31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 1,051–1,100 of 1,619 in KEV · page 22 of 33
| ID | Title | Summary |
|---|---|---|
| CVE-2020-10189 | Zoho ManageEngine Desktop Central File Upload Vulnerability KEVZoho | Zoho ManageEngine Desktop Central contains a file upload vulnerability that allows for unauthenticated remote code execution. |
| CVE-2020-10181 | Sumavision EMR Cross-Site Request Forgery (CSRF) Vulnerability KEVSumavision | Sumavision Enhanced Multimedia Router (EMR) contains a cross-site request forgery (CSRF) vulnerability allowing the creation of users with elevated privileges … |
| CVE-2020-10148 | SolarWinds Orion Authentication Bypass Vulnerability KEVSolarWinds | SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands. |
| CVE-2020-0986 | Microsoft Windows Kernel Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows kernel contains an unspecified vulnerability when handling objects in memory that allows attackers to escalate privileges and execute code in… |
| CVE-2020-0968 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability KEVMicrosoft | Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execut… |
| CVE-2020-0938 | Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability KEVMicrosoft | Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript … |
| CVE-2020-0878 | Microsoft Edge and Internet Explorer Memory Corruption Vulnerability KEVMicrosoft | Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user. |
| CVE-2020-0796 | Microsoft SMBv3 Remote Code Execution Vulnerability KEVMicrosoft | A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker wh… |
| CVE-2020-0787 | Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability KEVMicrosoft | Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability… |
| CVE-2020-0688 | Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability KEVMicrosoft | Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution. |
| CVE-2020-0683 | Microsoft Windows Installer Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows Installer contains a privilege escalation vulnerability when MSI packages process symbolic links, which allows attackers to bypass access res… |
| CVE-2020-0674 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability KEVMicrosoft | Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation c… |
| CVE-2020-0646 | Microsoft .NET Framework Remote Code Execution Vulnerability KEVMicrosoft | Microsoft .NET Framework contains an improper input validation vulnerability that allows for remote code execution. |
| CVE-2020-0638 | Microsoft Update Notification Manager Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Update Notification Manager contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2020-0618 | Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability KEVMicrosoft | Microsoft SQL Server Reporting Services contains a deserialization vulnerability when handling page requests incorrectly. An authenticated attacker can exploit… |
| CVE-2020-0601 | Microsoft Windows CryptoAPI Spoofing Vulnerability KEVMicrosoft | Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker… |
| CVE-2020-0069 | Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability KEVMediaTek | Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl hand… |
| CVE-2020-0041 | Android Kernel Out-of-Bounds Write Vulnerability KEVAndroid | Android Kernel binder_transaction of binder.c contains an out-of-bounds write vulnerability due to an incorrect bounds check that could allow for local privile… |
| CVE-2019-9978 | WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability KEVWordPress | WordPress Social Warfare plugin contains a cross-site scripting (XSS) vulnerability that allows for remote code execution. This vulnerability affects Social Wa… |
| CVE-2019-9875 | Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability KEVSitecore | Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an authenticated attacke… |
| CVE-2019-9874 | Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability KEVSitecore | Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an unauthenticated attac… |
| CVE-2019-9670 | Synacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Reference KEVSynacor | Synacor Zimbra Collaboration Suite (ZCS) contains an improper restriction of XML external entity (XXE) vulnerability in the mailboxd component. |
| CVE-2019-9621 | Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability KEVSynacor | Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery (SSRF) vulnerability via the ProxyServlet component. |
| CVE-2019-9082 | ThinkPHP Remote Code Execution Vulnerability KEVThinkPHP | ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\think\app/invokefunction&function=call_user_func_arr… |
| CVE-2019-8720 | WebKitGTK Memory Corruption Vulnerability KEVWebKitGTK | WebKitGTK contains a memory corruption vulnerability which can allow an attacker to perform remote code execution. |
| CVE-2019-8605 | Apple Multiple Products Use-After-Free Vulnerability KEVApple | A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges. |
| CVE-2019-8526 | Apple macOS Use-After-Free Vulnerability KEVApple | Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation. |
| CVE-2019-8506 | Apple Multiple Products Type Confusion Vulnerability KEVApple | A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution. |
| CVE-2019-8394 | Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability KEVZoho | Zoho ManageEngine ServiceDesk Plus (SDP) contains an unspecified vulnerability that allows remote users to upload files via login page customization. |
| CVE-2019-7609 | Kibana Arbitrary Code Execution KEVElastic | Kibana contain an arbitrary code execution flaw in the Timelion visualizer. |
| CVE-2019-7483 | SonicWall SMA100 Directory Traversal Vulnerability KEVSonicWall | In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on th… |
| CVE-2019-7481 | SonicWall SMA100 SQL Injection Vulnerability KEVSonicWall | SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources. |
| CVE-2019-7287 | Apple iOS Memory Corruption Vulnerability KEVApple | Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution. |
| CVE-2019-7286 | Apple Multiple Products Memory Corruption Vulnerability KEVApple | Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation. |
| CVE-2019-7256 | Nice Linear eMerge E3-Series OS Command Injection Vulnerability KEVNice | Nice Linear eMerge E3-Series contains an OS command injection vulnerability that allows an attacker to conduct remote code execution. |
| CVE-2019-7238 | Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability KEVSonatype | Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution. |
| CVE-2019-7195 | QNAP Photo Station Path Traversal Vulnerability KEVQNAP | QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files. |
| CVE-2019-7194 | QNAP Photo Station Path Traversal Vulnerability KEVQNAP | QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files. |
| CVE-2019-7193 | QNAP QTS Improper Input Validation Vulnerability KEVQNAP | QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system. |
| CVE-2019-7192 | QNAP Photo Station Improper Access Control Vulnerability KEVQNAP | QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system. |
| CVE-2019-6693 | Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability KEVFortinet | Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup f… |
| CVE-2019-6340 | Drupal Core Remote Code Execution Vulnerability KEVDrupal | In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases. |
| CVE-2019-6223 | Apple iOS and macOS Group Facetime Vulnerability KEVApple | Apple iOS and macOS Group FaceTime contains an unspecified vulnerability where the call initiator can cause the recipient's Apple device to answer unknowingly … |
| CVE-2019-5825 | Google Chromium V8 Out-of-Bounds Write Vulnerability KEVGoogle | Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML… |
| CVE-2019-5786 | Google Chrome Blink Use-After-Free Vulnerability KEVGoogle | Google Chrome Blink contains a heap use-after-free vulnerability that allows an attacker to potentially perform out of bounds memory access via a crafted HTML … |
| CVE-2019-5591 | Fortinet FortiOS Default Configuration Vulnerability KEVFortinet | Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive informatio… |
| CVE-2019-5544 | VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability KEVVMware | VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to … |
| CVE-2019-5418 | Rails Ruby on Rails Path Traversal Vulnerability KEVRails | Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can ca… |
| CVE-2019-4716 | IBM Planning Analytics Remote Code Execution Vulnerability KEVIBM | IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYS… |
| CVE-2019-3929 | Crestron Multiple Products Command Injection Vulnerability KEVCrestron | Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnera… |