Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2026/02/10 12:0 a.m.•21 views

VulnCheck KEV: CVE-2026-21519

Access of resource using incompatible type 'type confusion' in Desktop Window Manager allows an authorized attacker to elevate privileges locally...

7.8CVSS5.7AI score0.0242EPSS
Exploits0References6
VulnCheck KEV
VulnCheck KEV
•added 2026/02/09 12:0 a.m.•10 views

VulnCheck KEV: CVE-2010-1173

The sctpprocessunkparam function in net/sctp/smmakechunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service system crash via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data...

7.1CVSS5.9AI score0.21312EPSS
Exploits7References2
VulnCheck KEV
VulnCheck KEV
•added 2026/02/09 12:0 a.m.•11 views

VulnCheck KEV: CVE-2010-3437

Integer signedness error in the pktfinddevfromminor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service invalid pointer dereference and system crash via a crafted index value i...

6.6CVSS7.2AI score0.02416EPSS
Exploits7References2
VulnCheck KEV
VulnCheck KEV
•added 2026/02/09 12:0 a.m.•10 views

VulnCheck KEV: CVE-2009-2908

The ddelete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service kernel OOPS and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a NULL pointer dereference, as demonstrated via a...

4.9CVSS6.2AI score0.01223EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
•added 2026/02/09 12:0 a.m.•13 views

VulnCheck KEV: CVE-2009-2267

VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and...

6.9CVSS5.9AI score0.01769EPSS
Exploits4References2
VulnCheck KEV
VulnCheck KEV
•added 2026/02/09 12:0 a.m.•17 views

VulnCheck KEV: CVE-2026-1731

BeyondTrust Remote Support RS and certain older versions of Privileged Remote Access PRA contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the...

9.9CVSS6.4AI score0.86091EPSS
Exploits11References16
VulnCheck KEV
VulnCheck KEV
•added 2026/02/09 12:0 a.m.•8 views

VulnCheck KEV: CVE-2010-2959

Integer overflow in net/can/bcm.c in the Controller Area Network CAN implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service system crash via...

7.2CVSS7.6AI score0.03777EPSS
Exploits6References2
VulnCheck KEV
VulnCheck KEV
•added 2026/02/09 12:0 a.m.•13 views

VulnCheck KEV: CVE-2010-3849

The econetsendmsg function in net/econet/afeconet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service NULL pointer dereference and OOPS via a sendmsg call that specifies a NULL value for the remote address field...

4.7CVSS5.9AI score0.00717EPSS
Exploits5References2
VulnCheck KEV
VulnCheck KEV
•added 2026/02/09 12:0 a.m.•34 views

VulnCheck KEV: CVE-2009-3547

Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service NULL pointer dereference and system crash or gain privileges by attempting to open an anonymous pipe via a /proc//fd/ pathname...

7CVSS7.2AI score0.0493EPSS
Exploits7References2
VulnCheck KEV
VulnCheck KEV
•added 2026/02/09 12:0 a.m.•76 views

VulnCheck KEV: CVE-2009-2692

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in protoops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on...

7.8CVSS6.4AI score0.14749EPSS
Exploits17References2
VulnCheck KEV
VulnCheck KEV
•added 2026/02/09 12:0 a.m.•79 views

VulnCheck KEV: CVE-2009-2698

The udpsendmsg function in the UDP implementation in 1 net/ipv4/udp.c and 2 net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service NULL pointer dereference and system crash via vectors involving the MSGMORE flag and a UDP socket...

7.8CVSS6.1AI score0.0718EPSS
Exploits18References2
VulnCheck KEV
VulnCheck KEV
•added 2026/02/05 12:0 a.m.•5 views

VulnCheck KEV: CVE-2026-25815

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...

3.2CVSS5.8AI score0.00106EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
•added 2026/02/05 12:0 a.m.•8 views

VulnCheck KEV: CVE-2025-68947

NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes by issuing crafted IOCTL requests to the driver...

5.7CVSS5.8AI score0.00116EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
•added 2026/02/04 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-20404

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affect...

7.2CVSS5.8AI score0.231EPSS
Exploits1References12
VulnCheck KEV
VulnCheck KEV
•added 2026/02/04 12:0 a.m.•3 views

VulnCheck KEV: CVE-2026-1340

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

9.8CVSS6.1AI score0.8404EPSS
Exploits6References11
VulnCheck KEV
VulnCheck KEV
•added 2026/02/04 12:0 a.m.•99 views

VulnCheck KEV: CVE-2025-14586

A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument User causes os command injection. Remote exploitation of the attack is possible...

9.8CVSS5.6AI score0.0246EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
•added 2026/02/04 12:0 a.m.•6 views

VulnCheck KEV: CVE-2025-14975

The Custom Login Page Customizer WordPress plugin before 2.5.4 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account...

8.1CVSS5.8AI score0.00306EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
•added 2026/02/04 12:0 a.m.•6 views

VulnCheck KEV: CVE-2020-24219

An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthenticated HTTP requests to exploit path traversal and pattern-matching programming flaws, and retrieve any file from the device's file system, including the configuration file with t...

7.8CVSS5.8AI score0.23636EPSS
Exploits3References2
VulnCheck KEV
VulnCheck KEV
•added 2026/02/03 12:0 a.m.•5 views

VulnCheck KEV: CVE-2024-12877

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input from the donation form like 'firstName'. This makes it possible for unauthenticated attackers to...

9.8CVSS8AI score0.01246EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
•added 2026/02/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2025-40551

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication...

9.8CVSS6.1AI score0.8833EPSS
Exploits4References4
VulnCheck KEV
VulnCheck KEV
•added 2026/02/03 12:0 a.m.•8 views

VulnCheck KEV: CVE-2025-15030

The User Profile Builder WordPress plugin before 3.15.2 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account...

9.8CVSS5.8AI score0.00487EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
•added 2026/02/02 12:0 a.m.•2 views

VulnCheck KEV: CVE-2025-15556

Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download a...

7.7CVSS6.4AI score0.01268EPSS
Exploits0References7
VulnCheck KEV
VulnCheck KEV
•added 2026/02/02 12:0 a.m.•6 views

VulnCheck KEV: CVE-2024-2053

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to...

7.5CVSS6.3AI score0.44579EPSS
Exploits4References3
VulnCheck KEV
VulnCheck KEV
•added 2026/02/02 12:0 a.m.•17 views

VulnCheck KEV: CVE-2025-4396

The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 Free and = 2.27.5 Premium due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.5CVSS5.9AI score0.02626EPSS
Exploits2References3
VulnCheck KEV
VulnCheck KEV
•added 2026/02/02 12:0 a.m.•10 views

VulnCheck KEV: CVE-2025-1743

A vulnerability, which was classified as critical, was found in zyx0814 Pichome 2.1.0. This affects an unknown part of the file /index.php?mod=textviewer. The manipulation of the argument src leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed t...

6.9CVSS5.5AI score0.0161EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
•added 2026/02/02 12:0 a.m.•116 views

VulnCheck KEV: CVE-2010-0759

Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files...

7.5CVSS5.9AI score0.15242EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
•added 2026/02/01 12:0 a.m.•9 views

VulnCheck KEV: CVE-2024-2862

This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant...

9.8CVSS5.8AI score0.51001EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
•added 2026/02/01 12:0 a.m.•5 views

VulnCheck KEV: CVE-2025-1023

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a time-based blind SQL Injection vulnerability in the EditEventTypes functionality. The newCountName parameter is directly concatenated into an SQL query without proper...

9.8CVSS6.1AI score0.02177EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
•added 2026/02/01 12:0 a.m.•12 views

VulnCheck KEV: CVE-2021-41419

QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization...

9.8CVSS5.9AI score0.06757EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
•added 2026/01/31 12:0 a.m.•16 views

VulnCheck KEV: CVE-2025-10211

A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit ha...

6.5CVSS5.4AI score0.00649EPSS
Exploits0References11
VulnCheck KEV
VulnCheck KEV
•added 2026/01/31 12:0 a.m.•8 views

VulnCheck KEV: CVE-2018-11770

From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs vi...

4.9CVSS5.8AI score0.6583EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
•added 2026/01/30 12:0 a.m.•83 views

VulnCheck KEV: CVE-2025-21756

In the Linux kernel, the following vulnerability has been resolved: vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind and those implicitly bound through autobind during connect. Prevents socket unbinding during a transpo...

7.8CVSS5.7AI score0.00844EPSS
Exploits3References2
VulnCheck KEV
VulnCheck KEV
•added 2026/01/29 12:0 a.m.•8 views

VulnCheck KEV: CVE-2026-1281

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

9.8CVSS6.1AI score0.8404EPSS
Exploits6References56
VulnCheck KEV
VulnCheck KEV
•added 2026/01/29 12:0 a.m.•18 views

VulnCheck KEV: CVE-2022-2290

Cross-site Scripting XSS - Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-beta...

6.4CVSS5.8AI score0.03096EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
•added 2026/01/29 12:0 a.m.•11 views

VulnCheck KEV: CVE-2025-61155

The GameDriverX64.sys kernel-mode anti-cheat driver v7.23.4.7 and earlier contains an access control vulnerability in one of its IOCTL handlers. A user-mode process can open a handle to the driver device and send specially crafted IOCTL requests. These requests are executed in kernel-mode context...

5.5CVSS5.9AI score0.00275EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
•added 2026/01/29 12:0 a.m.•6 views

VulnCheck KEV: CVE-2022-30777

Parallels H-Sphere 3.6.1713 allows XSS via the indexen.php from parameter...

6.1CVSS5.8AI score0.02102EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
•added 2026/01/28 12:0 a.m.•11 views

VulnCheck KEV: CVE-2025-64328

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the...

8.6CVSS5.8AI score0.84618EPSS
Exploits4References5
VulnCheck KEV
VulnCheck KEV
•added 2026/01/28 12:0 a.m.•4 views

VulnCheck KEV: CVE-2026-24423

SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the...

9.8CVSS6.4AI score0.87693EPSS
Exploits0References82
VulnCheck KEV
VulnCheck KEV
•added 2026/01/27 12:0 a.m.•7 views

VulnCheck KEV: CVE-2025-44846

TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

6.3CVSS6.1AI score0.00884EPSS
Exploits1References6
VulnCheck KEV
VulnCheck KEV
•added 2026/01/27 12:0 a.m.•5 views

VulnCheck KEV: CVE-2026-24858

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager...

9.8CVSS5.8AI score0.85844EPSS
Exploits0References6
VulnCheck KEV
VulnCheck KEV
•added 2026/01/27 12:0 a.m.•9 views

VulnCheck KEV: CVE-2023-2806

A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is VDB-229411. NOTE: The...

8.8CVSS4.9AI score0.00984EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
•added 2026/01/26 12:0 a.m.•8 views

VulnCheck KEV: CVE-2020-16040

Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.5CVSS7.3AI score0.99595EPSS
Exploits14References2
VulnCheck KEV
VulnCheck KEV
•added 2026/01/26 12:0 a.m.•8 views

VulnCheck KEV: CVE-2016-15057

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands on the...

9.9CVSS6AI score0.03732EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
•added 2026/01/26 12:0 a.m.•24 views

VulnCheck KEV: CVE-2026-21509

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally...

7.8CVSS5.7AI score0.72152EPSS
Exploits12References21
VulnCheck KEV
VulnCheck KEV
•added 2026/01/26 12:0 a.m.•6 views

VulnCheck KEV: CVE-2018-14634

An integer overflow flaw was found in the Linux kernel's createelftables function. An unprivileged local user with access to SUID or otherwise privileged binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable...

7.8CVSS7.1AI score0.14806EPSS
Exploits6References3
VulnCheck KEV
VulnCheck KEV
•added 2026/01/26 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-40619

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsqaccesstoken parameter. This affects R6230 before...

7.7CVSS5.9AI score0.02233EPSS
Exploits1References5
VulnCheck KEV
VulnCheck KEV
•added 2026/01/26 12:0 a.m.•8 views

VulnCheck KEV: CVE-2023-32117

Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through 1.1.99...

9.8CVSS5.8AI score0.06399EPSS
Exploits0References9
VulnCheck KEV
VulnCheck KEV
•added 2026/01/25 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-47795

GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploit the WebStrings.srf endpoint by manipulating path traversal and injection parameters to access...

8.7CVSS6.4AI score0.00876EPSS
Exploits0References16
VulnCheck KEV
VulnCheck KEV
•added 2026/01/25 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-40748

PHPJabbers Food Delivery Script 3.0 has a SQL injection SQLi vulnerability in the "q" parameter of index.php...

9.8CVSS5.9AI score0.02904EPSS
Exploits0References53
VulnCheck KEV
VulnCheck KEV
•added 2026/01/23 12:0 a.m.•3 views

VulnCheck KEV: CVE-2025-7081

A vulnerability has been found in Belkin F9K1122 1.00.33 and classified as critical. Affected by this vulnerability is the function formSetWanStatic of the file /goform/formSetWanStatic of the component webs. The manipulation of the argument...

8.8CVSS5.5AI score0.15103EPSS
Exploits1References6
Total number of security vulnerabilities4985