CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-25930 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Layout-Based Form (LBF) printable view accepts `formid` and `visiti... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25929 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the document controller’s `patient_picture` context serves the patient’... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25927 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the DICOM viewer state API (e.g. upload or state save/load) accepts a ... | 7.1 | HIGH | — | 0 |
| CVE-2026-25746 OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be explo... | 8.8 | HIGH | — | 0 |
| CVE-2026-25743 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, users with the "Forms administration" role can fill questionnaires ("fo... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-25476 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in `library/auth.inc.php` runs only when `... | 7.5 | HIGH | — | 0 |
| CVE-2026-25220 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Message Center accepts the URL parameter `show_all=yes` and passes ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25164 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the REST API route table in `apis/routes/_rest_routes_standard.inc.php`... | 8.1 | HIGH | — | 0 |
| CVE-2026-24908 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Patient REST API endpoint allows ... | 9.9 | CRITICAL | — | 0 |
| CVE-2026-24890 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the patient portal signature e... | 8.1 | HIGH | — | 0 |
| CVE-2026-24487 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the FHIR CareTeam resource end... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24005 Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The ... | 0.0 | NONE | — | 0 |
| CVE-2026-23627 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any au... | 8.8 | HIGH | — | 0 |
| CVE-2026-3194 A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function send_transaction/get_private_key of the component RPC Server Master Passphrase Handler. This manipulation causes mi... | 4.5 | MEDIUM | — | 0 |
| CVE-2026-27850 Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are normally only accessible through the loc... | 7.5 | HIGH | — | 0 |
| CVE-2026-27795 LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery (SSRF) bypass exists in `RecursiveUrlLoader` in `@langchain/communi... | 4.1 | MEDIUM | — | 0 |
| CVE-2026-27794 LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable ... | 6.6 | MEDIUM | — | 0 |
| CVE-2026-27739 The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery (SSRF) vulnerability in the Ang... | N/A | NONE | — | 0 |
| CVE-2026-25554 OpenSIPS versions 3.1 before 3.6.4 containing the auth_jwt module (prior to commit 3822d33) contain a SQL injection vulnerability in the jwt_db_authorize() function in modules/auth_jwt/authorize.c whe... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-21902 An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-b... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-3193 A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an unknown function of the file /send_transaction. The manipulation results in cross-site request forgery. The attack may be performe... | 3.1 | LOW | — | 0 |
| CVE-2026-3192 A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function _authenticate of the file rpc_server_base.py of the component RPC Credential Handler. The manipulat... | 5.6 | MEDIUM | — | 0 |
| CVE-2026-3189 A weakness has been identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This vulnerability affects unknown code of the file /api/admin/common/files/download. Executing a manipulation of the ar... | 3.1 | LOW | — | 0 |
| CVE-2026-27849 Due to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for configuring devices inside the mesh netw... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-27738 The Angular SSR is a server-rise rendering tool for Angular applications. An Open Redirect vulnerability exists in the internal URL processing logic in versions on the 19.x branch prior to 19.2.21, th... | N/A | NONE | — | 0 |
| CVE-2026-27736 BigBlueButton is an open-source virtual classroom. In versions on the 3.x branch prior to 3.0.20, the string received with errorRedirectUrl lacks validation, using it directly in the respondWithRedire... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-27728 OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in `NetworkPathMonitor.performTraceroute()` allows any authenticated... | 9.9 | CRITICAL | — | 0 |
| CVE-2026-27727 mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote `factoryClassLocation` values, by whi... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-27706 Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery (SSRF) vulnerability has been identified in the "Add Link" feature. This flaw allows... | 7.7 | HIGH | — | 0 |
| CVE-2026-27705 Plane is an an open-source project management tool. Prior to version 1.2.2, the `ProjectAssetEndpoint.patch()` method in `apps/api/plane/app/views/asset/v2.py` (lines 579–593) performs a global asset ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-26717 An issue in OpenFUN Richie (LMS) in src/richie/apps/courses/api.py. The application used the non-constant time == operator for HMAC signature verification in the sync_course_run_from_request function.... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-20133 A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-20129 A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-20128 A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This v... | 7.5 | HIGH | — | 0 |
| CVE-2026-20127 A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, r... | 10.0 | CRITICAL | KEV | 0 |
| CVE-2026-20126 A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. This vulnerability is d... | 8.8 | HIGH | — | 0 |
| CVE-2026-20122 A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the atta... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-20107 A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local attacker to cause an affected device to reload unexpe... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20099 A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to perform ... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-20091 A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS)... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-20051 A vulnerability with the Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated, a... | 7.4 | HIGH | — | 0 |
| CVE-2026-20048 A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause a denial of ser... | 7.7 | HIGH | — | 0 |
| CVE-2026-20037 A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions ... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-20036 A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid administrative privileges to execute arbitrary comm... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-20033 A vulnerability in Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vul... | 7.4 | HIGH | — | 0 |
| CVE-2026-20010 A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the LLDP process to restart, which could cause an... | 7.4 | HIGH | — | 0 |
| CVE-2026-3206 Improper Resource Shutdown or Release vulnerability in KrakenD, SLU KrakenD-CE (CircuitBreaker modules), KrakenD, SLU KrakenD-EE (CircuitBreaker modules). This issue affects KrakenD-CE: before 2.13.1;... | N/A | NONE | — | 0 |
| CVE-2026-3188 A security flaw has been discovered in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This affects an unknown part of the file /api/admin/common/download/templates of the component API. Performing a ma... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-27848 Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user. This issue affects MR9600: 1.0.4.20... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-27847 Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can be... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.