CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2024-35700 Incorrect Privilege Assignment vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <= 5.1.8. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-39225 GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE30... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-39228 GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE30... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-42757 Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute arbitrary code via the netstat function page. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-23168 Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting in the arbitrary code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-46997 DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, an attacker can achieve remote command execution by adding a carefully constructed h2 data source connection strin... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-42599 Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and sent by a remote unauthenticated attacker ma... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-33434 An issue in tiagorlampert CHAOS v5.0.1 before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe co... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-44038 Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Pho... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-43253 Missing Authorization vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders.This issue affects Smart Online Order for Clover: from n/a through <= 1.5.6. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-47302 Missing Authorization vulnerability in Shahjahan Jewel Fluent Support fluent-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-47308 Missing Authorization vulnerability in WPDeveloper Templately templately.This issue affects Templately: from n/a through <= 3.1.2. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-47311 Missing Authorization vulnerability in Kraft Plugins Wheel of Life wheel-of-life allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wheel of Life: from n/a thro... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-24607 Missing Authorization vulnerability in Northern Beaches Websites IdeaPush ideapush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IdeaPush: from n/a through... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-47321 Missing Authorization vulnerability in Fahad Mahmood WP Datepicker wp-datepicker.This issue affects WP Datepicker: from n/a through <= 2.1.1. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-50450 Improper Control of Generation of Code ('Code Injection') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Code Injection.This issue affects MDTF: from n/a through <= 1.... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-50477 Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App B... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-50486 Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API acnoo-flutter-api allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a through ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-50487 Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo MaanStore API maanstore-api allows Authentication Bypass.This issue affects MaanStore API: from n/a through <= 1.0.1. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-50489 Authentication Bypass Using an Alternate Path or Channel vulnerability in realtyworkstation Realty Workstation realty-workstation allows Authentication Bypass.This issue affects Realty Workstation: fr... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-50492 Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson ScottCart scottcart allows Code Injection.This issue affects ScottCart: from n/a through <= 1.1. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-4789 Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-32714 SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format() to co... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-4252 A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authen... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-38770 Improper Privilege Management vulnerability in Revmakx Backup and Staging by WP Time Capsule allows Privilege Escalation, Authentication Bypass.This issue affects Backup and Staging by WP Time Capsule... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-38887 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to expand control over the operating system from the database... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-7257 The YayExtra – WooCommerce Extra Product Options plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_upload_file function in all versions up ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-44019 Missing Authorization vulnerability in Renzo Johnson Contact Form 7 Campaign Monitor Extension contact-form-7-campaign-monitor-extension.This issue affects Contact Form 7 Campaign Monitor Extension: f... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-40498 SQL Injection vulnerability in PuneethReddyHC Online Shopping sysstem advanced v.1.0 allows an attacker to execute arbitrary code via the register.php | 9.8 | CRITICAL | — | 0 |
| CVE-2024-6782 Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33957 SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33958 SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-44076 In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33959 SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and ret... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-56046 Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through <= 1.9.9. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-50491 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MicahBlu RSVP ME rsvp-me allows SQL Injection.This issue affects RSVP ME: from n/a through <= 1.9.... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-50497 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wdesco Advanced Online Ordering and Delivery Platform advanced-online-ordering-... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-56042 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a through < 1.... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-30285 An arbitrary file overwrite vulnerability in Zora: Post, Trade, Earn Crypto v2.60.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code executi... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33960 SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and ret... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33961 SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and ret... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-31279 A permissions issue was addressed with additional restrictions. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to fingerprint t... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-43184 This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A shortcut may be able to bypass sensiti... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-43186 The issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-43193 The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause a denial-of-service. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-43209 An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-43222 A use-after-free issue was addressed by removing the vulnerable code. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker may be able to ca... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-24596 Missing Authorization vulnerability in WC Product Table WooCommerce Product Table Lite wc-product-table-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-43232 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to bypass certain Privacy prefe... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-43234 Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing ... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.