014-1812 | unknown | — | 2.5 | KEVEXP | 5y ago | Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker … | ||
| CVE-2012-3152 | unknown | — | 2.5 | KEVEXP | 5y ago | Oracle Fusion Middleware Reports Developer contains an unspecified vulnerability that allows remote attackers to affect confidentiality and integrity of affected systems. |