VulnCheck March 18th Release Notes

We shipped a set of updates this week focused on improving data coverage, reliability, and timeliness across the platform:

  • Added microsoft-csaf as a new index to complement the existing microsoft-cvrf index for broader advisory coverage
  • Implemented a dedicated Patch Tuesday ingestion schedule so Microsoft advisories are available near immediately
  • Bug fix: Resolved incorrect Maven hashes observed in the public Maven repository
  • Bug fix: Corrected the response on the /v3/backup route for trial and community users so available backup indices are now visible

These updates are part of our ongoing focus on delivering faster, more reliable vulnerability intelligence across the ecosystem.

New Indices Added

Fresenius Security Advisories

Fresenius Security Bulletins are official notifications released by them to address security vulnerabilities and updates in their software products. These bulletins provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their products.

Browse the fresenius index

HMS (Hardware Meets Software) Security Advisories

HMS Security Bulletins are official notifications released by HMS to address security vulnerabilities and updates in their products. These bulletins provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their systems.

Browse the hms index

Red-Lion Security Advisories

Red Lion Security Bulletins are official notifications released by Red Lion to address security vulnerabilities and updates in their products. These bulletins provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their systems.

Browse the red-lion index

Meta Security Advisories

Meta Security Advisories are official notifications released by Meta to address security vulnerabilities and updates in various software products. These advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their systems.

Browse the meta-advisories index

Microsoft CSAF

Microsoft CSAF is a list of notifications released by the Microsoft Security Response Center (MSRC) to address security vulnerabilities and updates for Microsoft. These security updates provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their systems.

Browse the microsoft-csaf index

Recent Initial Access activity

Pac4j-jwt Authentication Bypass via Unsigned JWE Payload was added on Mar, 8 and is found in 1 product.

View more detail on CVE-2026-29000

Nginx UI Unauthenticated Server Backup File Disclosure was added on Mar, 10 and is found in 1 product.

View more detail on CVE-2026-27944

MJDM MajorDoMo Remote Command Injection via cycle_execs Race Condition was added on Mar, 4 and is found in 1 product.

View more detail on CVE-2026-27175

LightLLM Pickle Deserialization RCE was added on Mar, 4 and is found in 1 product.

View more detail on CVE-2026-26220

OpenViking Missing Root API Key Authentication Bypass was added on Mar, 11 and is found in 1 product.

View more detail on CVE-2026-22207

Juniper Junos OS Evolved (PTX) Unauthenticated RCE was added on Mar, 5 and is found in 1 product.

View more detail on CVE-2026-21902

Windows Storage Elevation of Privilege via Improper Authentication was added on Mar, 5 and is found in 1 product.

View more detail on CVE-2026-21508

Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability was added on Mar, 5 and is found in 1 product.

View more detail on CVE-2026-20133

Cisco Firewall Management Center Deserialization RCE was added on Mar, 3 and is found in 1 product.

View more detail on CVE-2026-20131

Cisco Catalyst SD-WAN Manager DCA User Takeover was added on Mar, 8 and is found in 1 product.

View more detail on CVE-2026-20128

Cisco Catalyst SD-WAN Authentication Bypass was added on Feb, 25 and is found in 1 product.

View more detail on CVE-2026-20127

Cisco Catalyst SD-WAN Manager UploadAck File Overwrite was added on Mar, 12 and is found in 1 product.

View more detail on CVE-2026-20122

Cisco Firewall Management Center Authentication Bypass was added on Mar, 3 and is found in 1 product.

View more detail on CVE-2026-20079

FlowiseAI Flowise CustomMCP JS Code Injection was added on Mar, 3 and is found in 1 product.

View more detail on CVE-2025-59528

LF Projects MLflow Unauthenticated Model Creation File Write was added on Feb, 25 and is found in 1 product.

View more detail on CVE-2023-6018

SharePoint Auth Bypass and BDCM Upload RCE was added on Feb, 25 and is found in 1 product.

View more detail on CVE-2023-29357

SharePoint Remote Code Execution via BDCMetadata Upload was added on Feb, 25 and is found in 1 product.

View more detail on CVE-2023-24955

Wavlink WN535K2/K3 mesh.cgi Command Injection was added on Feb, 26 and is found in 2 products.

View more detail on CVE-2022-2486

Cisco Catalyst SD-WAN Path Traversal Privilege Escalation was added on Mar, 2 and is found in 1 product.

View more detail on CVE-2022-20775

systeminformation Command Injection was added on Feb, 24 and is found in 1 product.

View more detail on CVE-2021-21315

February 25, 2026 - Release Notes

March 20th, 2026