CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2025-70242 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formSetWanPPTP. | 7.5 | HIGH | — | 0 |
| CVE-2025-70227 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the nextPage parameter to goform/formLanguageChange. | 7.5 | HIGH | — | 0 |
| CVE-2025-70129 If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an ... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-70128 A Stored Cross-Site Scripting (XSS) vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 and earlier. The application fails to properly sanitize or validate user-supp... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-48611 In DeviceId of DeviceId.java, there is a possible desync in persistence due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. ... | 10.0 | CRITICAL | — | 0 |
| CVE-2025-36227 IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks ... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-36226 IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the int... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-13219 IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, ref... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-3370 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | — | 0 |
| CVE-2026-28292 `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-27826 MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint ... | 8.2 | HIGH | — | 0 |
| CVE-2026-27281 DNG SDK versions 1.7.1 2471 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability t... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-27280 DNG SDK versions 1.7.1 2471 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issu... | 7.8 | HIGH | — | 0 |
| CVE-2026-27279 Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of t... | 7.8 | HIGH | — | 0 |
| CVE-2026-27277 Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this is... | 7.8 | HIGH | — | 0 |
| CVE-2026-27276 Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this is... | 7.8 | HIGH | — | 0 |
| CVE-2026-27275 Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of t... | 7.8 | HIGH | — | 0 |
| CVE-2026-27274 Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of t... | 7.8 | HIGH | — | 0 |
| CVE-2026-27273 Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of t... | 7.8 | HIGH | — | 0 |
| CVE-2026-27269 Premiere Pro versions 25.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An a... | 7.8 | HIGH | — | 0 |
| CVE-2026-27219 Substance3D - Painter versions 11.1.2 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensit... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-27218 Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerabilit... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-27217 Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerabilit... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-27216 Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensit... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-27215 Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerabilit... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-27214 Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerabilit... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-26801 Server-Side Request Forgery (SSRF) vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix w... | 7.5 | HIGH | — | 0 |
| CVE-2026-26742 PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectly applies the in-air emergency re-arm logic to ground scena... | 8.1 | HIGH | — | 0 |
| CVE-2026-26741 PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from Auto mode to Manual mode while the drone is in the "ARMED" state (after landing a... | 8.1 | HIGH | — | 0 |
| CVE-2026-21365 Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensit... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-21364 Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerabilit... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-21363 Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerabilit... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-3862 Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page. | N/A | NONE | — | 0 |
| CVE-2026-3854 An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on th... | 8.8 | HIGH | — | 0 |
| CVE-2026-3847 Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary c... | 8.8 | HIGH | — | 0 |
| CVE-2026-3846 Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability affects Firefox < 148.0.2. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-3845 Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability affects Firefox < 148.0.2. | 8.8 | HIGH | — | 0 |
| CVE-2026-3843 Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability (CWE-89) in the system configuration module. A remote attacker can send specially craf... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-3483 An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges. | 7.8 | HIGH | — | 0 |
| CVE-2026-3315 Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/E... | N/A | NONE | — | 0 |
| CVE-2026-3306 An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access to a repository and write access to a project to modify issue and pull request m... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3228 The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[nxs_fbembed]` shortcode in all versions up to, and including, 4.4.6. This is du... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-31797 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CTiffImg::ReadLine() when iccApplyProfiles processe... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-31796 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in icCurvesFromXml() causing heap memory corruption... | 7.8 | HIGH | — | 0 |
| CVE-2026-31795 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow write in CIccXform3DLut::Apply() corrupting stack memory... | 7.8 | HIGH | — | 0 |
| CVE-2026-31794 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a segmentation fault from invalid/wild pointer read in CIccCLUT::Interp3d() caus... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31793 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a segmentation fault due to invalid/wild pointer read in CIccCalculatorFunc::App... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31792 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a null pointer dereference in CIccTagXmlStruct::ParseTag() causing a segmentatio... | 7.8 | HIGH | — | 0 |
| CVE-2026-30987 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in CIccTagNum<>::GetValues() causing stack memory corrup... | 7.8 | HIGH | — | 0 |
| CVE-2026-30986 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow write in CIccMatrixMath::SetRange() causing memory ... | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.