CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-21229 Improper input validation in Power BI allows an authorized attacker to execute code over a network. | 8.0 | HIGH | — | 0 |
| CVE-2026-21228 Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network. | 8.1 | HIGH | — | 0 |
| CVE-2026-21222 Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-21218 Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network. | 7.5 | HIGH | — | 0 |
| CVE-2026-20846 Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network. | 7.5 | HIGH | — | 0 |
| CVE-2026-20841 Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-1997 Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is dis... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1996 Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled, failing to establish a TCP connection. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-0653 On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of pro... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-0652 On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during configuration synchronization. An authenticated attacker can execute arbi... | 8.8 | HIGH | — | 0 |
| CVE-2026-0651 A path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within the HTTP server’s handling of GET requests. The server performs path normalization before fully decod... | 7.8 | HIGH | — | 0 |
| CVE-2025-6010 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2026-25530 Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane da... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24885 Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery (CSRF) vulnerability exists in the ProjectPermissionController within the Kanboard ... | 5.7 | MEDIUM | — | 0 |
| CVE-2025-36522 Incorrect default permissions for some Intel(R) Chipset Software before version 10.1.20266.8668 or later. within Ring 3: User Applications may allow an escalation of privilege. System software adversa... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-36511 Incorrect default permissions for some Intel(R) Memory and Storage Tool before version 2.5.2 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an au... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-35999 Incorrect permission assignment for critical resource for some System Firmware Update Utility (SysFwUpdt) for Intel(R) Server Boards and Intel(R) Server Systems Based before version 16.0.12. within Ri... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-35998 Missing protection mechanism for alternate hardware interface in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within Ring 0: Kernel may allow an escalation of privilege. System sof... | 7.9 | HIGH | — | 0 |
| CVE-2025-35992 Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combine... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-33030 Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated us... | 3.3 | LOW | — | 0 |
| CVE-2025-32739 Improper conditions check in some firmware for some Intel(R) Graphics Drivers and Intel LTS kernels within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an... | 2.8 | LOW | — | 0 |
| CVE-2025-32735 Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combine... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-32467 Use of uninitialized variable for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a high ... | 4.1 | MEDIUM | — | 0 |
| CVE-2025-32453 Incorrect default permissions for some Intel(R) Graphics Driver software within Ring 2: Privileged Process may allow an escalation of privilege. Unprivileged software adversary with an authenticated u... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-32452 Uncontrolled search path for some AI Playground before version 2.6.1 beta within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated u... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-32092 Insecure inherited permissions for some Intel(R) Graphics Software before version 25.30.1702.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary wi... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-32008 Out-of-bounds write in the firmware for the Intel(R) AMT and Intel(R) Standard Manageability within Ring 3: User Applications may allow a denial of service. Network adversary with an unauthenticated u... | 8.6 | HIGH | — | 0 |
| CVE-2025-32007 Out-of-bounds read for some TDX before version tdx module 1.5.24 within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a low complexi... | 4.4 | MEDIUM | — | 0 |
| CVE-2025-32003 Out-of-bounds read in the firmware for some 100GbE Intel(R) Ethernet Network Adapter E810 before version cvl fw 1.7.6, cpk 1.3.7 within Ring 0: Bare Metal OS may allow a denial of service. Network adv... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-31944 Race condition for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow a denial of service. Authorized adversary with a privileged user combined with a high complexity attack may... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-31655 Incorrect default permissions for some Intel(R) Battery Life Diagnostic Tool within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticate... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-31648 Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high co... | 3.9 | LOW | — | 0 |
| CVE-2025-30513 Race condition for some TDX Module within Ring 0: Hypervisor may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable esc... | 7.9 | HIGH | — | 0 |
| CVE-2025-30508 Improper authorization in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within Ring 0: Kernel may allow a denial of service. Unprivileged software adversary with an authenticated us... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-27940 Out-of-bounds read for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an information disclosure. Software side channel adversary with a privileged user combined with a high ... | 4.1 | MEDIUM | — | 0 |
| CVE-2025-27708 Out-of-bounds read in the firmware for some Intel(R) Converged Security and Management Engine (CSME) Firmware (FW) within Ring 0: Kernel may allow an information disclosure. System software adversary ... | 4.1 | MEDIUM | — | 0 |
| CVE-2025-27572 Exposure of sensitive information during transient execution for some TDX within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a hig... | 4.1 | MEDIUM | — | 0 |
| CVE-2025-27560 Loop with unreachable exit condition ('infinite loop') for some Intel(R) Platform within Ring 0: Kernel may allow a denial of service. System software adversary with a privileged user combined with a ... | 6.0 | MEDIUM | — | 0 |
| CVE-2025-27535 Exposed ioctl with insufficient access control in the firmware for some Intel(R) Ethernet Connection E825-C. before version NVM ver. 3.84 within Ring 0: Bare Metal OS may allow a denial of service. Sy... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-27243 Out-of-bounds write in the firmware for some Intel(R) Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with ... | 6.0 | MEDIUM | — | 0 |
| CVE-2025-25210 Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary wit... | 8.2 | HIGH | — | 0 |
| CVE-2025-25058 Improper initialization for some ESXi kernel mode driver for the Intel(R) Ethernet 800-Series before version 2.2.2.0 (esxi 8.0) & 2.2.3.0 (esxi 9.0) within Ring 1: Device Drivers may allow an info... | 3.3 | LOW | — | 0 |
| CVE-2025-24851 Uncaught exception in the firmware for some 100GbE Intel(R) Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary... | 6.0 | MEDIUM | — | 0 |
| CVE-2025-22885 Improper buffer restrictions in the firmware for the TDX Module may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-22849 Incorrect default permissions for the Intel(R) Optane(TM) PMem management software before versions CR_MGMT_01.00.00.3584, CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538 within Ring 3: User Applications ... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-22453 Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary wit... | 7.5 | HIGH | — | 0 |
| CVE-2025-20106 Uncontrolled search path in some software installer for some VTune(TM) Profiler software and Intel(R) oneAPI Base Toolkits before version 2025.0. within Ring 3: User Applications may allow an escalati... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-20080 Null pointer dereference in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability within Ring 0: Kernel may allow a denial of service. Network adversary with an unauthenticated user c... | 6.8 | MEDIUM | — | 0 |
| CVE-2025-20070 Improper conditions check for the Intel(R) Optane(TM) PMem management software before versions CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538 within Ring 3: User Applications may allow an escalation of ... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-22153 An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentl... | 8.1 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.