CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-25872 JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal vulnerability in the embedded web interface. The application fails to properly validate file path inp... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25870 DoraCMS version 3.1 and prior contains a server-side request forgery (SSRF) vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs serve... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-25251 Rejected reason: This has been moved to the REJECTED state because the information source is under review. If circumstances change, it is possible that this will be moved to the PUBLISHED state at a l... | N/A | NONE | — | 0 |
| CVE-2026-26013 LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.get_num_tokens_from_messages() method fetches arbitrary image_url values without validation w... | 3.7 | LOW | — | 0 |
| CVE-2026-26007 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), Ellip... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-26006 AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The autogpt before 0.6.32 is vulnerable to Regular Expr... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1507 The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service. | 7.5 | HIGH | — | 0 |
| CVE-2026-1495 The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-12699 The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields (run number, incident, call sign, notes) are interpreted as HTML/JS whe... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-2303 The mongo-go-driver repository contains CGo bindings for GSSAPI (Kerberos) authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incor... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-21349 Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this ... | 7.8 | HIGH | — | 0 |
| CVE-2026-21348 Substance3D - Modeler versions 1.22.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sens... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-1763 Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions. | 4.6 | MEDIUM | — | 0 |
| CVE-2026-1762 A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions. | 2.9 | LOW | — | 0 |
| CVE-2025-54514 Improper isolation of shared resources on a system on a chip by a malicious local attacker with high privileges could potentially lead to a partial loss of integrity. | N/A | NONE | — | 0 |
| CVE-2025-52536 Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity. | N/A | NONE | — | 0 |
| CVE-2025-52534 Improper bound check within AMD CPU microcode can allow a malicious guest to write to host memory, potentially resulting in loss of integrity. | N/A | NONE | — | 0 |
| CVE-2025-48517 Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potenti... | N/A | NONE | — | 0 |
| CVE-2025-48515 Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code exe... | N/A | NONE | — | 0 |
| CVE-2025-48514 Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality. | N/A | NONE | — | 0 |
| CVE-2025-48509 Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause misidentification of I/O memory, potentially resulting in a loss of guest memory ... | N/A | NONE | — | 0 |
| CVE-2025-29952 Improper Initialization within the AMD Secure Encrypted Virtualization (SEV) firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memor... | N/A | NONE | — | 0 |
| CVE-2025-29951 A buffer overflow in the AMD Secure Processor (ASP) bootloader could allow an attacker to overwrite memory, potentially resulting in privilege escalation and arbitrary code execution. | N/A | NONE | — | 0 |
| CVE-2025-29950 Improper input validation in system management mode (SMM) could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution. | N/A | NONE | — | 0 |
| CVE-2025-29949 Insufficient input parameter sanitization in AMD Secure Processor (ASP) Boot Loader (legacy recovery mode only) could allow an attacker to write out-of-bounds to corrupt Secure DRAM potentially result... | N/A | NONE | — | 0 |
| CVE-2025-29948 Improper access control in AMD Secure Encrypted Virtualization (SEV) firmware could allow a malicious hypervisor to bypass RMP protections, potentially resulting in a loss of SEV-SNP guest memory inte... | N/A | NONE | — | 0 |
| CVE-2025-29946 Insufficient or Incomplete Data Removal in Hardware Component in SEV firmware doesn't fully flush IOMMU. This can potentially lead to a loss of confidentiality and integrity in guest memory. | N/A | NONE | — | 0 |
| CVE-2025-29939 Improper access control in secure encrypted virtualization (SEV) could allow a privileged attacker to write to the reverse map page (RMP) during secure nested paging (SNP) initialization, potentially ... | N/A | NONE | — | 0 |
| CVE-2025-0031 A use after free in the SEV firmware could allow a malicous hypervisor to activate a migrated guest with the SINGLE_SOCKET policy on a different socket than the migration agent potentially resulting i... | N/A | NONE | — | 0 |
| CVE-2025-0029 Improper handling of error condition during host-induced faults can allow a local high-privileged attack to selectively drop guest DMA writes, potentially resulting in a loss of SEV-SNP guest memory i... | N/A | NONE | — | 0 |
| CVE-2025-0012 Improper handling of overlap between the segmented reverse map table (RMP) and system management mode (SMM) memory could allow a privileged attacker corrupt or partially infer SMM memory resulting in ... | N/A | NONE | — | 0 |
| CVE-2024-36355 Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 (sleep) wake up, potentially resulting in arbitrary code execu... | N/A | NONE | — | 0 |
| CVE-2024-36311 A Time-of-check time-of-use (TOCTOU) race condition in the SMM communications buffer could allow a privileged attacker to bypass input validation and perform an out of bounds read or write, potentiall... | N/A | NONE | — | 0 |
| CVE-2024-36310 Improper input validation in the SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to SMRAM potentially resulting in loss of confidentiality or inte... | N/A | NONE | — | 0 |
| CVE-2024-21953 Improper input validation in IOMMU could allow a malicious hypervisor to reconfigure IOMMU registers resulting in loss of guest data integrity. | N/A | NONE | — | 0 |
| CVE-2021-26410 Improper syscall input validation in ASP (AMD Secure Processor) may force the kernel into reading syscall parameter values from its own memory space allowing an attacker to infer the contents of the k... | N/A | NONE | — | 0 |
| CVE-2021-26381 Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmapping operations on a large number of pages, potentially resulting in kernel memory c... | N/A | NONE | — | 0 |
| CVE-2026-2302 Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.from_hash may allow for executing arbitrary Ruby code. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-26009 Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating syst... | 9.9 | CRITICAL | — | 0 |
| CVE-2026-25613 An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25610 An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid index hints. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25609 Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read-only. | 5.4 | MEDIUM | — | 0 |
| CVE-2026-25506 MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daem... | 7.7 | HIGH | — | 0 |
| CVE-2026-21355 DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive info... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-21354 DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability t... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-21353 DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation o... | 7.8 | HIGH | — | 0 |
| CVE-2026-21352 DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issu... | 7.8 | HIGH | — | 0 |
| CVE-2026-21347 Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitatio... | 7.8 | HIGH | — | 0 |
| CVE-2026-21346 Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i... | 7.8 | HIGH | — | 0 |
| CVE-2026-21345 Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory struct... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.