Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2026/03/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-43000

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption...

8.8CVSS5.8AI score0.03955EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2026/03/02 12:0 a.m.8 views

VulnCheck KEV: CVE-2026-21385

Memory corruption while using alignments for memory allocation...

7.8CVSS5.8AI score0.01068EPSS
Exploits3References6
VulnCheck KEV
VulnCheck KEV
added 2026/03/02 12:0 a.m.9 views

VulnCheck KEV: CVE-2026-1492

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege management in all versions up to, and including, 5.1.2. This is due to the plugin accepting a...

9.8CVSS5.8AI score0.25532EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
added 2026/02/26 12:0 a.m.25 views

VulnCheck KEV: CVE-2026-1207

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on RasterField only implemented on PostGIS allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluate...

5.4CVSS5.9AI score0.09436EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2026/02/25 12:0 a.m.7 views

VulnCheck KEV: CVE-2026-20127

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected syste...

10CVSS5.9AI score0.57793EPSS
Exploits9References15
VulnCheck KEV
VulnCheck KEV
added 2026/02/25 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-20775

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. This vulnerability is due to improper access controls on commands within the application CLI. An attacker could exploit this vulnerability by running a maliciously crafted...

7.8CVSS6.1AI score0.12475EPSS
Exploits2References9
VulnCheck KEV
VulnCheck KEV
added 2026/02/25 12:0 a.m.61 views

VulnCheck KEV: CVE-2024-3495

The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

9.8CVSS5.9AI score0.13618EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2026/02/24 12:0 a.m.3 views

VulnCheck KEV: CVE-2026-20931

External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network...

8CVSS5.8AI score0.0075EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/02/24 12:0 a.m.8 views

VulnCheck KEV: CVE-2026-20029

A vulnerability in the licensing features of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This vulnerability is due to improper parsing of X...

4.9CVSS6AI score0.05638EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/02/23 12:0 a.m.8 views

VulnCheck KEV: CVE-2025-14155

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gettemplatecontent' function in all versions up to, and including, 4.11.53. This makes it possible for...

5.3CVSS5.8AI score0.00715EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/02/23 12:0 a.m.12 views

VulnCheck KEV: CVE-2023-6895

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondataip with the input netstat -ano leads to os command injection...

9.8CVSS5.5AI score0.89138EPSS
Exploits2References8
VulnCheck KEV
VulnCheck KEV
added 2026/02/21 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-68613

n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution RCE vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated...

9.9CVSS6.4AI score0.97875EPSS
Exploits29References9
VulnCheck KEV
VulnCheck KEV
added 2026/02/20 12:0 a.m.7 views

VulnCheck KEV: CVE-2026-27542

Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture allows Privilege Escalation.This issue affects Woocommerce Wholesale Lead Capture: from n/a through 2.0.3.1...

9.8CVSS5.8AI score0.0054EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2026/02/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-68461

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting XSS vulnerability via the animate tag in an SVG document...

7.2CVSS5.8AI score0.19769EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2026/02/20 12:0 a.m.10 views

VulnCheck KEV: CVE-2026-27541

Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through = 2.2.6...

7.1CVSS5.8AI score0.00241EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/02/20 12:0 a.m.6 views

VulnCheck KEV: CVE-2026-27540

Unrestricted Upload of File with Dangerous Type vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture allows Using Malicious Files.This issue affects Woocommerce Wholesale Lead Capture: from n/a through 2.0.3.1...

9CVSS5.8AI score0.0047EPSS
Exploits2References4
VulnCheck KEV
VulnCheck KEV
added 2026/02/20 12:0 a.m.15 views

VulnCheck KEV: CVE-2025-14528

A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZEDGROUP results in information disclosure. The attack may be performed from remote. The exploit is no...

7.5CVSS5.4AI score0.03559EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2026/02/20 12:0 a.m.12 views

VulnCheck KEV: CVE-2026-1581

The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection via the 'wpfob' parameter in all versions up to, and including, 2.4.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

7.5CVSS5.9AI score0.01727EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2026/02/20 12:0 a.m.13 views

VulnCheck KEV: CVE-2024-6250

An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...

7.5CVSS5.9AI score0.01957EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2026/02/19 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-12845

The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing capability check on the gettabledata function in versions 0.5.4 to 1.2.1. This makes it possible...

8.8CVSS5.8AI score0.00356EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/02/19 12:0 a.m.3 views

VulnCheck KEV: CVE-2026-1994

The s2Member plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 260127. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...

9.8CVSS5.9AI score0.00376EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/02/19 12:0 a.m.11 views

VulnCheck KEV: CVE-2026-25253

OpenClaw aka clawdbot or Moltbot before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value...

8.8CVSS5.8AI score0.08016EPSS
Exploits5References2
VulnCheck KEV
VulnCheck KEV
added 2026/02/18 12:0 a.m.7 views

VulnCheck KEV: CVE-2026-23744

MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution RCE vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam...

9.8CVSS6.4AI score0.38374EPSS
Exploits30References24
VulnCheck KEV
VulnCheck KEV
added 2026/02/17 12:0 a.m.8 views

VulnCheck KEV: CVE-2025-54068

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

9.8CVSS5.9AI score0.95376EPSS
Exploits5References58
VulnCheck KEV
VulnCheck KEV
added 2026/02/17 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-7694

ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server...

7.2CVSS6.1AI score0.01807EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/02/17 12:0 a.m.9 views

VulnCheck KEV: CVE-2026-1603

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data...

8.6CVSS5.8AI score0.81089EPSS
Exploits0References26
VulnCheck KEV
VulnCheck KEV
added 2026/02/17 12:0 a.m.6 views

VulnCheck KEV: CVE-2026-22769

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized...

10CVSS7.3AI score0.13131EPSS
Exploits1References8
VulnCheck KEV
VulnCheck KEV
added 2026/02/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-27032

Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to contain a SQL injection vulnerability via the component AdvancedPopup::getPopups...

9.8CVSS5.8AI score0.0304EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/02/14 12:0 a.m.10 views

VulnCheck KEV: CVE-2021-39152

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...

8.5CVSS7.4AI score0.11468EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
added 2026/02/14 12:0 a.m.12 views

VulnCheck KEV: CVE-2026-0770

Langflow execglobals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific...

9.8CVSS6.3AI score0.10371EPSS
Exploits8References3
VulnCheck KEV
VulnCheck KEV
added 2026/02/13 12:0 a.m.4 views

VulnCheck KEV: CVE-2026-25108

FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command...

8.8CVSS7.5AI score0.04974EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2026/02/13 12:0 a.m.6 views

VulnCheck KEV: CVE-2026-2441

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.2202EPSS
Exploits12References5
VulnCheck KEV
VulnCheck KEV
added 2026/02/12 12:0 a.m.10 views

VulnCheck KEV: CVE-2025-55303

Astro is a web framework for content-driven websites. In versions of astro before 5.13.2 and 4.16.18, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served. On-demand rendered sites built with Astro include a...

6.9CVSS5.8AI score0.00599EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2026/02/12 12:0 a.m.18 views

VulnCheck KEV: CVE-2015-5471

Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter...

5.3CVSS7.4AI score0.32714EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
added 2026/02/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-43468

Microsoft Configuration Manager Remote Code Execution Vulnerability...

9.8CVSS5.9AI score0.60661EPSS
Exploits3References2
VulnCheck KEV
VulnCheck KEV
added 2026/02/12 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-40536

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality...

9.8CVSS5.7AI score0.81624EPSS
Exploits4References3
VulnCheck KEV
VulnCheck KEV
added 2026/02/11 12:0 a.m.16 views

VulnCheck KEV: CVE-2025-56520

Dify v1.6.0 was discovered to contain a Server-Side Request Forgery SSRF via the component controllers.console.remotefiles.RemoteFileUploadApi. A different vulnerability than CVE-2025-29720...

5.3CVSS5.8AI score0.00649EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
added 2026/02/11 12:0 a.m.9 views

VulnCheck KEV: CVE-2026-1357

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when...

9.8CVSS7.6AI score0.32714EPSS
Exploits13References2
VulnCheck KEV
VulnCheck KEV
added 2026/02/11 12:0 a.m.9 views

VulnCheck KEV: CVE-2020-19363

Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories...

6.5CVSS5.8AI score0.03643EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2026/02/11 12:0 a.m.17 views

VulnCheck KEV: CVE-2025-70795

STProcessMonitor Driver contains an insecure IOCTL vulnerability that allows local attackers to terminate arbitrary kernel processes by bypassing validation. Attackers can exploit the exposed process termination functionality to disable security products and gain control of the affected system...

5.9AI score0.00203EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2026/02/11 12:0 a.m.5 views

VulnCheck KEV: CVE-2026-20700

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this...

8.8CVSS6AI score0.22359EPSS
Exploits16References11
VulnCheck KEV
VulnCheck KEV
added 2026/02/11 12:0 a.m.12 views

VulnCheck KEV: CVE-2024-56159

Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible...

7.8CVSS5.8AI score0.01465EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2026/02/11 12:0 a.m.7 views

VulnCheck KEV: CVE-2026-21859

Mailpit is an email testing tool and API for developers. Versions 1.28.0 and below have a Server-Side Request Forgery SSRF vulnerability in the /proxy endpoint, allowing attackers to make requests to internal network resources. The /proxy endpoint validates http:// and https:// schemes, but it do...

5.8CVSS5.8AI score0.00755EPSS
Exploits2References4
VulnCheck KEV
VulnCheck KEV
added 2026/02/11 12:0 a.m.14 views

VulnCheck KEV: CVE-2020-9314

PRODUCT NOT SUPPORTED WHEN ASSIGNED Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. NOTE: a related support policy can be found in the...

6.8CVSS5.7AI score0.02912EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/02/10 12:0 a.m.5 views

VulnCheck KEV: CVE-2026-21514

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally...

7.8CVSS5.7AI score0.01517EPSS
Exploits0References7
VulnCheck KEV
VulnCheck KEV
added 2026/02/10 12:0 a.m.3 views

VulnCheck KEV: CVE-2026-21510

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network...

8.8CVSS5.8AI score0.25835EPSS
Exploits3References6
VulnCheck KEV
VulnCheck KEV
added 2026/02/10 12:0 a.m.4 views

VulnCheck KEV: CVE-2026-21533

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.03846EPSS
Exploits5References6
VulnCheck KEV
VulnCheck KEV
added 2026/02/10 12:0 a.m.26 views

VulnCheck KEV: CVE-2026-21513

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network...

8.8CVSS5.8AI score0.15384EPSS
Exploits0References13
VulnCheck KEV
VulnCheck KEV
added 2026/02/10 12:0 a.m.5 views

VulnCheck KEV: CVE-2026-21962

Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS. Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0...

10CVSS7.3AI score0.42658EPSS
Exploits4References3
VulnCheck KEV
VulnCheck KEV
added 2026/02/10 12:0 a.m.6 views

VulnCheck KEV: CVE-2026-21525

Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally...

6.2CVSS5.8AI score0.04956EPSS
Exploits0References5
Total number of security vulnerabilities4985