CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-2869 A vulnerability was identified in janet-lang janet up to 1.40.1. Affected by this vulnerability is the function janetc_varset of the file src/core/specials.c of the component handleattr Handler. The m... | 3.3 | LOW | — | 0 |
| CVE-2026-2867 A vulnerability was determined in itsourcecode Vehicle Management System 1.0. Affected is an unknown function of the file /billaction.php. Executing a manipulation of the argument ID can lead to sql i... | 7.3 | HIGH | — | 0 |
| CVE-2026-27579 CollabPlatform is a full-stack, real-time doc collaboration platform. In all versions of CollabPlatform, the Appwrite project used by the application is misconfigured to allow arbitrary origins in COR... | 7.4 | HIGH | — | 0 |
| CVE-2026-27574 OneUptime is a solution for monitoring and managing online services. In versions 9.5.13 and below, custom JavaScript monitor feature uses Node.js's node:vm module (explicitly documented as not a secur... | 9.9 | CRITICAL | — | 0 |
| CVE-2026-27492 Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties (such as to, subject, html, text, and attachments) are not reset between sends when a s... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-1787 The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_migrated_data' functi... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-27576 OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the ACP bridge accepts very large prompt text blocks and can assemble oversized prompt payloads before forwarding them to chat.sen... | 4.0 | MEDIUM | — | 0 |
| CVE-2026-27488 OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, Cron webhook delivery in src/gateway/server-cron.ts uses fetch() directly, so webhook targets can reach private/metadata/internal ... | 7.3 | HIGH | — | 0 |
| CVE-2026-27487 OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into ... | 7.6 | HIGH | — | 0 |
| CVE-2026-27486 OpenClaw is a personal AI assistant. In versions 2026.2.13 and below of the OpenClaw CLI, the process cleanup uses system-wide process enumeration and pattern matching to terminate processes without v... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-27485 OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, skills/skill-creator/scripts/package_skill.py (a local helper script used when authors package skills) previously followed symlink... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-27484 OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the Discord moderation action handling (timeout, kick, ban) uses sender identity from request parameters in tool-driven flows, ins... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-27482 Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. I... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-27480 Static Web Server (SWS) is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentic... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-14339 The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to unauthorized form deletion in all versions up to, and i... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-27479 Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery (SSRF) vulnerability in the subscription and payment logo/icon upl... | 7.7 | HIGH | — | 0 |
| CVE-2026-2865 A vulnerability was found in itsourcecode Agri-Trading Online Shopping System 1.0. This impacts an unknown function of the file admin/productcontroller.php of the component HTTP POST Request Handler. ... | 7.3 | HIGH | — | 0 |
| CVE-2026-2864 A vulnerability has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. This affects the function pictureDelete of the file PictureController.ja... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-27470 ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the w... | 8.8 | HIGH | — | 0 |
| CVE-2026-27469 Isso is a lightweight commenting server written in Python and JavaScript. In commits before 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144, there is a stored Cross-Site Scripting (XSS) vulnerability affecti... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-27467 BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the microphone muted, the client sends audio to the server regardless of mute state. ... | 2.0 | LOW | — | 0 |
| CVE-2026-27466 BigBlueButton is an open-source virtual classroom. In versions 3.0.21 and below, the official documentation for "Server Customization" on Support for ClamAV as presentation file scanner contains instr... | 7.2 | HIGH | — | 0 |
| CVE-2026-27464 Metabase is an open-source data analytics platform. In versions prior to 0.57.13 and versions 0.58.x through 0.58.6, authenticated users are able to retrieve sensitive information from a Metabase inst... | 7.7 | HIGH | — | 0 |
| CVE-2026-27471 ERP is a free and open source Enterprise Resource Planning tool. In versions up to 15.98.0 and 16.0.0-rc.1 and through 16.6.0, certain endpoints lacked access validation which allowed for unauthorized... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-27458 LinkAce is a self-hosted archive to collect website links. Versions 2.4.2 and below have a Stored Cross-site Scripting vulnerability through the Atom feed endpoint for lists (/lists/feed). An authenti... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-27452 ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules (BER) and Distinguished Encoding Rules (DER). In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the un... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-27206 Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The ... | 8.1 | HIGH | — | 0 |
| CVE-2026-2863 A flaw has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java.... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-2861 A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is poss... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-27212 Swiper is a free and mobile touch slider with hardware accelerated transitions and native behavior. Versions 6.5.1 through 12.1.1 have a Prototype pollution vulnerability. The vulnerability resides in... | 7.8 | HIGH | — | 0 |
| CVE-2026-27211 Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration (constrained by process privileges) when using virtio-bl... | 10.0 | CRITICAL | — | 0 |
| CVE-2026-27210 Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, includin... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-27205 Flask is a web server gateway interface (WSGI) web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Us... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-27199 Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safe_join function allows Windows device names as filenames if preceded by other path segments. This was previou... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-27198 Formwork is a flat file-based Content Management System (CMS). In versions 2.0.0 through 2.3.3, the application fails to properly enforce role-based authorization during account creation. Although the... | 8.8 | HIGH | — | 0 |
| CVE-2026-26047 A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-26046 A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled a... | 7.2 | HIGH | — | 0 |
| CVE-2026-26045 A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead... | 7.2 | HIGH | — | 0 |
| CVE-2026-2860 A security vulnerability has been detected in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. Impacted is an unknown function of the file EmployeeControll... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-27534 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27533 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27532 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27531 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27530 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27529 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27528 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27527 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27197 Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to ta... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-27196 Statmatic is a Laravel and Git powered content management system (CMS). Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html fieldtypes which al... | 8.1 | HIGH | — | 0 |
| CVE-2026-27194 D-Tale is a visualizer for pandas data structures. Versions prior to 3.20.0 are vulnerable to Remote Code Execution through the /save-column-filter endpoint. Users hosting D-Tale publicly can be vulne... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.