Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2026/03/20 12:0 a.m.28 views

VulnCheck KEV: CVE-2026-3584

The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'formprocess' function. This is due to the 'preparepostdata' function mapping user-supplied keys directly into internal placeholder storage, combined with the use of...

9.8CVSS6.1AI score0.07239EPSS
Exploits2References3
VulnCheck KEV
VulnCheck KEV
added 2026/03/19 12:0 a.m.9 views

VulnCheck KEV: CVE-2025-32975

Quest KACE Systems Management Appliance SMA 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 Patch 5, and 14.1.x before 14.1.101 Patch 4 contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid...

10CVSS5.8AI score0.02417EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2026/03/19 12:0 a.m.38 views

VulnCheck KEV: CVE-2026-33017

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses...

9.8CVSS6.2AI score0.99972EPSS
Exploits51References8
VulnCheck KEV
VulnCheck KEV
added 2026/03/19 12:0 a.m.103 views

VulnCheck KEV: CVE-2026-27944

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

9.8CVSS5.8AI score0.22162EPSS
Exploits13References38
VulnCheck KEV
VulnCheck KEV
added 2026/03/18 12:0 a.m.3 views

VulnCheck KEV: CVE-2026-20963

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network...

9.8CVSS5.9AI score0.31109EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2026/03/18 12:0 a.m.5 views

VulnCheck KEV: CVE-2026-20131

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java...

10CVSS6.3AI score0.27551EPSS
Exploits4References10
VulnCheck KEV
VulnCheck KEV
added 2026/03/18 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-43510

A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may cause unexpect...

7.8CVSS5.8AI score0.00348EPSS
Exploits2References4
VulnCheck KEV
VulnCheck KEV
added 2026/03/18 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-43520

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may be able to cause...

5.5CVSS5.7AI score0.00401EPSS
Exploits2References4
VulnCheck KEV
VulnCheck KEV
added 2026/03/18 12:0 a.m.10 views

VulnCheck KEV: CVE-2025-31277

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption...

8.8CVSS5.8AI score0.01481EPSS
Exploits2References4
VulnCheck KEV
VulnCheck KEV
added 2026/03/17 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-66376

Zimbra Collaboration ZCS 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets CSS @import directives in an HTML e-mail message...

7.2CVSS5.8AI score0.12009EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2026/03/17 12:0 a.m.9 views

VulnCheck KEV: CVE-2026-3564

A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...

9CVSS5.8AI score0.00362EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2026/03/17 12:0 a.m.13 views

VulnCheck KEV: CVE-2026-25306

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through = 5.6.4...

7.1CVSS5.8AI score0.00184EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/03/16 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-47813

loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie...

4.3CVSS5.8AI score0.56366EPSS
Exploits3References2
VulnCheck KEV
VulnCheck KEV
added 2026/03/16 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-37123

Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters...

9.8CVSS6.6AI score0.03135EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/03/14 12:0 a.m.4 views

VulnCheck KEV: CVE-2026-21902

An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root. The On-Box Anomaly detection framework should only be...

9.8CVSS6AI score0.17709EPSS
Exploits2References13
VulnCheck KEV
VulnCheck KEV
added 2026/03/12 12:0 a.m.10 views

VulnCheck KEV: CVE-2024-13030

A vulnerability was found in D-Link DIR-823G 1.0.2B0520181207. It has been rated as critical. This issue affects the function SetAutoRebootSettings/SetClientInfo/SetDMZSettings/SetFirewallSettings/SetParentsControlInfo/SetQoSSettings/SetVirtualServerSettings of the file /HNAP1/ of the component W...

9.8CVSS5.4AI score0.0189EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/03/12 12:0 a.m.6 views

VulnCheck KEV: CVE-2026-3910

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.02EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2026/03/12 12:0 a.m.9 views

VulnCheck KEV: CVE-2026-3909

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.01629EPSS
Exploits1References5
VulnCheck KEV
VulnCheck KEV
added 2026/03/12 12:0 a.m.8 views

VulnCheck KEV: CVE-2026-3657

The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the stickymenucontactleadform AJAX action in all versions up to, and including, 2.8.6. This is due to the handler using attacker-controlled POST parameter names directly as SQL column identifiers in $wpdb-insert. While...

7.5CVSS5.9AI score0.00338EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/03/12 12:0 a.m.6 views

VulnCheck KEV: CVE-2019-12314

Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.WMCS/ PATHINFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.WMCS/etc/passwd URI...

9.8CVSS5.8AI score0.8422EPSS
Exploits6References9
VulnCheck KEV
VulnCheck KEV
added 2026/03/11 12:0 a.m.12 views

VulnCheck KEV: CVE-2025-62593

Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense us...

9.4CVSS5.7AI score0.00338EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/03/11 12:0 a.m.16 views

VulnCheck KEV: CVE-2018-6000

An issue was discovered in AsusWRT before 3.0.0.4.38410007. The dovpnuploadpost function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon or enable infosvr command mode,...

10CVSS5.7AI score0.8715EPSS
Exploits11References2
VulnCheck KEV
VulnCheck KEV
added 2026/03/11 12:0 a.m.9 views

VulnCheck KEV: CVE-2025-8937

A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. This vulnerability affects unknown code of the file /boafrm/formSysCmd. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

8.8CVSS5.5AI score0.02425EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/03/11 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-52089

A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS commands with root privileges...

8.8CVSS6.1AI score0.07063EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
added 2026/03/11 12:0 a.m.20 views

VulnCheck KEV: CVE-2023-24796

Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and before allows a remote attacker to execute arbitrary code via the password parameter at the /goform/sysTools and /adm/systools.asp endpoints...

9.8CVSS6.1AI score0.01586EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/03/11 12:0 a.m.13 views

VulnCheck KEV: CVE-2024-4841

A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'addreferencetolocalmode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders,...

4CVSS5.8AI score0.00674EPSS
Exploits1References6
VulnCheck KEV
VulnCheck KEV
added 2026/03/11 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-34117

A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor listener on UDP port 53413. Exact version boundaries remain undocumented. An unauthenticated remote attacker can se...

9.3CVSS6.6AI score0.22922EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/03/11 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-30425

Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. This vulnerability is exploited via a crafted POST request...

9CVSS5.8AI score0.19071EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
added 2026/03/11 12:0 a.m.5 views

VulnCheck KEV: CVE-2019-19492

FreeSWITCH 1.6.10 through 1.10.1 has a default password in eventsocket.conf.xml...

9.8CVSS5.8AI score0.28953EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2026/03/11 12:0 a.m.11 views

VulnCheck KEV: CVE-2020-14080

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to applysec.cgi via the action pingtest with a sufficiently long pingipaddr key...

9.8CVSS6.6AI score0.02369EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/03/11 12:0 a.m.87 views

VulnCheck KEV: CVE-2025-57296

Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. When handling the list and vlanId parameters, the subADBC0 helper function concatenates these user-supplied values into...

6.5CVSS6.2AI score0.03316EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2026/03/10 12:0 a.m.13 views

VulnCheck KEV: CVE-2021-44868

A problem was found in ming-soft MCMS v5.1. There is a sql injection vulnerability in /ms/cms/content/list.do...

9.8CVSS5.7AI score0.01364EPSS
Exploits1References16
VulnCheck KEV
VulnCheck KEV
added 2026/03/10 12:0 a.m.7 views

VulnCheck KEV: CVE-2022-0785

The Daily Prayer Time WordPress plugin before 2022.03.01 does not sanitise and escape the month parameter before using it in a SQL statement via the getmonthlytimetable AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection...

9.8CVSS5.9AI score0.09351EPSS
Exploits2References17
VulnCheck KEV
VulnCheck KEV
added 2026/03/10 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-15503

A security flaw has been discovered in Sangfor Operation and Maintenance Management System up to 3.0.8. The impacted element is an unknown function of the file /fort/trust/version/common/common.jsp. Performing a manipulation of the argument File results in unrestricted upload. The attack is...

9.8CVSS5.3AI score0.01907EPSS
Exploits1References15
VulnCheck KEV
VulnCheck KEV
added 2026/03/10 12:0 a.m.17 views

VulnCheck KEV: CVE-2025-10353

File upload leading to remote code execution RCE in the “melis-cms-slider” module of Melis Technology's Melis Platform. This vulnerability allows an attacker to upload a malicious file via a POST request to '/melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm' using the 'mcsdetailimg'...

9.3CVSS6.4AI score0.02503EPSS
Exploits3References16
VulnCheck KEV
VulnCheck KEV
added 2026/03/10 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-4458

The Modern Events Calendar Lite plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'wpajaxmecloadsinglepage' AJAX action in all versions up to, and including, 6.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

9.8CVSS5.9AI score0.00354EPSS
Exploits0References15
VulnCheck KEV
VulnCheck KEV
added 2026/03/10 12:0 a.m.7 views

VulnCheck KEV: CVE-2021-24915

The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections...

9.8CVSS5.9AI score0.127EPSS
Exploits2References15
VulnCheck KEV
VulnCheck KEV
added 2026/03/09 12:0 a.m.12 views

VulnCheck KEV: CVE-2026-0953

The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token...

9.8CVSS5.8AI score0.00655EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2026/03/09 12:0 a.m.15 views

VulnCheck KEV: CVE-2022-0948

The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection...

9.8CVSS5.9AI score0.09999EPSS
Exploits2References18
VulnCheck KEV
VulnCheck KEV
added 2026/03/09 12:0 a.m.7 views

VulnCheck KEV: CVE-2019-5434

An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities...

9.8CVSS5.8AI score0.57022EPSS
Exploits7References27
VulnCheck KEV
VulnCheck KEV
added 2026/03/07 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-27222

TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to read any local server file...

8.6CVSS5.8AI score0.01895EPSS
Exploits1References12
VulnCheck KEV
VulnCheck KEV
added 2026/03/07 12:0 a.m.2 views

VulnCheck KEV: CVE-2026-21891

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions up to and including 1.5.0, the application checks the validity of the username but appears to skip, misinterpret, or incorrectly validate the password when the provided username matches a...

9.8CVSS5.8AI score0.02169EPSS
Exploits1References24
VulnCheck KEV
VulnCheck KEV
added 2026/03/07 12:0 a.m.11 views

VulnCheck KEV: CVE-2022-38296

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager...

9.8CVSS5.9AI score0.0373EPSS
Exploits1References19
VulnCheck KEV
VulnCheck KEV
added 2026/03/05 12:0 a.m.4 views

VulnCheck KEV: CVE-2026-20122

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This...

5.4CVSS6AI score0.07016EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/03/05 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-22681

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730,...

9.8CVSS5.8AI score0.25455EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2026/03/05 12:0 a.m.12 views

VulnCheck KEV: CVE-2017-7973

A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database...

9.8CVSS7.5AI score0.01472EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2026/03/05 12:0 a.m.7 views

VulnCheck KEV: CVE-2026-20128

A vulnerability in the Data Collection Agent DCA feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An...

7.5CVSS5.8AI score0.05269EPSS
Exploits0References10
VulnCheck KEV
VulnCheck KEV
added 2026/03/03 12:0 a.m.5 views

VulnCheck KEV: CVE-2026-22719

VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress. To remediate...

8.1CVSS6.6AI score0.17424EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2026/03/03 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-30952

An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS6.1AI score0.07617EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2026/03/03 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-41974

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An app may be able to execute arbitrary code with kernel privileges...

7.8CVSS6.1AI score0.0141EPSS
Exploits3References5
Total number of security vulnerabilities4985