Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2026/04/23 12:0 a.m.•8 views

VulnCheck KEV: CVE-2024-52490

Unrestricted Upload of File with Dangerous Type vulnerability in pathomation Pathomation pathomation allows Upload a Web Shell to a Web Server.This issue affects Pathomation: from n/a through = 2.5.1...

10CVSS8.8AI score0.00562EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
•added 2026/04/22 12:0 a.m.•33 views

VulnCheck KEV: CVE-2026-33626

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating...

7.5CVSS5.9AI score0.4525EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/22 12:0 a.m.•69 views

VulnCheck KEV: CVE-2024-32114

In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context where the Jolokia JMX REST API and the Message REST API are located. It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with the broker using Jolokia J...

8.8CVSS5.7AI score0.0692EPSS
Exploits1References16
VulnCheck KEV
VulnCheck KEV
•added 2026/04/21 12:0 a.m.•6 views

VulnCheck KEV: CVE-2025-29635

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/setprohibiting via the corresponding function, triggering remote command execution...

7.2CVSS6.2AI score0.87239EPSS
Exploits1References5
VulnCheck KEV
VulnCheck KEV
•added 2026/04/21 12:0 a.m.•5 views

VulnCheck KEV: CVE-2024-22927

Cross Site Scripting XSS vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL...

6.1CVSS6AI score0.01028EPSS
Exploits1References9
VulnCheck KEV
VulnCheck KEV
•added 2026/04/21 12:0 a.m.•58 views

VulnCheck KEV: CVE-2019-25714

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...

9.3CVSS6.2AI score0.00653EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/20 12:0 a.m.•10 views

VulnCheck KEV: CVE-2026-5718

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.6. This is due to insufficient file type validation that occurs when custom blacklist types are configured, which replaces the default...

8.1CVSS6.2AI score0.04175EPSS
Exploits3References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/20 12:0 a.m.•6 views

VulnCheck KEV: CVE-2025-2749

An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code...

7.2CVSS6.5AI score0.03854EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/20 12:0 a.m.•6 views

VulnCheck KEV: CVE-2026-20133

A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this...

7.5CVSS7.5AI score0.10245EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
•added 2026/04/20 12:0 a.m.•5 views

VulnCheck KEV: CVE-2025-48700

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting XSS vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information...

6.1CVSS6.1AI score0.01761EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/18 12:0 a.m.•4 views

VulnCheck KEV: CVE-2026-27174

MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...

9.8CVSS6.7AI score0.06996EPSS
Exploits4References26
VulnCheck KEV
VulnCheck KEV
•added 2026/04/17 12:0 a.m.•13 views

VulnCheck KEV: CVE-2026-5231

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utmsource' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input sanitization and output escaping. The plugin's referral parser copies the raw utmsource value into the...

7.2CVSS5.9AI score0.00476EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/17 12:0 a.m.•4 views

VulnCheck KEV: CVE-2026-25455

Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Slider for WooCommerce: from n/a through = 1.13.61...

6.5CVSS5.1AI score0.00315EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/16 12:0 a.m.•178 views

VulnCheck KEV: CVE-2026-33825

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally...

7.8CVSS6.4AI score0.06749EPSS
Exploits3References4
VulnCheck KEV
VulnCheck KEV
•added 2026/04/15 12:0 a.m.•10 views

VulnCheck KEV: CVE-2025-55184

A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafe...

7.5CVSS5.9AI score0.65592EPSS
Exploits10References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/15 12:0 a.m.•18 views

VulnCheck KEV: CVE-2018-14028

In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then...

7.2CVSS6AI score0.17722EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/15 12:0 a.m.•7 views

VulnCheck KEV: CVE-2025-12548

A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration SSH keys, tokens, etc. from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333...

9CVSS6.1AI score0.01164EPSS
Exploits2References6
VulnCheck KEV
VulnCheck KEV
•added 2026/04/14 12:0 a.m.•10 views

VulnCheck KEV: CVE-2026-32202

Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network...

4.3CVSS5.1AI score0.64095EPSS
Exploits3References4
VulnCheck KEV
VulnCheck KEV
•added 2026/04/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-36424

Windows Common Log File System Driver Elevation of Privilege Vulnerability...

7.8CVSS5.8AI score0.12184EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-9715

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution...

9.3CVSS6.4AI score0.48441EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/13 12:0 a.m.•32 views

VulnCheck KEV: CVE-2026-34197

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

8.8CVSS7.8AI score0.96666EPSS
Exploits13References26
VulnCheck KEV
VulnCheck KEV
•added 2026/04/13 12:0 a.m.•9 views

VulnCheck KEV: CVE-2026-27175

MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated OS command injection via rc/index.php. The $param variable from user input is interpolated into a command string within double quotes without sanitization via escapeshellarg. The command is inserted into a database queue by...

9.8CVSS6.5AI score0.06872EPSS
Exploits3References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/13 12:0 a.m.•7 views

VulnCheck KEV: CVE-2026-21262

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network...

8.8CVSS5.9AI score0.02044EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2025-60710

Improper link resolution before file access 'link following' in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally...

7.8CVSS5.7AI score0.04601EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/13 12:0 a.m.•9 views

VulnCheck KEV: CVE-2026-26127

Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network...

7.5CVSS5.8AI score0.02049EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/13 12:0 a.m.•8 views

VulnCheck KEV: CVE-2026-25187

Improper link resolution before file access 'link following' in Winlogon allows an authorized attacker to elevate privileges locally...

7.8CVSS5.7AI score0.03178EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/13 12:0 a.m.•40 views

VulnCheck KEV: CVE-2026-33032

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP Model Context Protocol integration exposes two HTTP endpoints: /mcp and /mcpmessage. While /mcp requires both IP whitelisting and authentication AuthRequired middleware, the /mcpmessage endpoi...

9.8CVSS5.8AI score0.38477EPSS
Exploits4References3
VulnCheck KEV
VulnCheck KEV
•added 2026/04/12 12:0 a.m.•10 views

VulnCheck KEV: CVE-2025-22952

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery SSRF due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks...

9.8CVSS5.8AI score0.02818EPSS
Exploits1References20
VulnCheck KEV
VulnCheck KEV
•added 2026/04/12 12:0 a.m.•14 views

VulnCheck KEV: CVE-2026-32201

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network...

6.5CVSS6.3AI score0.24172EPSS
Exploits1References6
VulnCheck KEV
VulnCheck KEV
•added 2026/04/12 12:0 a.m.•11 views

VulnCheck KEV: CVE-2024-57046

A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication...

8.8CVSS5.8AI score0.0206EPSS
Exploits1References20
VulnCheck KEV
VulnCheck KEV
•added 2026/04/10 12:0 a.m.•7 views

VulnCheck KEV: CVE-2025-0520

An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7...

9.4CVSS6.3AI score0.00976EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
•added 2026/04/10 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-21833

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi...

8.8CVSS6AI score0.01072EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/09 12:0 a.m.•4 views

VulnCheck KEV: CVE-2025-71243

The 'Saisies pour formulaire' Saisies plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution RCE vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the server. Users should immediately update to version 5.11.1 or later...

9.8CVSS6.3AI score0.05126EPSS
Exploits5References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/09 12:0 a.m.•11 views

VulnCheck KEV: CVE-2025-68043

Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through = 3.0.0...

7.3CVSS5.8AI score0.00588EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
•added 2026/04/09 12:0 a.m.•21 views

VulnCheck KEV: CVE-2026-39987

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSock...

9.8CVSS6.1AI score0.95645EPSS
Exploits11References4
VulnCheck KEV
VulnCheck KEV
•added 2026/04/09 12:0 a.m.•4 views

VulnCheck KEV: CVE-2025-1338

A vulnerability was found in NUUO Camera up to 20250203. It has been declared as critical. This vulnerability affects the function printfile of the file /handleconfig.php. The manipulation of the argument log leads to command injection. The attack can be initiated remotely. The exploit has been...

7.5CVSS5.5AI score0.51881EPSS
Exploits1References32
VulnCheck KEV
VulnCheck KEV
•added 2026/04/09 12:0 a.m.•3 views

VulnCheck KEV: CVE-2026-21445

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories...

9.3CVSS5.8AI score0.20655EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
•added 2026/04/08 12:0 a.m.•8 views

VulnCheck KEV: CVE-2020-13851

Artica Pandora FMS 7.44 allows remote command execution via the events feature...

9CVSS6AI score0.91095EPSS
Exploits4References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/08 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-8497

In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps...

5.3CVSS5.8AI score0.05275EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/08 12:0 a.m.•75 views

VulnCheck KEV: CVE-2025-27817

A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url"...

7.5CVSS5.9AI score0.62368EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/07 12:0 a.m.•4 views

VulnCheck KEV: CVE-2025-43532

A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing malicious data may lead to unexpect...

2.8CVSS5.8AI score0.00261EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/07 12:0 a.m.•4 views

VulnCheck KEV: CVE-2025-43542

This issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Tahoe 26.2, visionOS 26.2. Password fields may be unintentionally revealed when remotely controlling a device over FaceTime...

7.5CVSS5.7AI score0.00833EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/07 12:0 a.m.•7 views

VulnCheck KEV: CVE-2025-43517

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access protected user data...

3.3CVSS5.7AI score0.0017EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/07 12:0 a.m.•2 views

VulnCheck KEV: CVE-2025-46289

A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access protected user data...

5.5CVSS5.7AI score0.00193EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/07 12:0 a.m.•14 views

VulnCheck KEV: CVE-2025-24113

The issue was addressed with improved UI. This issue is fixed in Safari 18.3, Safari 18.4, iOS 18.3 and iPadOS 18.3, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sequoia 15.4, visionOS 2.3, visionOS 2.4, watchOS 11.4. Visiting a malicious website may lead to user interface...

4.3CVSS5.8AI score0.0078EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/07 12:0 a.m.•3 views

VulnCheck KEV: CVE-2025-43482

The issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to cause a denial-of-service...

5.5CVSS5.7AI score0.00188EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/07 12:0 a.m.•191 views

VulnCheck KEV: CVE-2026-34424

Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via...

9.8CVSS6.3AI score0.00551EPSS
Exploits0References6
VulnCheck KEV
VulnCheck KEV
•added 2026/04/07 12:0 a.m.•25 views

VulnCheck KEV: CVE-2024-3605

The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'roomtype' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

10CVSS5.9AI score0.04186EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/07 12:0 a.m.•5 views

VulnCheck KEV: CVE-2025-43512

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to elevate privileges...

7.8CVSS5.7AI score0.00173EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
•added 2026/04/07 12:0 a.m.•10 views

VulnCheck KEV: CVE-2026-34621

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue...

8.6CVSS6.3AI score0.07086EPSS
Exploits4References6
Total number of security vulnerabilities4985