CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2025-22712 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QantumThemes Typify typify allows PHP Local File Inclusion.This issue affects T... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-22509 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TMRW-studio Atlas atlas allows PHP Local File Inclusion.This issue affects Atla... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-14232 Buffer overflow in XML processing of XPS file in Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unre... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-22708 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Mitech mitech allows PHP Local File Inclusion.This issue affects Mite... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24832 Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-14233 Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unre... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-36925 Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session ID... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-50926 WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie's 'name' and 'roles' pa... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-69764 Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the stbpvid stack buffer, which may result in memory corruption and remot... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-14942 wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. T... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-69565 code-projects Mobile Shop Management System 1.0 is vulnerable to File Upload in /ExAddProduct.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-69559 code-projects Computer Book Store 1.0 is vulnerable to File Upload in admin_add.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37095 Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) memory. Attacke... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-62582 Delta Electronics DIAView has multiple vulnerabilities. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-64087 A Server-Side Template Injection (SSTI) vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template ex... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-23504 Authentication Bypass Using an Alternate Path or Channel vulnerability in RiceTheme Felan Framework felan-framework allows Authentication Abuse.This issue affects Felan Framework: from n/a through <= ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-69766 Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the citytag stack buffer, which may result in memory corruption and remot... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-69562 code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-69992 phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identity authentication. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-67915 Authentication Bypass Using an Alternate Path or Channel vulnerability in Arraytics Timetics timetics allows Authentication Abuse.This issue affects Timetics: from n/a through <= 1.0.46. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22043 RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 through 1.0.0-alpha.78, a flawed `deny_only` short-circuit in RustFS IAM allows a restricted service account or ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-50905 e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting (XSS) attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when au... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-71243 The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this vulnerability to execu... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-67913 Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Aruba HiSpeed Cache: from... | 9.8 | CRITICAL | — | 0 |
| CVE-2017-20234 GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the a... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-50910 Beehive Forum 1.5.2 contains a host header injection vulnerability in the forgot password functionality that allows attackers to manipulate password reset requests. Attackers can inject a malicious ho... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-62615 AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in RSSFeedBlock... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-50919 Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in its Help terminal that allows attackers to inject and chain arbitrary commands. Attackers can exploit the lack of input... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22903 An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to c... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1331 MeetingHub developed by HAMASTAR Technology has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-67921 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VanKarWai Lobo lobo allows Blind SQL Injection.This issue affects Lobo: from n/a through < 2.8.6. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-54335 eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload maliciou... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-49994 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Athens athens allows PHP Local File Inclusion.This issue affects Athen... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37125 Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands through the /goform/mp endpoint. Attackers can exploit... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-66277 A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended loc... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-54334 Explorer32++ 1.3.5.531 contains a buffer overflow vulnerability in Structured Exception Handler (SEH) records that allows attackers to execute arbitrary code. Attackers can exploit the vulnerability b... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37162 Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malici... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-67920 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Neo Ocular neoocular allows PHP Local File Inclusion.This issue a... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22237 The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-69258 A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supp... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1615 Versions of the package jsonpath before 1.2.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to p... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-65482 An XML External Entity (XXE) vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-56005 An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (RCE) via the `picklefile` parameter in the `yacc()` function. This parameter accepts a `.pkl`... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-62877 Projects using the SUSE Virtualization (Harvester) environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster o... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-47854 DD-WRT version 45723 contains a buffer overflow vulnerability in the UPNP network discovery service that allows remote attackers to potentially execute arbitrary code. Attackers can send crafted M-SEA... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-64111 Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it's still possible to update files in the .git directory and achieve rem... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-67924 Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Corpkit corpkit allows Upload a Web Shell to a Web Server.This issue affects Corpkit: from n/a through <= 2.0. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24872 improper pointer arithmetic vulnerability in ProjectSkyfire SkyFire_548.This issue affects SkyFire_548: before 5.4.8-stable5. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24793 Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in azerothcore azerothcore-wotlk (deps/zlib modules). This vulnerability is associated with pr... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24830 Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.