CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-3502 TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload... | 7.8 | HIGH | KEV | 0 |
| CVE-2026-5281 Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security... | 8.8 | HIGH | KEV | 0 |
| CVE-2026-3055 Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread | 9.8 | CRITICAL | KEV | 0 |
| CVE-2025-53521 When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE). Note: Software versions which have reached End of Technical Su... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2026-33634 Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in `aquasecurity/trivy-action... | 8.8 | HIGH | KEV | 0 |
| CVE-2026-33017 Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows withou... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2025-32432 Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to be... | 10.0 | CRITICAL | KEV | 0 |
| CVE-2025-43520 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS T... | 5.5 | MEDIUM | KEV | 0 |
| CVE-2025-31277 The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously c... | 8.8 | HIGH | KEV | 0 |
| CVE-2025-43510 A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, mac... | 7.8 | HIGH | KEV | 0 |
| CVE-2025-54068 Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. T... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2026-20131 A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root&n... | 10.0 | CRITICAL | KEV | 0 |
| CVE-2026-20963 Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2025-66376 Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message. | 7.2 | HIGH | KEV | 0 |
| CVE-2025-47813 loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie. | 4.3 | MEDIUM | KEV | 0 |
| CVE-2026-3909 Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | KEV | 0 |
| CVE-2026-3910 Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi... | 8.8 | HIGH | KEV | 0 |
| CVE-2025-68613 n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their work... | 9.9 | CRITICAL | KEV | 0 |
| CVE-2025-26399 SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on ... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2026-1603 An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data. | 8.6 | HIGH | KEV | 0 |
| CVE-2021-22054 VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a ... | 7.5 | HIGH | KEV | 0 |
| CVE-2023-43000 A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing malicio... | 8.8 | HIGH | KEV | 0 |
| CVE-2021-30952 An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously craf... | 7.8 | HIGH | KEV | 0 |
| CVE-2023-41974 A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An app may be able to execute arbitrary code with kerne... | 7.8 | HIGH | KEV | 0 |
| CVE-2017-7921 An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2021-22681 Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLo... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2026-22719 VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMw... | 8.1 | HIGH | KEV | 0 |
| CVE-2026-21385 Memory corruption while using alignments for memory allocation. | 7.8 | HIGH | KEV | 0 |
| CVE-2022-20775 A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. This vulnerability is due to improper access controls on commands withi... | 7.8 | HIGH | KEV | 0 |
| CVE-2026-20127 A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, r... | 10.0 | CRITICAL | KEV | 0 |
| CVE-2026-25108 FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command. | 8.8 | HIGH | KEV | 0 |
| CVE-2025-49113 Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php... | 9.9 | CRITICAL | KEV | 0 |
| CVE-2025-68461 Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document. | 7.2 | HIGH | KEV | 0 |
| CVE-2026-22769 Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of... | 10.0 | CRITICAL | KEV | 0 |
| CVE-2021-22175 When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthent... | 6.8 | MEDIUM | KEV | 0 |
| CVE-2026-2441 Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | KEV | 0 |
| CVE-2024-7694 ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, wh... | 7.2 | HIGH | KEV | 0 |
| CVE-2020-7796 Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2008-0015 Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsof... | 8.8 | HIGH | KEV | 0 |
| CVE-2026-1731 BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted req... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2026-20700 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memo... | 7.8 | HIGH | KEV | 0 |
| CVE-2025-15556 Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verif... | 7.5 | HIGH | KEV | 0 |
| CVE-2024-43468 Microsoft Configuration Manager Remote Code Execution Vulnerability | 9.8 | CRITICAL | KEV | 0 |
| CVE-2025-40536 SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted function... | 8.1 | HIGH | KEV | 0 |
| CVE-2026-21510 Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. | 8.8 | HIGH | KEV | 0 |
| CVE-2026-21525 Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally. | 6.2 | MEDIUM | KEV | 0 |
| CVE-2026-21513 Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. | 8.8 | HIGH | KEV | 0 |
| CVE-2026-21519 Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | KEV | 0 |
| CVE-2026-21514 Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally. | 7.8 | HIGH | KEV | 0 |
| CVE-2026-21533 Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | KEV | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.