CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2025-52603 HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenario, this could allow a user to obtain limited information when a single piece of internal metadata is... | 3.5 | LOW | — | 0 |
| CVE-2024-56208 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in desertthemes NewsMash newsmash allows Stored XSS.This issue affects NewsMash: from n/a through <= ... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-54222 Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Accelerator seraphinite-accelerator allows Retrieve Embedded Sensitive Data.This issue affects Seraphinite Accelerator: from n/... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-52387 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Stored XSS.This issue affects Master... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-51915 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSp... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-50555 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor Websi... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-50452 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Stored XSS.This issue affects Nexte... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-43228 Missing Authorization vulnerability in SecuPress SecuPress Free secupress.This issue affects SecuPress Free: from n/a through <= 2.2.5.3. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-34438 Missing Authorization vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through <= 1.7.19. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-21627 The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s com_ajax entry point. Under certain conditions, internal framework functionality could b... | N/A | NONE | — | 0 |
| CVE-2025-14547 An integer underflow vulnerability is present in Silicon Lab’s implementation of PSA Crypto and SE Manager EC-JPAKE APIs during ZKP parsing. Triggering the underflow can lead to a hard fault, causing ... | N/A | NONE | — | 0 |
| CVE-2025-14055 An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet. | N/A | NONE | — | 0 |
| CVE-2026-2486 The Master Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ma_el_bh_table_btn_text' parameter in versions up to, and including, 2.1.1 due to insufficien... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-10970 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kolay Software Inc. Talentics allows Blind SQL Injection.This issue affects Talentics: through 200... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-21620 Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules... | N/A | NONE | — | 0 |
| CVE-2026-26050 The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arb... | N/A | NONE | — | 0 |
| CVE-2026-26370 WordPress Plugin "Survey Maker" versions 5.1.7.7 and prior contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web brows... | N/A | NONE | — | 0 |
| CVE-2025-59819 This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-2825 A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fix_html of the file tools/fix.py of the component Article Module. The manipulation leads to cross sit... | 3.5 | LOW | — | 0 |
| CVE-2026-2824 A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub_441CF4 of the file /cgi-bin/mbox-config?method=SET§ion=ping_config of the component webmggnt. Executing a manipulation... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2823 A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub_41ACCC of the file /cgi-bin/mbox-config?method=SET§ion=ntp_timezone of the component webmggnt. Perfo... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2822 A security vulnerability has been detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file /jeecgboot/sys/dict/loadDict/airag_app,1,create_by of the component Backend... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2739 This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, han... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-27325 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27324 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27323 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27322 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27321 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27320 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27319 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27318 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27317 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-2821 A weakness has been identified in Fujian Smart Integrated Management Platform System up to 7.5. Impacted is an unknown function of the file /Module/CRXT/Controller/XCamera.ashx. This manipulation of t... | 7.3 | HIGH | — | 0 |
| CVE-2026-2384 The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `vc_quizmaker` shortcode in all versions up to, and including, 6.7.1.7 due to insufficient input sanit... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-27017 uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Ch... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-26996 minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a ... | 7.5 | HIGH | — | 0 |
| CVE-2026-26995 Rejected reason: Further research determined the issue is an external dependency vulnerability. | N/A | NONE | — | 0 |
| CVE-2026-26994 uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 dow... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-26993 Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Versions 1.7.0 and below allow users to upload files without proper content validation or sanitizat... | 4.6 | MEDIUM | — | 0 |
| CVE-2026-26992 LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform St... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-26991 LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device group name is not sanitized, allowing attackers with admin privileges to perform ... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-2820 A security flaw has been discovered in Fujian Smart Integrated Management Platform System up to 7.5. This issue affects some unknown processing of the file /Module/CRXT/Controller/XAccessPermissionPlu... | 7.3 | HIGH | — | 0 |
| CVE-2026-2819 A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workfl... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-27016 LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID function... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-26990 LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address p... | 8.8 | HIGH | — | 0 |
| CVE-2026-26989 LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Rules workflow. ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-26988 LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajax_table.php endpoint. The application fails to... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-26987 LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable to Reflected XSS attacks via email field. This issue has been fixed in version ... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-26980 Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1. | 9.4 | CRITICAL | — | 0 |
| CVE-2026-26977 Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished co... | 5.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.