CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-28194 In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1073 The Purchase Button For Affiliate Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing nonce validation on the sett... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1085 The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.9. This is due to missing nonce validation on the seolocalrank-signout action... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1086 The Font Pairing Preview For Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing nonce validation on the se... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1087 The Guardian News Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the settings update functi... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2410 The Disable Admin Notices – Hide Dashboard Notifications plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing nonce vali... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2301 The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the `duplicate_post()` functi... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-14742 The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_search_recipes' and 'ajax_get_recipe' functions in all versions up ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1768 A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24241 NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker could exploit an improper authentication issue. A successful exploit of this vulnerability mig... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-29196 Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user assigned the platform-user role can retrieve WireGuard private keys of all wireguard configs in a network by calling GET /api/ext... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-27518 Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protections for state-changing actions in the administrative interface. An attacker can trick an authenticated... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24314 Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality o... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3070 A vulnerability was detected in SourceCodester Modern Image Gallery App 1.0. Affected by this vulnerability is an unknown functionality of the file upload.php. The manipulation of the argument filenam... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3054 A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impacts an unknown function. The manipulation of the argument hint leads to cross site scripting. The attack can be initiated remotely... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3702 A vulnerability was detected in SourceCodester Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /index.php. Performing a manipulation of the argument page r... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3049 A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horilla_generics/global_search.py of the component Query Parameter Handler. The ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3028 A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. This mani... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-27741 Bludit version 3.16.1 contains a cross-site request forgery (CSRF) vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF token... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3027 A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-27513 Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a cross-site request forgery (CSRF) vulnerability in the web-based administrative interface. The interface does not implement ant... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-27511 Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, al... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3763 A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. The affected element is an unknown function of the file showhistory.php. The manipulation results in cross site scri... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2976 A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function download_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2971 A vulnerability was found in a466350665 Smart-SSO up to 2.1.1. Affected by this issue is some unknown functionality of the file smart-sso-server/src/main/resources/templates/login.html of the componen... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3770 A flaw has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack is possible to be carri... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-33290 WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.10.0, an authorization flaw in updateComment allows an authenticated low-privileged user (including a custom role with zero cap... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-27895 LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly vali... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-32899 OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction_* and pin_* non-message events before adding them to system-event context. Attackers can bypass configu... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1378 The WP Posts Re-order plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the `cpt_plugin_options()` ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1390 The Redirect countdown plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the `countdown_settings_co... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1935 The Company Posts for LinkedIn plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.0. This is due to a missing capability check on the `linkedin_compa... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-4143 The Neos Connector for Fakturama plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.0.14. This is due to missing nonce validation in the ncff_add_pl... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2294 The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uip_save_globa... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3225 The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the delete_question_answer() function of... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-4066 The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational_posts_search() function in all versions up to, and includi... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-33238 WWBN AVideo is an open source video platform. Prior to version 26.0, the `listFiles.json.php` endpoint accepts a `path` POST parameter and passes it directly to `glob()` without restricting the path t... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3331 The Lobot Slider Administrator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.0. This is due to missing or incorrect nonce validation on the fou... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3332 The Xhanch - My Advanced Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing nonce validation in the `xms_sett... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-33171 Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, authenticated Control Panel users could read arbitrary `.json`, `.yaml`, and `.csv` files fr... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-33177 Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, low-privileged Control Panel users could create taxonomy terms by submitting requests to the... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3429 A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifica... | 4.2 | MEDIUM | — | 0 |
| CVE-2026-32719 AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl() funct... | 4.2 | MEDIUM | — | 0 |
| CVE-2026-2802 Race condition in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | 4.2 | MEDIUM | — | 0 |
| CVE-2025-1787 Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privile... | 4.2 | MEDIUM | — | 0 |
| CVE-2026-29190 Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader (backup/backends/v3/backend.py). If a ... | 4.1 | MEDIUM | — | 0 |
| CVE-2026-27795 LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery (SSRF) bypass exists in `RecursiveUrlLoader` in `@langchain/communi... | 4.1 | MEDIUM | — | 0 |
| CVE-2025-47904 Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5. | 4.1 | MEDIUM | — | 0 |
| CVE-2021-35483 The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileuploa... | 4.1 | MEDIUM | — | 0 |
| CVE-2026-1230 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 1.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause reposito... | 4.1 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.