CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-2233 The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capabil... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2456 Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 Mattermost fails to limit the size of responses from integration action endpoints, which allows an authenticated attacker to... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-33501 WWBN AVideo is an open source video platform. In versions up to and including 26.0, the endpoint `plugin/Permissions/View/Users_groups_permissions/list.json.php` lacks any authentication or authorizat... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-32022 OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern v... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-3335 The Canto plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1 via the `/wp-content/plugins/canto/includes/lib/copy-media.php` file. This is due to t... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-13997 The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-3460 The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback (update_user_wech... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-3506 The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is autho... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-32046 OpenClaw versions prior to 2026.2.21 contain an improper sandbox configuration vulnerability that allows attackers to execute arbitrary code by exploiting renderer-side vulnerabilities without requiri... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-3546 The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshot_form_builder_get_account_data() function is register... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-10734 The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-10731 The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-3570 The Smarter Analytics plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0. This is due to missing authentication and capability checks on the configurat... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-3641 The Appmax plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 1.0.3. This is due to the plugin registering a public REST API webhook endpoint at /web... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-3645 The Punnel – Landing Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.1. The save_config() function, which handles the 'punnel_save_co... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-3567 The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 4.1132. The plugin exposes two AJAX handlers that, when comb... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-4531 A weakness has been identified in Free5GC 4.1.0. Affected is the function HandleRegistrationComplete of the file internal/gmm/handler.go of the component AMF. Executing a manipulation can lead to deni... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-4751 NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-4532 A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the comp... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-4127 The Speedup Optimization plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.5.9. The `speedup01_ajax_enabled()` function, which handles the `wp_ajax_spee... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1253 The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'atomchat_update_auth_ajax' and 'atomchat_updat... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-33065 Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request (from UDR) into a... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-4733 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-27448 pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled ex... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-28428 Talishar is a fan-made Flesh and Blood project. Prior to commit a9c218e, an authentication bypass vulnerability in Talishar's game endpoint validation logic allows any unauthenticated attacker to perf... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-28675 OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, some endpoints returned raw exception strings to clients. Addition... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-22040 NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern of high-frequency publishes and rapid reconnect/kick-out using the sam... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-27411 Guessable CAPTCHA vulnerability in jp-secure SiteGuard WP Plugin siteguard allows Functionality Bypass.This issue affects SiteGuard WP Plugin: from n/a through <= 1.7.9. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-27344 Missing Authorization vulnerability in inseriswiss inseri core inseri-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects inseri core: from n/a through <= 1... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-3185 A vulnerability was found in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected is an unknown function of the file /api/admin/sys-message/ of the component API Endpoint. The manipulation of the ar... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-28434 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom excepti... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-69251 free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, remote attackers can inject ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-20106 A vulnerability in the Remote Access SSL VPN, HTTP management and MUS functionality, of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Softwa... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-69253 free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of the User Data Repository are affected by Improper Error Handling with Information ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2746 SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, leaving users unable to detect forged emails. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-20031 A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vu... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-20009 A vulnerability in the implementation of the proprietary SSH stack with SSH key-based authentication in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthenticated,... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-29069 Craft is a content management system (CMS). Prior to 5.9.0-beta.2 and 4.17.0-beta.2, the actionSendActivationEmail() endpoint is accessible to unauthenticated users and does not require a permission c... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24484 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-27884 NetExec is a network execution tool. Prior to version 1.5.1, the module spider_plus improperly creates the output file and folder path when saving files from SMB shares. It does not take into account ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25637 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak in the ASHLAR image writer allows an attacker to exhaust process... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25638 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, memory leak exists in `coders/msl.c`. In the `WriteMSLImage` fu... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-3731 A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension Nam... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25907 Dell PowerScale OneFS, version 9.13.0.0, contains an overly restrictive account lockout mechanism vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerabi... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-3719 A vulnerability was identified in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). This issue affects some unknown processing of the file /System/Cms/downLoad. The manipulation of the a... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-3713 A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of t... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25795 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creat... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-27445 SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the expected key, allowing signature spoofing. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25796 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` I... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24004 Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollmen... | 5.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.