CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2025-15518 Improper input handling in a wireless-control administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An ... | N/A | NONE | — | 0 |
| CVE-2026-33241 Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations (`form_data()` method and `Extractible` macro) do not enforce payload size limits before reading reque... | N/A | NONE | — | 0 |
| CVE-2026-33202 Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's `DiskService#delete_prefixed` passes blob keys dire... | N/A | NONE | — | 0 |
| CVE-2026-32911 Rejected reason: This CVE ID has been rejected. | N/A | NONE | — | 0 |
| CVE-2026-33195 Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's `DiskService#path_for` does not validate that the r... | N/A | NONE | — | 0 |
| CVE-2026-33176 Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept stri... | N/A | NONE | — | 0 |
| CVE-2025-15519 Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An ... | N/A | NONE | — | 0 |
| CVE-2026-33174 Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when serving files through Active Storage's proxy delivery mode, the... | N/A | NONE | — | 0 |
| CVE-2026-33173 Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, `DirectUploadsController` accepts arbitrary metadata from the client... | N/A | NONE | — | 0 |
| CVE-2026-33170 Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, `SafeBuffer#%` does not propagate the `@h... | N/A | NONE | — | 0 |
| CVE-2026-33169 Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. `NumberToDelimitedConverter` uses a lookahead-based regular expression with `gsub!` to ins... | N/A | NONE | — | 0 |
| CVE-2026-33306 bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt() password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in... | N/A | NONE | — | 0 |
| CVE-2026-33168 Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in ... | N/A | NONE | — | 0 |
| CVE-2025-15605 A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated att... | N/A | NONE | — | 0 |
| CVE-2026-33167 Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A ... | N/A | NONE | — | 0 |
| CVE-2026-33046 Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax... | N/A | NONE | — | 0 |
| CVE-2026-4729 Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to... | N/A | NONE | — | 0 |
| CVE-2026-32910 Rejected reason: This CVE ID has been rejected. | N/A | NONE | — | 0 |
| CVE-2026-32066 Rejected reason: This CVE ID has been rejected. | N/A | NONE | — | 0 |
| CVE-2026-32047 Rejected reason: This CVE ID has been rejected. | N/A | NONE | — | 0 |
| CVE-2026-4728 Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability affects Firefox < 149. | N/A | NONE | — | 0 |
| CVE-2026-4731 Integer Overflow or Wraparound vulnerability in artraweditor ART (rtengine modules). This vulnerability is associated with program files dcraw.C. This issue affects ART: before 1.25.12. | N/A | NONE | — | 0 |
| CVE-2026-4732 Out-of-bounds Read vulnerability in tildearrow furnace (extern/libsndfile-modified/src modules). This vulnerability is associated with program files flac.C. This issue affects furnace: before 0.7. | N/A | NONE | — | 0 |
| CVE-2026-4734 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in yoyofr modizer (libs/libopenmpt/openmpt-trunk/include/premake/contrib/curl/lib modules). This vulnerability is ... | N/A | NONE | — | 0 |
| CVE-2026-4735 Deserialization of Untrusted Data vulnerability in DTStack chunjun (chunjun-core/src/main/java/com/dtstack/chunjun/util modules). This vulnerability is associated with program files GsonUtil.Java. T... | N/A | NONE | — | 0 |
| CVE-2026-4736 Improper Handling of Values vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter modules). This vulnerability is associated with program files nf_tables.H,... | N/A | NONE | — | 0 |
| CVE-2026-4727 Denial-of-service in the Libraries component in NSS. This vulnerability affects Firefox < 149. | N/A | NONE | — | 0 |
| CVE-2026-4745 Improper Control of Generation of Code ('Code Injection') vulnerability in dendibakh perf-ninja (labs/misc/pgo/lua modules). This vulnerability is associated with program files ldo.C. This issue affe... | N/A | NONE | — | 0 |
| CVE-2026-4746 Out-of-bounds Write vulnerability in timeplus-io proton (base/poco/Foundation/src modules). This vulnerability is associated with program files inflate.C. This issue affects proton: before 1.6.16. | N/A | NONE | — | 0 |
| CVE-2026-4744 Out-of-bounds Read vulnerability in rizonesoft Notepad3 (scintilla/oniguruma/src modules). This vulnerability is associated with program files regcomp.C. This issue affects Notepad3: before 6.25.71... | N/A | NONE | — | 0 |
| CVE-2026-4743 NULL Pointer Dereference vulnerability in taurusxin ncmdump (src/utils modules). This vulnerability is associated with program files cJSON.Cpp. This issue affects ncmdump: before 1.4.0. | N/A | NONE | — | 0 |
| CVE-2026-4742 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in visualfc liteide (liteidex/src/3rdparty/qjsonrpc/src/http-parser modules). This vulnerability is assoc... | N/A | NONE | — | 0 |
| CVE-2026-4741 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TeamJCD JoyConDroid (app/src/main/java/com/rdapps/gamepad/util modules). This vulnerability is associate... | N/A | NONE | — | 0 |
| CVE-2026-4739 Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK (Modules/ThirdParty/Expat/src/expat modules).This issue affects ITK: before 2.7.1. | N/A | NONE | — | 0 |
| CVE-2026-4738 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/contrib/infback9 modules). This vulnerability is associated with program files inftree9.... | N/A | NONE | — | 0 |
| CVE-2026-4737 Use After Free vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/mm modules). This vulnerability is associated with program files rmap.C. This issue affects Echo-Mate: befo... | N/A | NONE | — | 0 |
| CVE-2026-32642 Incorrect Authorization (CWE-863) vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscriptio... | N/A | NONE | — | 0 |
| CVE-2026-4649 Apache Artemis before version 2.52.0 is affected by an authentication bypass flaw which allows reading all messages exchanged via the broker and injection of new message ( CVE-2026-27446 https://www.c... | N/A | NONE | — | 0 |
| CVE-2026-32912 Rejected reason: This CVE ID has been rejected. | N/A | NONE | — | 0 |
| CVE-2026-4691 Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4692 Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4693 Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4694 Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4695 Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4696 Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4697 Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4698 JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4699 Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4700 Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4701 Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.