CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-2733 A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that t... | 3.8 | LOW | — | 0 |
| CVE-2026-2711 A vulnerability has been found in zhutoutoutousan worldquant-miner up to 1.0.9. The impacted element is an unknown function of the file worldquant-miner-master/agent-dify-api/core/helper/ssrf_proxy.py... | 5.6 | MEDIUM | — | 0 |
| CVE-2026-2731 Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 (all) and 9 (<9.19.7 and <9.20.3) allows unauthenticated attackers to execute code via simple web requests | N/A | NONE | — | 0 |
| CVE-2026-2709 A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulation... | 3.5 | LOW | — | 0 |
| CVE-2026-2706 A flaw has been found in code-projects Patient Record Management System 1.0. This affects an unknown function of the file /fecalysis_not.php. This manipulation of the argument comp_id causes sql injec... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2705 A vulnerability was detected in Open Babel up to 3.1.1. The impacted element is the function OBAtom::SetFormalCharge in the library include/openbabel/atom.h of the component MOL2 File Handler. The man... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2704 A security vulnerability has been detected in Open Babel up to 3.1.1. The affected element is the function OpenBabel::transform3d::DescribeAsString of the file src/math/transform3d.cpp of the componen... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2703 A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decode_base64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLS... | 3.3 | LOW | — | 0 |
| CVE-2026-2702 A security flaw has been discovered in Beetel 777VR1 up to 01.00.09. This issue affects some unknown processing of the component WPA2 PSK. Performing a manipulation results in hard-coded credentials. ... | 3.1 | LOW | — | 0 |
| CVE-2026-2693 A vulnerability was determined in CoCoTeaNet CyreneAdmin up to 1.3.0. This vulnerability affects unknown code of the file /api/system/dashboard/getCount of the component System Info Endpoint. Executin... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2692 A vulnerability was found in CoCoTeaNet CyreneAdmin up to 1.3.0. This affects an unknown part of the file /api/system/user/getAvatar of the component Image Handler. Performing a manipulation of the ar... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2691 A vulnerability has been found in itsourcecode Event Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/manage_register.php. Such manipulation of the argume... | 7.3 | HIGH | — | 0 |
| CVE-2026-2690 A flaw has been found in itsourcecode Event Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Admin Login. Thi... | 7.3 | HIGH | — | 0 |
| CVE-2026-2689 A vulnerability was detected in itsourcecode Event Management System 1.0. Affected is an unknown function of the file /admin/manage_booking.php. The manipulation of the argument ID results in sql inje... | 7.3 | HIGH | — | 0 |
| CVE-2026-2681 A flaw was found in the blst cryptographic library. This out-of-bounds stack write vulnerability, specifically in the blst_sha256_bcopy assembly routine, occurs due to a missing zero-length guard. A r... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2504 The Dealia – Request a quote plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on multiple AJAX handlers in all versions up to, and including, 1.... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2502 The xmlrpc attacks blocker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0, via the 'X-Forwarded-For' HTTP header. This is due to the plugin tru... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-2284 The News Element Elementor Blog Magazine plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.8. This is due to a missing capability check and nonce ve... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-2282 The Slidorion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escapin... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-25474 OpenClaw is a personal AI assistant. In versions 2026.1.30 and below, if channels.telegram.webhookSecret is not set when in Telegram webhook mode, OpenClaw may accept webhook HTTP requests without ver... | 7.5 | HIGH | — | 0 |
| CVE-2026-25242 Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled (default), any ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-25232 Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protecte... | 8.8 | HIGH | — | 0 |
| CVE-2026-25229 Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have a broken access control vulnerability which allows authenticated users with write access to any repository to modify labe... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25120 Gogs is an open source self-hosted Git service. In versions 0.13.4 and below, the DeleteComment API does not verify that the comment belongs to the repository specified in the URL. This allows a repos... | 2.7 | LOW | — | 0 |
| CVE-2026-24764 OpenClaw (formerly Clawdbot) is a personal AI assistant users run on their own devices. In versions 2026.2.2 and below, when the Slack integration is enabled, channel metadata (topic/description) can ... | 3.7 | LOW | — | 0 |
| CVE-2026-1994 The s2Member plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 260127. This is due to the plugin not properly validating a user's id... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1646 The Advance Block Extend plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TitleColor block attribute in the Latest Posts Gutenberg block in all versions up to, and including, ... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1455 The Whatsiplus Scheduled Notification for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validat... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1405 The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'slider_future_handle_image_upload' function in all versions up to, and includ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1373 The Easy Author Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'author_profile_picture_url' parameter in all versions up to, and including, 1.7 due to insufficient inp... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1055 The TalkJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1.15 due to insufficient input sanitization and output escaping.... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-1047 The salavat counter Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'image_url' parameter in all versions up to, and including, 0.9.5 due to insufficient input sanitiz... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-1044 The Tennis Court Bookings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.7 due to insufficient input sanitization and ou... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-1043 The PostmarkApp Email Integrator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 2.4. This is due to insufficient input sani... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-0974 The Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the 'in... | 8.8 | HIGH | — | 0 |
| CVE-2026-0926 The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.2.9 via the 'parameters[template_name]' parameter. This makes it possible for un... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-0912 The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'trman_save_option' function an... | 8.8 | HIGH | — | 0 |
| CVE-2026-0722 The Shield Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 21.0.8. This is due to the plugin allowing nonce verification to be bypassed ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-0561 The Shield Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 21.0.8 due to insufficient input sanitization... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-0556 The XO Event Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xo_event_field' shortcode in all versions up to, and including, 3.2.10 due to insufficient inp... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-0549 The Groups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'groups_group_info' shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanit... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-4960 The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to pr... | 7.8 | HIGH | — | 0 |
| CVE-2025-4521 The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_profile() function i... | 8.8 | HIGH | — | 0 |
| CVE-2025-15586 OGP-Website installs prior git commit 52f865a4fba763594453068acf8fa9e3fc38d663 are affected by a type juggling flaw which if exploited can result in authentication bypass without knowledge of the vict... | N/A | NONE | — | 0 |
| CVE-2025-15041 The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ... | 7.2 | HIGH | — | 0 |
| CVE-2025-14983 The Advanced Custom Fields: Font Awesome Field plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output ... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-14864 The Virusdie - One-click website security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.7. This is due to missing capability checks on ... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-14851 The YaMaps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `yamap` shortcode parameters in all versions up to, and including, 0.6.40 due to insufficient input s... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-14452 The WP Customer Reviews plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpcr3_fname' parameter in all versions up to, and including, 3.7.5 due to insufficient input sanit... | 7.2 | HIGH | — | 0 |
| CVE-2025-14445 The Image Hotspot by DevVN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hotspot_content' custom field meta in all versions up to, and including, 1.2.9 due to insufficient... | 6.4 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.