CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2025-13973 The StickEasy Protected Contact Form plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.0.2. The plugin stores spam detection logs at a pred... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-13681 The BFG Tools – Extension Zipper plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.0.7. This is due to insufficient input validation on the user-supplied `fi... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-24853 Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoint... | 8.1 | HIGH | — | 0 |
| CVE-2026-26273 Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authentication vulnerability exists in Known 1.6.2 and earlier. The application leaks the password reset token within a hidden ... | N/A | NONE | — | 0 |
| CVE-2026-1844 The PixelYourSite PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pysTrafficSource' parameter and the 'pys_landing_page' parameter in all versions up to, and including, ... | 7.2 | HIGH | — | 0 |
| CVE-2026-1841 The PixelYourSite – Your smart PIXEL (TAG) & API Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pysTrafficSource' parameter and the 'pys_landing_page' parameter in ... | 7.2 | HIGH | — | 0 |
| CVE-2025-70957 A Denial of Service (DoS) vulnerability was discovered in the TON Lite Server before v2024.09. The vulnerability arises from the handling of external arguments passed to locally executed "get methods.... | 7.5 | HIGH | — | 0 |
| CVE-2025-70956 A State Pollution vulnerability was discovered in the TON Virtual Machine (TVM) before v2025.04. The issue exists in the RUNVM instruction logic (VmState::run_child_vm), which is responsible for initi... | 7.5 | HIGH | — | 0 |
| CVE-2025-70955 A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which ... | 7.5 | HIGH | — | 0 |
| CVE-2025-70954 A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, w... | 7.5 | HIGH | — | 0 |
| CVE-2025-70866 LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges (User role) can directly access the admin backend by logging in through /admin/login. The... | 8.8 | HIGH | — | 0 |
| CVE-2025-69633 A SQL Injection vulnerability in the Advanced Popup Creator (advancedpopupcreator) module for PrestaShop 1.1.26 through 1.2.6 (Fixed in version 1.2.7) allows remote unauthenticated attackers to execut... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-15157 The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check... | 8.8 | HIGH | — | 0 |
| CVE-2026-26335 Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stored in C:\\Program Files (x86)\\Veramark\\VeraSMART\\WebRoot\\we... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-26334 Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll (Veramark.Core.Config class). These keys are used to encrypt the password of the s... | 7.8 | HIGH | — | 0 |
| CVE-2026-26333 Calero VeraSMART versions prior to 2022 R1 expose an unauthenticated .NET Remoting HTTP service on TCP port 8001. The service publishes default ObjectURIs (including EndeavorServer.rem and RemoteFileR... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-68128 Rejected reason: reserved but not needed | N/A | NONE | — | 0 |
| CVE-2025-68127 Rejected reason: reserved but not needed | N/A | NONE | — | 0 |
| CVE-2025-68126 Rejected reason: reserved but not needed | N/A | NONE | — | 0 |
| CVE-2025-68125 Rejected reason: reserved but not needed | N/A | NONE | — | 0 |
| CVE-2025-68124 Rejected reason: reserved but not needed | N/A | NONE | — | 0 |
| CVE-2025-58184 Rejected reason: reserved but not needed | N/A | NONE | — | 0 |
| CVE-2025-58182 Rejected reason: reserved but not needed | N/A | NONE | — | 0 |
| CVE-2025-47915 Rejected reason: reserved but not needed | N/A | NONE | — | 0 |
| CVE-2024-34157 Rejected reason: reserved but not needed | N/A | NONE | — | 0 |
| CVE-2024-34154 Rejected reason: reserved but not needed | N/A | NONE | — | 0 |
| CVE-2023-45291 Rejected reason: reserved but not needed | N/A | NONE | — | 0 |
| CVE-2026-26269 Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim bu... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-2441 Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | KEV | 0 |
| CVE-2026-26264 BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0rc4 and 1.4.3rc2, a malformed WriteProperty request can trigger a length underflow in the BACnet stack... | 8.1 | HIGH | — | 0 |
| CVE-2026-26208 ADB Explorer is a fluent UI for ADB on Windows. Prior to Beta 0.9.26020, ADB Explorer is vulnerable to Insecure Deserialization leading to Remote Code Execution. The application attempts to deserializ... | 7.8 | HIGH | — | 0 |
| CVE-2026-26190 Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr deb... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-26187 lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter (pkg/block/local/adapter.go) allows authenticated users to read and ... | 8.1 | HIGH | — | 0 |
| CVE-2026-25991 Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, there is a Blind Server-Side Request Forgery (SSRF) vulnerability in the Cookmate r... | 7.7 | HIGH | — | 0 |
| CVE-2026-25964 Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the RecipeImport workflow of Tandoor Recipes allo... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-21878 BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.rc3, a vulnerability has been discovered in BACnet Stack's file writing functionality where there is ... | 7.5 | HIGH | — | 0 |
| CVE-2025-36552 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-36545 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-36542 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-36538 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-36534 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-36532 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-36526 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-36524 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-36523 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-36517 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-35997 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-35993 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-35976 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-35962 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.