CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-30785 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client ... | N/A | NONE | — | 0 |
| CVE-2026-30784 Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-pro on hbbs/hbbr on all server platforms (Rendezvo... | N/A | NONE | — | 0 |
| CVE-2026-30783 A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Client signaling, API sync loop, config management modules) allows Privilege Abuse... | N/A | NONE | — | 0 |
| CVE-2026-26377 Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function. | 5.4 | MEDIUM | — | 0 |
| CVE-2026-25048 xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault (core dumped). This i... | 7.5 | HIGH | — | 0 |
| CVE-2025-64166 Mercurius is a GraphQL adapter for Fastify. Prior to version 16.4.0, a cross-site request forgery (CSRF) vulnerability was identified. The issue arises from incorrect parsing of the Content-Type heade... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-3598 Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Config string generation, web console export mod... | N/A | NONE | — | 0 |
| CVE-2026-30791 Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Config import, URI scheme handler, ... | 7.5 | HIGH | — | 0 |
| CVE-2026-27750 Avira Internet Security contains a time-of-check time-of-use (TOCTOU) vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan ... | 7.8 | HIGH | — | 0 |
| CVE-2026-27749 Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privil... | 7.8 | HIGH | — | 0 |
| CVE-2026-27748 Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\... | 7.8 | HIGH | — | 0 |
| CVE-2025-69534 Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Ma... | 7.5 | HIGH | — | 0 |
| CVE-2026-1720 The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability ... | 8.8 | HIGH | — | 0 |
| CVE-2026-2599 The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-3236 In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-21628 A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1605 In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with Content-Encoding: gzip, is processed and the corresponding r... | 7.5 | HIGH | — | 0 |
| CVE-2025-11143 The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security ... | 3.7 | LOW | — | 0 |
| CVE-2026-28551 Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability. | 4.7 | MEDIUM | — | 0 |
| CVE-2026-28549 Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability. | 6.6 | MEDIUM | — | 0 |
| CVE-2026-28548 Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 7.1 | HIGH | — | 0 |
| CVE-2026-28547 Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. | 6.8 | MEDIUM | — | 0 |
| CVE-2026-28546 Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. | 5.9 | MEDIUM | — | 0 |
| CVE-2026-28542 Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability. | 7.3 | HIGH | — | 0 |
| CVE-2026-2893 The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' parameter in the content_clone() function in all versions up to, and including, 6.3. This is due to insuf... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-28552 Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-28550 Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability. | 4.0 | MEDIUM | — | 0 |
| CVE-2026-28545 Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability. | 5.9 | MEDIUM | — | 0 |
| CVE-2026-28544 Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability. | 6.2 | MEDIUM | — | 0 |
| CVE-2026-28543 Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability. | 4.4 | MEDIUM | — | 0 |
| CVE-2026-28541 Permission control vulnerability in the cellular_data module. Impact: Successful exploitation of this vulnerability may affect availability. | 4.0 | MEDIUM | — | 0 |
| CVE-2026-28540 Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 4.0 | MEDIUM | — | 0 |
| CVE-2026-28539 Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 6.2 | MEDIUM | — | 0 |
| CVE-2026-28538 Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability. | 5.9 | MEDIUM | — | 0 |
| CVE-2026-28537 Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability. | 5.1 | MEDIUM | — | 0 |
| CVE-2026-21786 HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs. | 3.3 | LOW | — | 0 |
| CVE-2026-1321 The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.20. This is due to the `rcp_setup_registration_init()` fun... | 8.1 | HIGH | — | 0 |
| CVE-2025-66319 Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerability may affect service integrity. | 3.3 | LOW | — | 0 |
| CVE-2026-2743 Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-28536 Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | 9.6 | CRITICAL | — | 0 |
| CVE-2026-25702 A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SU... | 7.3 | HIGH | — | 0 |
| CVE-2026-1678 dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past th... | 9.4 | CRITICAL | — | 0 |
| CVE-2026-3072 The Media Library Assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mla_update_compat_fields_action() function in all versions ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-30777 EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication (MFA) bypass vulnerability. An attacker who has obtained a valid administrator ID and password may be able to bypass two-fac... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-2418 The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user (such as a... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-29128 IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components (e.g., zebra, bgpd, ospfd, and ripd) that are owned by root but world-readable. The config... | 10.0 | CRITICAL | — | 0 |
| CVE-2026-29053 Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in... | 7.6 | HIGH | — | 0 |
| CVE-2026-29052 The Calendar module for HumHub enables users to create one-time or recurring events, manage attendee invitations, and efficiently track all scheduled activities. Prior to version 1.8.11, a Stored Cros... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-28137 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows Reflected XSS.This issue affects... | 7.1 | HIGH | — | 0 |
| CVE-2026-28135 Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Accessing Functionality Not Properly Constrained by ACLs.This is... | 8.2 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.