CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2025-67840 Multiple authenticated OS command injection vulnerabilities exist in the Cohesity (formerly Stone Ram) TranZman 4.0 Build 14614 through TZM_1757588060_SEP2025_FULL.depot web application API endpoints ... | 7.2 | HIGH | — | 0 |
| CVE-2025-63912 Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to use a weak cryptography algorithm for data encryption, allowing attackers to trivially reverse the encyption and expose ... | 7.5 | HIGH | — | 0 |
| CVE-2025-63911 Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to contain an authenticated command injection vulnerability. | 7.2 | HIGH | — | 0 |
| CVE-2025-63910 An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploa... | 7.2 | HIGH | — | 0 |
| CVE-2025-63909 Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and write... | 7.2 | HIGH | — | 0 |
| CVE-2025-15599 DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-31044 An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the C... | 2.0 | LOW | — | 0 |
| CVE-2021-35486 A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifical... | 8.1 | HIGH | — | 0 |
| CVE-2021-35485 The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/applicati... | 8.0 | HIGH | — | 0 |
| CVE-2021-35484 Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the Vie... | 8.2 | HIGH | — | 0 |
| CVE-2021-35483 The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileuploa... | 4.1 | MEDIUM | — | 0 |
| CVE-2026-3136 An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vu... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-26886 Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /admin/services/manage_service.php. | 2.7 | LOW | — | 0 |
| CVE-2026-26885 Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/Master.php?f=delete_service. | 2.7 | LOW | — | 0 |
| CVE-2026-26884 Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/view_appointment.php. | 2.7 | LOW | — | 0 |
| CVE-2026-26883 Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/classes/Master.php?f=delete_appointment. | 2.7 | LOW | — | 0 |
| CVE-2025-62817 An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of session->ncp_hdr_buf in __pilot_parsing_ncp() causes a denial of ... | 7.5 | HIGH | — | 0 |
| CVE-2025-62816 An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. Unvalidated VS4L_VERTEXIOC_BOOTUP input leads to a denial of service. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-66680 An issue in the WiseDelfile64.sys component of WiseCleaner Wise Force Deleter 7.3.2 and earlier allows attackers to delete arbitrary files via a crafted request. | 7.1 | HIGH | — | 0 |
| CVE-2025-66363 An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages. | 7.5 | HIGH | — | 0 |
| CVE-2025-62815 An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of npu_proto_drv.ast.thread_ref in set_cpu_affinity() causes a denial of service... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-62814 An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of ft_handle in load_fw_utc_vector() causes a denial of service. | 7.5 | HIGH | — | 0 |
| CVE-2026-3465 A vulnerability was determined in Tuya App and SDK 24.07.11 on Android. Affected by this vulnerability is an unknown functionality of the component JSON Data Point Handler. This manipulation of the ar... | 3.1 | LOW | — | 0 |
| CVE-2026-2637 iBoysoft NTFS for Mac contains a local privilege escalation vulnerability in its privileged helper daemon ntfshelperd. The daemon exposes an NSConnection service that runs as root without implementing... | N/A | NONE | — | 0 |
| CVE-2026-28518 OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import dir... | 7.8 | HIGH | — | 0 |
| CVE-2026-25674 An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file sy... | 3.7 | LOW | — | 0 |
| CVE-2026-25673 An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. `URLField.to_python()` in Django calls `urllib.parse.urlsplit()`, which performs NFKC normalization on Windows th... | 7.5 | HIGH | — | 0 |
| CVE-2026-24103 A buffer overflow vulnerability was discovered in goform/formSetMacFilterCfg in Tenda AC15V1.0 V15.03.05.18_multi. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22891 A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted Intan CLP file can lead... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-20777 A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can lead to... | 8.1 | HIGH | — | 0 |
| CVE-2025-70821 renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component | 9.8 | CRITICAL | — | 0 |
| CVE-2025-64736 An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (5462afb0). A specially crafted .abf file can lead to an information... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-57622 An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loads(request.get_data()) component | 9.8 | CRITICAL | — | 0 |
| CVE-2025-52365 A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system... | 7.8 | HIGH | — | 0 |
| CVE-2026-3344 A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-3343 A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-3342 An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface. ... | 7.2 | HIGH | — | 0 |
| CVE-2026-3351 Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd ser... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3463 A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary_writer::append of the file source/detail/binary.hpp of the component Compound Document ... | 3.3 | LOW | — | 0 |
| CVE-2025-59060 Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions <= 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this i... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-59059 Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2568 The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and ... | 7.2 | HIGH | — | 0 |
| CVE-2026-22886 OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires authentication. However, the product ships with a default administrative account (admin/ admin) and does not enforce... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-15598 A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a... | 3.7 | LOW | — | 0 |
| CVE-2026-1876 Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denia... | N/A | NONE | — | 0 |
| CVE-2026-1875 Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP all versions allows a remote attacker to cause a denial-of-... | N/A | NONE | — | 0 |
| CVE-2026-1874 Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electri... | N/A | NONE | — | 0 |
| CVE-2025-15595 Privilege escalation via dll hijacking in Inno Setup 6.2.1 and ealier versions. | 7.8 | HIGH | — | 0 |
| CVE-2025-12345 A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a-p1. The affected element is the function agent_deploy_init of the file /agents/deploy/initiate.c of the component Agent... | 8.8 | HIGH | — | 0 |
| CVE-2026-3455 Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting (XSS) via the textToHtml() function due to the improper sanitisation of URLs in the email content. An attacker ca... | 6.1 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.