CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2024-46878 A Cross-Site Scripting (XSS) vulnerability exists in the page parameter of tiki-editpage.php in Tiki version 26.3 and earlier. This vulnerability allows attackers to execute arbitrary JavaScript code ... | N/A | NONE | — | 0 |
| CVE-2024-46879 A Reflected Cross-Site Scripting (XSS) vulnerability exists in the POST request data zipPath of tiki-admin_system.php in Tiki version 21.2. This vulnerability allows attackers to execute arbitrary Jav... | N/A | NONE | — | 0 |
| CVE-2025-52204 A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter | N/A | NONE | — | 0 |
| CVE-2026-3181 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2026-2298 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement allows Web Services Protocol Manipulation. This issue affects ... | N/A | NONE | — | 0 |
| CVE-2026-30849 Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family databases are affected by an authentication bypass vulnerability in the SOAP API, as a r... | N/A | NONE | — | 0 |
| CVE-2026-32805 Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.2, the `san... | N/A | NONE | — | 0 |
| CVE-2026-32850 MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by... | N/A | NONE | — | 0 |
| CVE-2026-32851 MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by... | N/A | NONE | — | 0 |
| CVE-2026-0230 A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicio... | N/A | NONE | — | 0 |
| CVE-2026-22173 Rejected reason: This CVE ID has been rejected. | N/A | NONE | — | 0 |
| CVE-2026-32737 Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.1, due to a... | N/A | NONE | — | 0 |
| CVE-2026-28455 Rejected reason: This CVE ID has been rejected. | N/A | NONE | — | 0 |
| CVE-2026-28483 Rejected reason: This CVE ID has been rejected. | N/A | NONE | — | 0 |
| CVE-2026-32012 Rejected reason: This CVE ID has been rejected. | N/A | NONE | — | 0 |
| CVE-2026-32735 openapi-to-java-records-mustache-templates allows users to generate Java Records from OpenAPI specifications. Starting in version 5.1.1 and prior to version 5.5.1, the parent POM file of this project ... | N/A | NONE | — | 0 |
| CVE-2026-32902 Rejected reason: This CVE ID has been rejected. | N/A | NONE | — | 0 |
| CVE-2026-32903 Rejected reason: This CVE ID has been rejected. | N/A | NONE | — | 0 |
| CVE-2026-32904 Rejected reason: This CVE ID has been rejected. | N/A | NONE | — | 0 |
| CVE-2026-32907 Rejected reason: This CVE ID has been rejected. | N/A | NONE | — | 0 |
| CVE-2026-32908 Rejected reason: This CVE ID has been rejected. | N/A | NONE | — | 0 |
| CVE-2026-32909 Rejected reason: This CVE ID has been rejected. | N/A | NONE | — | 0 |
| CVE-2026-4407 Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces. | N/A | NONE | — | 0 |
| CVE-2026-4692 Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4691 Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-1668 The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific condit... | N/A | NONE | — | 0 |
| CVE-2026-0866 Rejected reason: After the publication of the PoC by the researcher and further analysis, we have determined that this issue does not constitute a valid vulnerability. The technique described is an ob... | N/A | NONE | — | 0 |
| CVE-2026-3479 pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals. | N/A | NONE | — | 0 |
| CVE-2026-27259 Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2026-27260 Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2026-23941 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program f... | N/A | NONE | — | 0 |
| CVE-2026-23942 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. This vulnerability is associated with program file... | N/A | NONE | — | 0 |
| CVE-2026-23943 Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion. The SSH transport layer adverti... | N/A | NONE | — | 0 |
| CVE-2026-23270 In the Linux kernel, the following vulnerability has been resolved: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks As Paolo said earlier [1]: "Since the blamed comm... | N/A | NONE | — | 0 |
| CVE-2026-23269 In the Linux kernel, the following vulnerability has been resolved: apparmor: validate DFA start states are in bounds in unpack_pdb Start states are read from untrusted data and used as indexes into... | N/A | NONE | — | 0 |
| CVE-2026-23267 In the Linux kernel, the following vulnerability has been resolved: f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes During SPO tests, when... | N/A | NONE | — | 0 |
| CVE-2026-23266 In the Linux kernel, the following vulnerability has been resolved: fbdev: rivafb: fix divide error in nv3_arb() A userspace program can trigger the RIVA NV3 arbitration code by calling the FBIOPUT_... | N/A | NONE | — | 0 |
| CVE-2026-23265 In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node footer in {read,write}_end_io -----------[ cut here ]------------ kernel BUG at fs/f2fs/data.... | N/A | NONE | — | 0 |
| CVE-2026-23264 In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" This reverts commit 7294863a6f01248d72b61d38478978d638641bee. This... | N/A | NONE | — | 0 |
| CVE-2026-23263 In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix page array leak d9f595b9a65e ("io_uring/zcrx: fix leaking pages on sg init fail") fixed a page leakage but didn... | N/A | NONE | — | 0 |
| CVE-2026-23262 In the Linux kernel, the following vulnerability has been resolved: gve: Fix stats report corruption on queue count change The driver and the NIC share a region in memory for stats reporting. The NI... | N/A | NONE | — | 0 |
| CVE-2026-23256 In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to the... | N/A | NONE | — | 0 |
| CVE-2026-23255 In the Linux kernel, the following vulnerability has been resolved: net: add proper RCU protection to /proc/net/ptype Yin Fengwei reported an RCU stall in ptype_seq_show() and provided a patch. Rea... | N/A | NONE | — | 0 |
| CVE-2026-33017 Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows withou... | N/A | NONE | — | 0 |
| CVE-2026-23254 In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the `encapsulation... | N/A | NONE | — | 0 |
| CVE-2026-4736 Improper Handling of Values vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter modules). This vulnerability is associated with program files nf_tables.H,... | N/A | NONE | — | 0 |
| CVE-2026-23253 In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: fix wrong reinitialization of ringbuffer on reopen dvb_dvr_open() calls dvb_ringbuffer_init() when a new reader o... | N/A | NONE | — | 0 |
| CVE-2026-23252 In the Linux kernel, the following vulnerability has been resolved: xfs: get rid of the xchk_xfile_*_descr calls The xchk_xfile_*_descr macros call kasprintf, which can fail to allocate memory if th... | N/A | NONE | — | 0 |
| CVE-2026-1497 Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an ... | N/A | NONE | — | 0 |
| CVE-2026-33497 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_profile_picture function of the /profile_pictures/{folder_name}/{file_name} endpo... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.