Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2026/05/21 12:0 a.m.49 views

VulnCheck KEV: CVE-2026-26980

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...

9.4CVSS6.1AI score0.69996EPSS
Exploits7References15
VulnCheck KEV
VulnCheck KEV
added 2026/05/20 12:0 a.m.20 views

VulnCheck KEV: CVE-2026-45444

Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6...

10CVSS5.8AI score0.00282EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2026/05/20 12:0 a.m.27 views

VulnCheck KEV: CVE-2026-6664

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet...

7.5CVSS6AI score0.00698EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/20 12:0 a.m.16 views

VulnCheck KEV: CVE-2017-7692

SquirrelMail 1.4.22 and other versions before 201704270200-SVN allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the...

9CVSS8AI score0.32156EPSS
Exploits7References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/19 12:0 a.m.15 views

VulnCheck KEV: CVE-2025-53072

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite component: Marketing Administration. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing...

9.8CVSS7.3AI score0.00652EPSS
Exploits3References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/19 12:0 a.m.20 views

VulnCheck KEV: CVE-2026-45498

Microsoft Defender Denial of Service Vulnerability...

7.5CVSS5.8AI score0.63076EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2026/05/19 12:0 a.m.20 views

VulnCheck KEV: CVE-2024-12802

SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN User Principal Name and SAM Security Account Manager account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and...

9.1CVSS6.6AI score0.00459EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2026/05/19 12:0 a.m.18 views

VulnCheck KEV: CVE-2025-62481

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite component: Marketing Administration. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing...

9.8CVSS7.3AI score0.00605EPSS
Exploits3References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/19 12:0 a.m.28 views

VulnCheck KEV: CVE-2026-34234

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer public/installer/index.php is vulnerable to unauthenticated Remote Code Execution RCE because it performs the install.lock check only after including and executing form handler...

10CVSS6.2AI score0.00821EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/19 12:0 a.m.24 views

VulnCheck KEV: CVE-2026-41091

Improper link resolution before file access 'link following' in Microsoft Defender allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.08371EPSS
Exploits2References4
VulnCheck KEV
VulnCheck KEV
added 2026/05/18 12:0 a.m.18 views

VulnCheck KEV: CVE-2025-1448

A vulnerability was found in Synway SMG Gateway Management Software up to 20250204. It has been rated as critical. This issue affects some unknown processing of the file 9-12ping.php. The manipulation of the argument retry leads to command injection. The attack may be initiated remotely. The...

7.5CVSS6.7AI score0.0285EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/17 12:0 a.m.20 views

VulnCheck KEV: CVE-2018-5999

An issue was discovered in AsusWRT before 3.0.0.4.38410007. In the handlerequest function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails...

10CVSS7.3AI score0.8715EPSS
Exploits10References4
VulnCheck KEV
VulnCheck KEV
added 2026/05/16 12:0 a.m.17 views

VulnCheck KEV: CVE-2024-45309

OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9...

8.7CVSS7.3AI score0.24822EPSS
Exploits1References27
VulnCheck KEV
VulnCheck KEV
added 2026/05/16 12:0 a.m.20 views

VulnCheck KEV: CVE-2025-67303

An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface...

7.5CVSS7.5AI score0.01361EPSS
Exploits3References21
VulnCheck KEV
VulnCheck KEV
added 2026/05/16 12:0 a.m.21 views

VulnCheck KEV: CVE-2022-28290

Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request...

6.1CVSS6.4AI score0.01409EPSS
Exploits2References27
VulnCheck KEV
VulnCheck KEV
added 2026/05/16 12:0 a.m.93 views

VulnCheck KEV: CVE-2026-42945

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression PCRE capture for example, $1, $2 with a replacement strin...

9.2CVSS6.4AI score0.61469EPSS
Exploits40References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/14 12:0 a.m.28 views

VulnCheck KEV: CVE-2026-42897

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

8.1CVSS5.8AI score0.0564EPSS
Exploits1References6
VulnCheck KEV
VulnCheck KEV
added 2026/05/14 12:0 a.m.35 views

VulnCheck KEV: CVE-2026-28515

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this...

9.3CVSS5.8AI score0.01157EPSS
Exploits3References3
VulnCheck KEV
VulnCheck KEV
added 2026/05/14 12:0 a.m.29 views

VulnCheck KEV: CVE-2026-20182

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show...

10CVSS6.2AI score0.87693EPSS
Exploits4References6
VulnCheck KEV
VulnCheck KEV
added 2026/05/14 12:0 a.m.24 views

VulnCheck KEV: CVE-2026-28517

openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in reportnetworkmap.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec without validation or sanitization. If an attacker can modify the...

9.8CVSS5.9AI score0.05648EPSS
Exploits2References3
VulnCheck KEV
VulnCheck KEV
added 2026/05/14 12:0 a.m.23 views

VulnCheck KEV: CVE-2026-47100

Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject...

8.7CVSS5.9AI score0.00457EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2026/05/14 12:0 a.m.31 views

VulnCheck KEV: CVE-2026-8181

The Burst Statistics – Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the ismainwpauthenticated function when validating application...

9.8CVSS5.8AI score0.14608EPSS
Exploits10References5
VulnCheck KEV
VulnCheck KEV
added 2026/05/13 12:0 a.m.20 views

VulnCheck KEV: CVE-2026-32661

Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud SaaS version. If a remote attacker sends a specially crafted request to the product's web service, arbitrary code may be executed when the product is configured to run pop3wallpasswd wi...

9.8CVSS6.2AI score0.00472EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/13 12:0 a.m.43 views

VulnCheck KEV: CVE-2026-41176

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

9.8CVSS5.8AI score0.34734EPSS
Exploits1References21
VulnCheck KEV
VulnCheck KEV
added 2026/05/13 12:0 a.m.20 views

VulnCheck KEV: CVE-2023-2523

A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobileuploadsave. The manipulation of the argument uploadquwan leads to unrestricted upload. The attack may be launched...

9.8CVSS5.5AI score0.32895EPSS
Exploits2References15
VulnCheck KEV
VulnCheck KEV
added 2026/05/12 12:0 a.m.25 views

VulnCheck KEV: CVE-2026-44338

PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any caller that can reach it can access /agents and trigger the configured agents.yaml workflow throug...

7.3CVSS5.7AI score0.26799EPSS
Exploits3References3
VulnCheck KEV
VulnCheck KEV
added 2026/05/11 12:0 a.m.27 views

VulnCheck KEV: CVE-2019-13396

FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the forminclude parameter in an index.php?q=system-handle-form-submit POST request because of an includeonce in systemhandleformsubmit in modules/system/system.module...

5.3CVSS6AI score0.62572EPSS
Exploits5References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/11 12:0 a.m.127 views

VulnCheck KEV: CVE-2026-43284

In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSGSPLICEPAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFLSHAREDFRAG after skbsplicefromiter, so later paths that may modify packet data ca...

8.8CVSS5.8AI score0.93235EPSS
Exploits31References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/11 12:0 a.m.112 views

VulnCheck KEV: CVE-2026-43500

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpcinputcallevent and the RESPONSE handler in rxrpcverifyresponse copy the skb to a linear one before calling into the security o...

7.8CVSS5.8AI score0.92766EPSS
Exploits20References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/10 12:0 a.m.16 views

VulnCheck KEV: CVE-2025-32818

A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service DoS condition...

7.5CVSS7.3AI score0.00786EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/10 12:0 a.m.19 views

VulnCheck KEV: CVE-2025-40601

A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service DoS, which could cause an impacted firewall to crash...

7.5CVSS7.5AI score0.01078EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/10 12:0 a.m.18 views

VulnCheck KEV: CVE-2025-40600

Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption...

9.8CVSS6.3AI score0.00875EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/08 12:0 a.m.19 views

VulnCheck KEV: CVE-2026-8398

A supply chain attack compromised the official installation packages of DAEMON Tools Lite Windows versions 12.5.0.2421 through 12.5.0.2434, distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the...

9.8CVSS5.8AI score0.01456EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2026/05/07 12:0 a.m.19 views

VulnCheck KEV: CVE-2026-6692

The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the 'getmediaurl' and 'checkfilepath' function. This is due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and...

8.8CVSS6.4AI score0.00815EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/07 12:0 a.m.43 views

VulnCheck KEV: CVE-2026-40466

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...

8.8CVSS6.4AI score0.04783EPSS
Exploits13References19
VulnCheck KEV
VulnCheck KEV
added 2026/05/07 12:0 a.m.15 views

VulnCheck KEV: CVE-2026-6973

An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution...

7.2CVSS6.2AI score0.34454EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2026/05/07 12:0 a.m.21 views

VulnCheck KEV: CVE-2025-9501

The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the parsedynamicmfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post...

9CVSS7.6AI score0.19241EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/07 12:0 a.m.29 views

VulnCheck KEV: CVE-2026-44742

Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026...

7.2CVSS5.8AI score0.00237EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/05 12:0 a.m.18 views

VulnCheck KEV: CVE-2026-7473

On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a...

6.9CVSS5.4AI score0.00836EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2026/05/05 12:0 a.m.22 views

VulnCheck KEV: CVE-2026-0300

A buffer overflow vulnerability in the User-ID™ Authentication Portal aka Captive Portal service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. T...

9.8CVSS6.6AI score0.36157EPSS
Exploits6References7
VulnCheck KEV
VulnCheck KEV
added 2026/05/05 12:0 a.m.7 views

VulnCheck KEV: CVE-2024-11350

The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user's identity prior to updating their password through the adforestresetpassword function. This makes it...

9.8CVSS7.6AI score0.00672EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/05 12:0 a.m.7 views

VulnCheck KEV: CVE-2024-13365

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive function in all versions up to, and including, 2.149. This makes it possib...

9.8CVSS8.1AI score0.01505EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/05 12:0 a.m.9 views

VulnCheck KEV: CVE-2024-11349

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sbloginuserwithotpfun function. This makes it possible for unauthenticat...

9.8CVSS7.6AI score0.01205EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/04 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-5822

The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnduploadcf7upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to...

9.8CVSS7.9AI score0.01793EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/04 12:0 a.m.9 views

VulnCheck KEV: CVE-2023-47783

Missing Authorization vulnerability in Thrive Themes Thrive Theme Builder.This issue affects Thrive Theme Builder: from n/a before 3.24.0...

8.3CVSS7.3AI score0.00356EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/04 12:0 a.m.8 views

VulnCheck KEV: CVE-2025-5339

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘bsaproid’ parameter in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

7.5CVSS5.9AI score0.00327EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/04 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-3278

The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'userregisterrole' field. This makes it possible for...

9.8CVSS7.5AI score0.00511EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/04 12:0 a.m.27 views

VulnCheck KEV: CVE-2026-3296

The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3 via deserialization of untrusted input from form entry metadata. This is due to the html-admin-page-entries-view.php file calling PHP's native unserialize on stored entry meta...

9.8CVSS5.8AI score0.00878EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/04 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-9807

The The Events Calendar plugin for WordPress is vulnerable to time-based SQL Injection via the ‘s’ parameter in all versions up to, and including, 6.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

7.5CVSS5.9AI score0.00324EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/04 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-11307

The WP Go Maps formerly WP Google Maps WordPress plugin before 9.0.48 does not sanitize user input provided via an AJAX action, allowing unauthenticated users to store XSS payloads which are later retrieved from another AJAX call and output unescaped...

8.8CVSS5.8AI score0.01939EPSS
Exploits0References2
Total number of security vulnerabilities4985