CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-40334 libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptp_unpack_Canon_FE() in camlibs/ptp2/ptp-pack.c (line 1377). The functio... | 3.5 | LOW | — | 0 |
| CVE-2026-2546 A security vulnerability has been detected in LigeroSmart up to 6.1.26. The affected element is an unknown function of the file /otrs/index.pl. Such manipulation of the argument SortBy leads to cross ... | 3.5 | LOW | — | 0 |
| CVE-2025-14594 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenti... | 3.5 | LOW | — | 0 |
| CVE-2026-7390 A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation of the argu... | 3.5 | LOW | — | 0 |
| CVE-2025-52603 HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenario, this could allow a user to obtain limited information when a single piece of internal metadata is... | 3.5 | LOW | — | 0 |
| CVE-2026-24310 Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database ... | 3.5 | LOW | — | 0 |
| CVE-2026-3254 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into... | 3.5 | LOW | — | 0 |
| CVE-2026-4354 A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub_420A78 of the file apply_sec.cgi of the component Web Interface. Such manipulation of t... | 3.5 | LOW | — | 0 |
| CVE-2026-5252 A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the file /server/routes/message.js of the component Message Create Endpoint. Performing a manipulation r... | 3.5 | LOW | — | 0 |
| CVE-2026-35679 Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was sometim... | 3.5 | LOW | — | 0 |
| CVE-2026-6486 A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manipu... | 3.5 | LOW | — | 0 |
| CVE-2026-7110 A flaw has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /item. Executing a manipulation of the argument item name/description can lead to cros... | 3.5 | LOW | — | 0 |
| CVE-2026-2557 A vulnerability was detected in cskefu up to 8.0.1. Impacted is the function Upload of the file com/cskefu/cc/controller/resource/MediaController.java of the component File Upload. The manipulation re... | 3.5 | LOW | — | 0 |
| CVE-2026-6106 A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/static_headers_middleware.py of the com... | 3.5 | LOW | — | 0 |
| CVE-2025-55270 HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks such as XSS, SQL Injection, Command Injection etc. | 3.5 | LOW | — | 0 |
| CVE-2026-6162 A vulnerability has been found in PHPGurukul Company Visitor Management System 2.0. This impacts an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate... | 3.5 | LOW | — | 0 |
| CVE-2026-2545 A weakness has been identified in LigeroSmart up to 6.1.26. Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketSearch. This manipulation of the argument Profile causes cross ... | 3.5 | LOW | — | 0 |
| CVE-2026-5568 A vulnerability has been found in Akaunting up to 3.1.21. This issue affects some unknown processing of the component Invoice/Billing. The manipulation of the argument notes leads to cross site script... | 3.5 | LOW | — | 0 |
| CVE-2026-4991 A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element is an unknown function of the file /admin/enquiry of the component Admission Enquiry Module. Perfor... | 3.5 | LOW | — | 0 |
| CVE-2026-3171 A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /queue.php. This manipul... | 3.5 | LOW | — | 0 |
| CVE-2026-5253 A weakness has been identified in bufanyun HotGo 1.0/2.0. Affected by this vulnerability is an unknown functionality of the file /web/src/layout/components/Header/MessageList.vue of the component edit... | 3.5 | LOW | — | 0 |
| CVE-2026-7021 A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argu... | 3.5 | LOW | — | 0 |
| CVE-2026-20137 In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user wh... | 3.5 | LOW | — | 0 |
| CVE-2026-4355 A vulnerability was detected in Portabilis i-Educar 2.11. This impacts an unknown function of the file /intranet/educar_servidor_curso_lst.php of the component Endpoint. Performing a manipulation of t... | 3.5 | LOW | — | 0 |
| CVE-2026-4239 A vulnerability was found in Lagom WHMCS Template up to 2.3.7. Impacted is an unknown function of the component Datatables. The manipulation results in improperly controlled modification of object pro... | 3.5 | LOW | — | 0 |
| CVE-2026-4175 A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. The affected element is an unknown function of the file plugins/webkul/chatter/resources/views/filament/infolists/components/messages/co... | 3.5 | LOW | — | 0 |
| CVE-2026-1282 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malici... | 3.5 | LOW | — | 0 |
| CVE-2024-55271 A Cross-Site Request Forgery (CSRF) vulnerability has been identified in phpgurukul Gym Management System 1.0. This issue is present in the profile update functionality of the User Panel, specifically... | 3.5 | LOW | — | 0 |
| CVE-2026-3983 A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This affects an unknown part of the file save-games.php. The manipulation of the argumen... | 3.5 | LOW | — | 0 |
| CVE-2026-4186 A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This mani... | 3.5 | LOW | — | 0 |
| CVE-2026-4994 A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function generic_exception_handler of the file backend/openui/server.py of the component APIStatusError Handler. The manip... | 3.5 | LOW | — | 0 |
| CVE-2026-4166 A vulnerability was found in Wavlink WL-NU516U1 240425. The impacted element is the function sub_404F68 of the file /cgi-bin/login.cgi. The manipulation of the argument homepage/hostname results in cr... | 3.5 | LOW | — | 0 |
| CVE-2026-4969 A vulnerability was identified in code-projects Social Networking Site 1.0. The impacted element is an unknown function of the file /home.php of the component Alert Handler. The manipulation of the ar... | 3.5 | LOW | — | 0 |
| CVE-2026-35400 LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, ... | 3.5 | LOW | — | 0 |
| CVE-2026-4973 A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulation... | 3.5 | LOW | — | 0 |
| CVE-2026-23738 Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET varia... | 3.5 | LOW | — | 0 |
| CVE-2026-4596 A vulnerability was identified in projectworlds Lawyer Management System 1.0. This issue affects some unknown processing of the file /lawyers.php. The manipulation of the argument first_Name leads to ... | 3.5 | LOW | — | 0 |
| CVE-2026-3984 A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This vulnerability affects unknown code of the file save_up_athlete.php. This manipulation of... | 3.5 | LOW | — | 0 |
| CVE-2026-6648 A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Internal Message Module. Performing a manipulation results in cross site scriptin... | 3.5 | LOW | — | 0 |
| CVE-2026-3819 A vulnerability has been found in SourceCodester Resort Reservation System 1.0. The affected element is an unknown function of the file /?page=manage_reservation of the component Reservation Managemen... | 3.5 | LOW | — | 0 |
| CVE-2026-3050 A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. This manipulation of the argument... | 3.5 | LOW | — | 0 |
| CVE-2026-6493 A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/[locale]/(auth)/reset-password/components/reset-password-form.tsx of the component ... | 3.5 | LOW | — | 0 |
| CVE-2026-6619 A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview... | 3.5 | LOW | — | 0 |
| CVE-2026-3946 A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site ... | 3.5 | LOW | — | 0 |
| CVE-2026-28526 BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_ATTRIBUTES and LIST_PLAYER_APPLICATION_SETTING_VALUES ha... | 3.5 | LOW | — | 0 |
| CVE-2026-28527 BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller GET_PLAYER_APPLICATION_SETTING_ATTRIBUTE_TEXT and GET_PLAYER_APPLICATION_SETTING_VALUE_T... | 3.5 | LOW | — | 0 |
| CVE-2026-6600 A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of t... | 3.5 | LOW | — | 0 |
| CVE-2026-5249 A vulnerability was found in gougucms 4.08.18. This impacts an unknown function of the file \gougucms-master\app\admin\view\user\record.html of the component Record Endpoint. Performing a manipulation... | 3.5 | LOW | — | 0 |
| CVE-2025-62184 Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access right... | 3.4 | LOW | — | 0 |
| CVE-2026-32772 telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR. | 3.4 | LOW | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.