Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2026/01/05 12:0 a.m.40 views

VulnCheck KEV: CVE-2026-0625

Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device’s DN...

9.3CVSS5.8AI score0.00964EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2026/01/02 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-14998

The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...

9.8CVSS5.9AI score0.00541EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/12/31 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-10204

A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This form allows you to chang...

7.1CVSS5.7AI score0.00451EPSS
Exploits0References23
VulnCheck KEV
VulnCheck KEV
added 2025/12/31 12:0 a.m.66 views

VulnCheck KEV: CVE-2015-10145

Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/runcommands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary she...

8.8CVSS6.3AI score0.0063EPSS
Exploits1References5
VulnCheck KEV
VulnCheck KEV
added 2025/12/28 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-14847

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...

8.7CVSS5.8AI score0.83007EPSS
Exploits39References10
VulnCheck KEV
VulnCheck KEV
added 2025/12/27 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-49619

Skyvern through 0.1.85 is vulnerable to server-side template injection SSTI in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to...

8.5CVSS6.4AI score0.13746EPSS
Exploits6References2
VulnCheck KEV
VulnCheck KEV
added 2025/12/26 12:0 a.m.11 views

VulnCheck KEV: CVE-2023-44353

Adobe ColdFusion versions 2023.5 and earlier and 2021.11 and earlier are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction...

9.8CVSS5.9AI score0.80178EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/12/26 12:0 a.m.14 views

VulnCheck KEV: CVE-2010-2035

Directory traversal vulnerability in the Percha Gallery comperchagallery component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. dot dot in the controller parameter to index.php...

7.5CVSS6AI score0.15781EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/12/26 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-44352

Adobe ColdFusion versions 2023.5 and earlier and 2021.11 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within th...

6.1CVSS5.7AI score0.84811EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/12/24 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-13773

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the 'WooCommerceDeliveryNotes::update' function. This is due to missing capability check in the 'WooCommerceDeliveryNotes::update' functio...

9.8CVSS6.1AI score0.032EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/12/24 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-37164

A remote code execution issue exists in HPE OneView...

10CVSS6.4AI score0.89733EPSS
Exploits8References31
VulnCheck KEV
VulnCheck KEV
added 2025/12/23 12:0 a.m.78 views

VulnCheck KEV: CVE-2025-49844

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all...

9.9CVSS7.2AI score0.86767EPSS
Exploits14References114
VulnCheck KEV
VulnCheck KEV
added 2025/12/21 12:0 a.m.26 views

VulnCheck KEV: CVE-2025-11953

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...

9.8CVSS6.1AI score0.62378EPSS
Exploits5References86
VulnCheck KEV
VulnCheck KEV
added 2025/12/19 12:0 a.m.10 views

VulnCheck KEV: CVE-2025-34469

Cowrie versions prior to 2.9.0 contain a server-side request forgery SSRF vulnerability in the emulated shell implementation of wget and curl. In the default emulated shell configuration, these command emulations perform real outbound HTTP requests to attacker-supplied destinations. Because no...

7.5CVSS6AI score0.00616EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2025/12/19 12:0 a.m.31 views

VulnCheck KEV: CVE-2024-3408

man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution RCE due to improper input validation. The vulnerability arises from a hardcoded SECRETKEY in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled...

9.8CVSS6.7AI score0.77951EPSS
Exploits5References64
VulnCheck KEV
VulnCheck KEV
added 2025/12/19 12:0 a.m.7 views

VulnCheck KEV: CVE-2024-55890

D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the update-settings endpoint blocks the ability...

6.9CVSS6.5AI score0.01063EPSS
Exploits0References63
VulnCheck KEV
VulnCheck KEV
added 2025/12/19 12:0 a.m.51 views

VulnCheck KEV: CVE-2023-6360

The 'My Calendar' WordPress Plugin, version 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '/my-calendar/v1/events' rest route...

9.8CVSS5.9AI score0.63141EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/12/19 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-14733

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability...

9.8CVSS6.1AI score0.18047EPSS
Exploits1References8
VulnCheck KEV
VulnCheck KEV
added 2025/12/19 12:0 a.m.28 views

VulnCheck KEV: CVE-2025-32778

Web-Check is an all-in-one OSINT tool for analyzing any website. A command injection vulnerability exists in the screenshot API of the Web Check project Lissy93/web-check. The issue stems from user-controlled input url being passed unsanitized into a shell command using exec, allowing attackers t...

9.3CVSS6.2AI score0.19761EPSS
Exploits4References78
VulnCheck KEV
VulnCheck KEV
added 2025/12/17 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-40602

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console AMC...

6.6CVSS5.8AI score0.0191EPSS
Exploits1References10
VulnCheck KEV
VulnCheck KEV
added 2025/12/17 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-59374

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that...

9.8CVSS5.8AI score0.01084EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2025/12/17 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-11924

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.13.2. This is due to the plugin not properly verifying that a user is authorized before the ninja-forms-views REST endpoints...

7.5CVSS5.9AI score0.00364EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/12/17 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-20393

A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due...

10CVSS6.1AI score0.2906EPSS
Exploits2References15
VulnCheck KEV
VulnCheck KEV
added 2025/12/16 12:0 a.m.12 views

VulnCheck KEV: CVE-2021-34427

In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote current BIRT viewer dir to inject JSP code into the running instance...

9.8CVSS5.9AI score0.5771EPSS
Exploits4References2
VulnCheck KEV
VulnCheck KEV
added 2025/12/15 12:0 a.m.18 views

VulnCheck KEV: CVE-2025-55523

An issue in the component /api/downloadworkdirfile.py of Agent-Zero v0.8. allows attackers to execute a directory traversal...

3.5CVSS5.9AI score0.00979EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/12/15 12:0 a.m.9 views

VulnCheck KEV: CVE-2024-55963

An issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn't have admin permissions can trigger the restart API on Appsmith, causing a server restart. This is still within the Appsmith container, and the impact is limited to Appsmith's own server only, but there is a denial of...

6.5CVSS5.8AI score0.27733EPSS
Exploits5References44
VulnCheck KEV
VulnCheck KEV
added 2025/12/15 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-59719

An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message...

9.8CVSS5.8AI score0.65825EPSS
Exploits1References9
VulnCheck KEV
VulnCheck KEV
added 2025/12/15 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-55747

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API. This is fixed in version 16.10.7...

9.3CVSS5.8AI score0.01557EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/12/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-59718

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14,...

9.8CVSS5.8AI score0.65825EPSS
Exploits1References16
VulnCheck KEV
VulnCheck KEV
added 2025/12/15 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-64764

Astro is a web framework. Prior to version 5.15.8, a reflected XSS vulnerability is present when the server islands feature is used in the targeted application, regardless of what was intended by the component templates. This issue has been patched in version 5.15.8...

7.1CVSS5.7AI score0.00446EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/12/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-9316

N-central 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4...

6.9CVSS5.8AI score0.37335EPSS
Exploits2References24
VulnCheck KEV
VulnCheck KEV
added 2025/12/15 12:0 a.m.7 views

VulnCheck KEV: CVE-2018-13317

Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm...

6.1CVSS5.8AI score0.00991EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/12/15 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-13315

Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password...

9.8CVSS5.8AI score0.31944EPSS
Exploits3References2
VulnCheck KEV
VulnCheck KEV
added 2025/12/15 12:0 a.m.16 views

VulnCheck KEV: CVE-2025-12055

HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 week 36/2025, which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" paramet...

7.5CVSS5.9AI score0.03655EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/12/15 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-11700

N-central versions 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure...

8.4CVSS5.8AI score0.31631EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
added 2025/12/14 12:0 a.m.13 views

VulnCheck KEV: CVE-2020-27866

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this...

8.8CVSS5.5AI score0.08656EPSS
Exploits0References122
VulnCheck KEV
VulnCheck KEV
added 2025/12/12 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-14174

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.22359EPSS
Exploits10References10
VulnCheck KEV
VulnCheck KEV
added 2025/12/12 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-43529

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code...

8.8CVSS6AI score0.22359EPSS
Exploits14References8
VulnCheck KEV
VulnCheck KEV
added 2025/12/12 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-14611

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted...

9.8CVSS5.9AI score0.50949EPSS
Exploits3References6
VulnCheck KEV
VulnCheck KEV
added 2025/12/11 12:0 a.m.10 views

VulnCheck KEV: CVE-2018-4063

An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticat...

9CVSS6.4AI score0.27851EPSS
Exploits3References6
VulnCheck KEV
VulnCheck KEV
added 2025/12/10 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-8110

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code...

8.8CVSS5.8AI score0.7654EPSS
Exploits15References7
VulnCheck KEV
VulnCheck KEV
added 2025/12/09 12:0 a.m.9 views

VulnCheck KEV: CVE-2025-62221

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...

7.8CVSS5.7AI score0.02342EPSS
Exploits2References7
VulnCheck KEV
VulnCheck KEV
added 2025/12/08 12:0 a.m.7 views

VulnCheck KEV: CVE-2018-10661

An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control...

10CVSS5.8AI score0.86682EPSS
Exploits4References2
VulnCheck KEV
VulnCheck KEV
added 2025/12/08 12:0 a.m.12 views

VulnCheck KEV: CVE-2023-26464

UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted ie, deeply nested hashmap or hashtable depending on which logging component is in use to be processed...

7.5CVSS5.8AI score0.01905EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/12/08 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-58443

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a full SQL DB without credentials. A fix is...

9.9CVSS5.9AI score0.17647EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
added 2025/12/08 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-1066

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by...

7.8CVSS5.8AI score0.02309EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/12/08 12:0 a.m.13 views

VulnCheck KEV: CVE-2024-44902

A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code...

9.8CVSS6AI score0.04208EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/12/08 12:0 a.m.7 views

VulnCheck KEV: CVE-2022-31197

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the java.sql.ResultRow.refreshRow method is not performing escaping of column names so a malicious column name that contain...

8CVSS6AI score0.01662EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/12/08 12:0 a.m.9 views

VulnCheck KEV: CVE-2023-52076

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the use...

8.5CVSS6AI score0.01016EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
added 2025/12/05 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-58360

GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap...

9.8CVSS5.7AI score0.66753EPSS
Exploits4References169
Total number of security vulnerabilities4985