Knock Knock CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2020-36941	2 Guelfoweb, Verbb	2 Knock, Knock Knock	2026-03-05	9.8 Critical
Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet applications.
CVE-2020-13486	1 Verbb	1 Knock Knock	2024-11-21	6.1 Medium
The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.
CVE-2020-13485	1 Verbb	1 Knock Knock	2024-11-21	9.1 Critical
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.

Page 1 of 1.