CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-32843 Location Aware Sensor System by Linkit ONE, up to commit f06bd20 (2023-04-26), contains a reflected cross-site scripting vulnerability in the PM25.php file that allows remote attackers to execute arbi... | N/A | NONE | — | 0 |
| CVE-2026-23268 In the Linux kernel, the following vulnerability has been resolved: apparmor: fix unprivileged local user can do privileged policy management An unprivileged local user can load, replace, and remove... | N/A | NONE | — | 0 |
| CVE-2026-3370 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | — | 0 |
| CVE-2026-23273 In the Linux kernel, the following vulnerability has been resolved: macvlan: observe an RCU grace period in macvlan_common_newlink() error path valis reported that a race condition still happens aft... | N/A | NONE | — | 0 |
| CVE-2026-32765 Rejected reason: This repository is no longer public. | N/A | NONE | — | 0 |
| CVE-2026-32764 Rejected reason: This repository is no longer public. | N/A | NONE | — | 0 |
| CVE-2026-32771 The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). In versions prior to 0.2.2, the sanitizeArchivePat... | N/A | NONE | — | 0 |
| CVE-2026-32769 Fullchain is an umbrella project for deploying a ready-to-use CTF platform. In versions prior to 0.1.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a subverted application to... | N/A | NONE | — | 0 |
| CVE-2026-33056 tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path th... | N/A | NONE | — | 0 |
| CVE-2026-3948 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2026-32305 Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass through the TLS SNI pre-sniffing logic related ... | N/A | NONE | — | 0 |
| CVE-2026-32908 Rejected reason: This CVE ID has been rejected. | N/A | NONE | — | 0 |
| CVE-2026-22902 A command injection vulnerability has been reported to affect QuNetSwitch. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. W... | N/A | NONE | — | 0 |
| CVE-2026-22901 A command injection vulnerability has been reported to affect QuNetSwitch. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have al... | N/A | NONE | — | 0 |
| CVE-2026-1323 The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploi... | N/A | NONE | — | 0 |
| CVE-2026-22900 A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to gain unauthorized access. We have already fixed the v... | N/A | NONE | — | 0 |
| CVE-2026-22898 A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system. We have already... | N/A | NONE | — | 0 |
| CVE-2026-3503 Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryp... | N/A | NONE | — | 0 |
| CVE-2026-3548 Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string,... | N/A | NONE | — | 0 |
| CVE-2026-2646 A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When deserializing session data with SESSION_CERTS enabled, certificate and session id lengths are read fro... | N/A | NONE | — | 0 |
| CVE-2026-2645 In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange me... | N/A | NONE | — | 0 |
| CVE-2026-22897 A command injection vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerabili... | N/A | NONE | — | 0 |
| CVE-2026-22895 A cross-site scripting (XSS) vulnerability has been reported to affect QuFTP Service. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security me... | N/A | NONE | — | 0 |
| CVE-2025-62846 An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. ... | N/A | NONE | — | 0 |
| CVE-2025-62845 An improper neutralization of escape, meta, or control sequences vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerab... | N/A | NONE | — | 0 |
| CVE-2025-62844 A weak authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to gain sensitive information. We have alread... | N/A | NONE | — | 0 |
| CVE-2025-62843 An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to... | N/A | NONE | — | 0 |
| CVE-2026-32700 Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. ... | N/A | NONE | — | 0 |
| CVE-2025-59383 A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed ... | N/A | NONE | — | 0 |
| CVE-2025-15608 This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the ... | N/A | NONE | — | 0 |
| CVE-2025-15607 A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file co... | N/A | NONE | — | 0 |
| CVE-2026-1005 Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authenticatio... | N/A | NONE | — | 0 |
| CVE-2026-0819 A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wc_PKCS7_BuildSignedAttributes(), when adding custom signed attributes, the code passes an incorre... | N/A | NONE | — | 0 |
| CVE-2026-23240 In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tls_sw_cancel_work_tx() This issue was discovered during a code audit. After cancel_delayed_work_sync(... | N/A | NONE | — | 0 |
| CVE-2026-23239 In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcp_close() This issue was discovered during a code audit. After cancel_work_sync() is calle... | N/A | NONE | — | 0 |
| CVE-2026-33017 Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows withou... | N/A | NONE | — | 0 |
| CVE-2025-20027 Improper input validation in the UEFI WheaERST module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high ... | N/A | NONE | — | 0 |
| CVE-2026-28806 Improper Authorization vulnerability in nerves-hub nerves_hub_web allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bu... | N/A | NONE | — | 0 |
| CVE-2026-28807 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.serve_static fu... | N/A | NONE | — | 0 |
| CVE-2026-33139 PySpector is a static analysis security testing (SAST) Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a security validation bypass in ... | N/A | NONE | — | 0 |
| CVE-2026-32828 Kargo manages and automates the promotion of software artifacts. In versions 1.4.0 through 1.6.3, 1.7.0-rc.1 through 1.7.8, 1.8.0-rc.1 through 1.8.11, and 1.9.0-rc.1 through 1.9.4, the http and http-d... | N/A | NONE | — | 0 |
| CVE-2024-14027 In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput() in fremovexattr error path In the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a fi... | N/A | NONE | — | 0 |
| CVE-2026-1286 CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated use... | N/A | NONE | — | 0 |
| CVE-2026-31812 Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vu... | N/A | NONE | — | 0 |
| CVE-2026-27570 Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the onebox method in the SharedAiConversation model renders the conversation title directl... | N/A | NONE | — | 0 |
| CVE-2026-29097 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions prior to 7.15.1 and 8.9.3 contain a Server-Side Request Forgery (SSRF) vulnerability ... | N/A | NONE | — | 0 |
| CVE-2026-27934 Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a lack of visibility checks with a user action API endpoint that results in disclosure... | N/A | NONE | — | 0 |
| CVE-2026-4395 Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffe... | N/A | NONE | — | 0 |
| CVE-2026-32309 Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock flow explicitly supports hub+http and consumes Hub endpoints from vault metadata without e... | N/A | NONE | — | 0 |
| CVE-2026-3849 Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH (Encrypted Client Hello) support, where a maliciously crafted ECH config could cau... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.