CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-23665 Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-23664 Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | 7.5 | HIGH | — | 0 |
| CVE-2026-23662 Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | 7.5 | HIGH | — | 0 |
| CVE-2026-23661 Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | 7.5 | HIGH | — | 0 |
| CVE-2026-23660 Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-23656 Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network. | 5.9 | MEDIUM | — | 0 |
| CVE-2026-23654 Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network. | 8.8 | HIGH | — | 0 |
| CVE-2026-23240 In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tls_sw_cancel_work_tx() This issue was discovered during a code audit. After cancel_delayed_work_sync(... | N/A | NONE | — | 0 |
| CVE-2026-23239 In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcp_close() This issue was discovered during a code audit. After cancel_work_sync() is calle... | N/A | NONE | — | 0 |
| CVE-2026-22629 An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer ... | 3.7 | LOW | — | 0 |
| CVE-2026-22628 An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an authenticated admin to execute system commands via a specifically crafted SSH config file. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-22627 A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an unauthenticated attacker within the same adjacent... | 8.8 | HIGH | — | 0 |
| CVE-2026-22614 The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially re... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-22572 An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiMan... | 7.2 | HIGH | — | 0 |
| CVE-2026-21791 HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL | 3.3 | LOW | — | 0 |
| CVE-2026-21262 Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. | 8.8 | HIGH | — | 0 |
| CVE-2026-20967 Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network. | 8.8 | HIGH | — | 0 |
| CVE-2026-1286 CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated use... | N/A | NONE | — | 0 |
| CVE-2026-1261 The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Quiz feature in all versions up to, and including, 3.9.6 due to insufficient input sanitization and output esc... | 7.2 | HIGH | — | 0 |
| CVE-2025-70025 An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in benkeen generatedata 4.0.14. | 6.1 | MEDIUM | — | 0 |
| CVE-2025-69615 Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA bypass with no user interaction required. Affected Product: Deutsche Telekom AG Telekom Accou... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-69614 Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover. Affected Product: Deutsche Telekom AG Telekom Accoun... | 9.4 | CRITICAL | — | 0 |
| CVE-2025-68648 A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versi... | 7.2 | HIGH | — | 0 |
| CVE-2025-68482 A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiA... | 6.9 | MEDIUM | — | 0 |
| CVE-2025-66178 A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 throug... | 7.2 | HIGH | — | 0 |
| CVE-2025-56422 A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-56421 SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database. | 7.5 | HIGH | — | 0 |
| CVE-2025-55717 A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.... | 4.0 | MEDIUM | — | 0 |
| CVE-2025-54820 A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote un... | 8.1 | HIGH | — | 0 |
| CVE-2025-54659 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communica... | 5.8 | MEDIUM | — | 0 |
| CVE-2025-53706 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2025. No... | N/A | NONE | — | 0 |
| CVE-2025-53608 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.... | 4.8 | MEDIUM | — | 0 |
| CVE-2025-49784 An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.... | 6.0 | MEDIUM | — | 0 |
| CVE-2025-48840 An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unaut... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-48418 A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnal... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-41712 An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for th... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-41711 An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-41710 An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-41709 An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-40943 Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagno... | 9.6 | CRITICAL | — | 0 |
| CVE-2025-27769 A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station (All versions < F4.11.1), Heliox Mobile DC 40 kW EV Charging Station (All versions < L4.10.1). Affected devices contain im... | 2.6 | LOW | — | 0 |
| CVE-2025-13957 CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL ... | N/A | NONE | — | 0 |
| CVE-2025-13902 CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser ru... | N/A | NONE | — | 0 |
| CVE-2025-13901 CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to occ... | N/A | NONE | — | 0 |
| CVE-2025-11739 CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stre... | N/A | NONE | — | 0 |
| CVE-2022-4977 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | — | 0 |
| CVE-2026-3585 The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.17 via the 'ajax_create_import' function. This makes it possible for authenticat... | 7.5 | HIGH | — | 0 |
| CVE-2026-30927 Admidio is an open-source user management solution. Prior to 5.0.6, in modules/events/events_function.php, the event participation logic allows any user who can participate in an event to register OTH... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-30925 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.0-alpha.14 and 8.6.11, a malicious client can subscribe to a LiveQuery with a craft... | 7.5 | HIGH | — | 0 |
| CVE-2026-30921 OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed... | 9.9 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.