CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2025-57644 Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting i... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-59344 AliasVault is a privacy-first password manager with built-in email aliasing. A server-side request forgery (SSRF) vulnerability exists in the favicon extraction feature of AliasVault API versions 0.23... | 7.7 | HIGH | — | 0 |
| CVE-2025-59427 The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by th... | N/A | NONE | — | 0 |
| CVE-2025-10721 A vulnerability was determined in Webull Investing & Trading App 11.2.5.63 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml. This manipulation causes improper export... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-10722 A vulnerability was detected in SKTLab Mukbee App 1.01.196 on Android. This affects an unknown function of the file AndroidManifest.xml of the component com.dw.android.mukbee. The manipulation results... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-54761 An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie. | 8.0 | HIGH | — | 0 |
| CVE-2025-54815 Server-side template injection (SSTI) vulnerability in PPress 0.0.9 allows attackers to execute arbitrary code via crafted themes. | 8.8 | HIGH | — | 0 |
| CVE-2022-4980 General Bytes Crypto Application Server (CAS) beginning with version 20201208 prior to 20220531.38 (backport) and 20220725.22 (mainline) contains an authentication bypass in the admin web interface. A... | N/A | NONE | — | 0 |
| CVE-2024-13990 MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on... | N/A | NONE | — | 0 |
| CVE-2025-26514 StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Reflected Cross-Site Scripting vulnerability. Successful exploit could allow an attacker to... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-26515 StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 without Single Sign-on enabled are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. Successful... | 7.5 | HIGH | — | 0 |
| CVE-2025-26516 StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Denial of Service vulnerability. Successful exploit could allow an unauthenticated attacker... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-26517 StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a privilege escalation vulnerability. Successful exploit could allow an unauthorized authenti... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-34188 Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local logging m... | 7.8 | HIGH | — | 0 |
| CVE-2025-34189 Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local ... | 7.8 | HIGH | — | 0 |
| CVE-2025-34190 Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 (macOS/Linux client deployments) are vulnerable to an authentication ... | 7.8 | HIGH | — | 0 |
| CVE-2025-34191 Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (macOS/Linux client deployments) contain an arbitrary file write vulnerability... | 8.4 | HIGH | — | 0 |
| CVE-2025-56762 Paracrawl KeOPs v2 is vulnerable to Cross Site Scripting (XSS) in error.php. | 6.1 | MEDIUM | — | 0 |
| CVE-2025-24694 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Pop-Up banners cm-pop-up-banners allows Reflected XSS.This issue affects... | N/A | NONE | — | 0 |
| CVE-2025-34192 Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 (macOS/Linux client deployments) are built against OpenSSL 1.0.2h-fip... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-34193 Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 include Windows client components (PrinterInstallerClientInterface.ex... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-34194 Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 (Windows client deployments) contain an insecure temporary-file handl... | 7.8 | HIGH | — | 0 |
| CVE-2025-34195 Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (Windows client deployments) contain a remote code execution vulnerability duri... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-34197 Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 (VA and SaaS deployments) contain an undocumented local user account named ubuntu... | 7.8 | HIGH | — | 0 |
| CVE-2025-34198 Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951 and Application prior to 20.0.2368 (VA and SaaS deployments) contain shared, hardcoded SSH host private keys in t... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-34200 Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) provision the appliance with the network account credentials in clear-text inside /etc/issue, and... | 7.8 | HIGH | — | 0 |
| CVE-2025-34201 Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) run many Docker containers on shared internal networks without firewalling or segmentation between... | 7.8 | HIGH | — | 0 |
| CVE-2025-34202 Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518 (VA and SaaS deployments) expose Docker internal networks in a way that allows an attac... | 8.8 | HIGH | — | 0 |
| CVE-2025-57396 Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation. This is due to the rework of the API, which resulted in the User Profile API Endpoint containing two boole... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-34203 Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1002 and Application versions prior to 20.0.2614 (VA and SaaS deployments) contain multiple Docker containers that in... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-34204 Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) contains multiple Docker containers that run primary application processes (for example PHP worker... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-34205 Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (VA and SaaS deployments) contains dangerous PHP dead code present in multiple... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-34206 Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) mount host configuration and secret material under /var/www/efs_storage into many Docker container... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-52159 Hardcoded credentials in default configuration of PPress 0.0.9. | 8.8 | HIGH | — | 0 |
| CVE-2025-59431 MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression chec... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-9079 Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.1, 10.9.x <= 10.9.3 fail to validate import directory path configuration which allows admin users to execute... | 8.0 | HIGH | — | 0 |
| CVE-2025-9081 Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using... | 3.1 | LOW | — | 0 |
| CVE-2025-10652 The Robcore Netatmo plugin for WordPress is vulnerable to SQL Injection via the ‘module_id’ attribute of the robcore-netatmo shortcode in all versions up to, and including, 1.7 due to insufficient esc... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-10002 The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to SQL Injection via the export_csv() function in all versions up to... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-10181 The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization an... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-10305 The Secure Passkeys plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_passkey() and passkeys_list() function in all versions up to, and includin... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-10489 The SureForms – Drag and Drop Contact Form Builder – Multi-step Forms, Conversational Forms and more plugin for WordPress is vulnerable to unauthorized creation of forms due to a missing capability ch... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-9949 The Internal Links Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the lin... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-10658 The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 3.3.7. This is due to missing rate limiti... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-9882 The osTicket WP Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on a function.... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-9883 The Browser Sniff plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on a function. This m... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-9887 The Custom Login And Signup Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in t... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-8079 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akıllı Ticaret Software Technologies Ltd. Co. Smart Trade E-Commerce allows Reflected XSS.T... | 4.6 | MEDIUM | — | 0 |
| CVE-2025-10741 A security vulnerability has been detected in Selleo Mentingo up to 2025.08.27. The affected element is an unknown function of the component Profile Picture Handler. The manipulation of the argument u... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-40925 Starch versions 0.14 and earlier generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and... | 9.1 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.