22 matches found
VulnCheck KEV: CVE-2026-57624
Unauthenticated Remote Code Execution RCE in Blocksy Companion Pro = 2.1.46 versions...
VulnCheck KEV: CVE-2026-10735
Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommerce Pro WordPress plugin before 3.5.3 Pro smart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Produ...
VulnCheck KEV: CVE-2026-49060
Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4...
RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers
Cybersecurity firm VulnCheck reveals hackers are using a critical 2018 vulnerability to bypass authentication and hack over a million ASUS routers...
VulnCheck KEV: CVE-2026-42208
LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An...
VulnCheck KEV: CVE-2026-4047
A vulnerability is present in Qinglong due to improperly matching case sensitive paths used by middleware authenticaion but the underlying Express.js framework treats paths case insensitively...
VulnCheck KEV: CVE-2023-36899
ASP.NET Elevation of Privilege Vulnerability...
Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers
A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0625 CVSS score: 9.3, concerns a case of command injection in the "dnscfg.cgi" endpoint that arises as a result of improper...
CVE-2024-13991 Huijietong Cloud Video Platform fileDownload Arbitrary File Read
Huijietong Cloud Video Platform contains a path traversal vulnerability that allows an unauthenticated attacker can supply arbitrary file paths to the fullPath parameter of the /fileDownload?action=downloadBackupFile endpoint and retrieve files from the server filesystem. VulnCheck has observed...
15,000 Jenkins Servers at Risk from RCE Vulnerability (CVE-2025-53652)
A new report by VulnCheck exposes a critical command injection flaw CVE-2025-53652 in the Jenkins Git Parameter plugin.…...
nuclei-templates
Nuclei Templates Community curated list of templates for the nu...
VulnCheck KEV: CVE-2024-28916
Xbox Gaming Services Elevation of Privilege Vulnerability...
VulnCheck KEV: CVE-2024-44309
Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting XSS attack...
VulnCheck KEV: CVE-2024-26234
Proxy Driver Spoofing Vulnerability...
VulnCheck KEV: CVE-2023-21716
Microsoft Word Remote Code Execution Vulnerability...
BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks
The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their extortion-only attacks. According to a new report from GuidePoint Security, which responded to a recent intrusion, the incident "began with the exploitatio...
VulnCheck KEV: CVE-2022-0769
The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the datatarget parameter before it is being interpolated in an SQL statement and then executed via the ratingvote AJAX action available to both unauthenticated and authenticated users, leading to an SQL...
Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware
In a sign that cybersecurity researchers continue to be under the radar of malicious actors, a proof-of-concept PoC has been discovered on GitHub, concealing a backdoor with a "crafty" persistence method. "In this instance, the PoC is a wolf in sheep's clothing, harboring malicious intent under t...
VulnCheck KEV: CVE-2019-3010
Oracle Solaris component: XScreenSaver contains an unspecified vulnerability that allows for privilege escalation...
VulnCheck KEV: CVE-2021-34484
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation...