CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-3288 A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary co... | 8.8 | HIGH | — | 0 |
| CVE-2026-26982 Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 (Ctrl+C) in pasted and dropped text. These can be used to execute arbitrary commands in some shell environ... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-28431 Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data ... | 7.5 | HIGH | — | 0 |
| CVE-2026-28432 Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerab... | 7.5 | HIGH | — | 0 |
| CVE-2026-28433 Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' da... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-28493 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, an integer overflow vulnerability exists in the SIXEL decoer. The vulnerabili... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-28494 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow exists in ImageMagick's morphology kern... | 7.1 | HIGH | — | 0 |
| CVE-2026-28686 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, A heap-buffer-overflow vulnerability exists in the PCL encode d... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-28687 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap use-after-free vulnerability in ImageMagick's MSL decode... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-28688 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap-use-after-free vulnerability exists in the MSL encoder, ... | 4.0 | MEDIUM | — | 0 |
| CVE-2026-30929 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a speci... | 7.7 | HIGH | — | 0 |
| CVE-2026-30931 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, a heap-based buffer overflow in the UHDR encoder can happen due to truncation... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-30935 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, BilateralBlurImage contains a heap buffer over-read caused by an incorrect co... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-30936 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a crafted image could cause an out of bounds heap write inside ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-30937 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a 32-bit unsigned integer overflow in the XWD (X Windows) encod... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-31802 node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink ta... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-11158 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of a... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-13779 Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. | 8.3 | HIGH | — | 0 |
| CVE-2025-36105 IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables. | 4.4 | MEDIUM | — | 0 |
| CVE-2025-36173 Affected Product(s)Version(s)InfoSphere Data Architect9.2.1 | 6.1 | MEDIUM | — | 0 |
| CVE-2026-0489 Due to insufficient validation of user-controlled input in the URLs query parameter. SAP Business One Job Service could allow an unauthenticated attacker to inject specially crafted input which upon u... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-0953 The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that t... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1508 The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete them via a CSRF attack | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24309 Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the databa... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-24311 The SAP Customer Checkout application exhibits certain design characteristics that involve locally storing operational data using reversible protection mechanisms. Access to this data, combined with u... | 5.6 | MEDIUM | — | 0 |
| CVE-2026-24313 SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing system information to be disclosed. This vulner... | 5.0 | MEDIUM | — | 0 |
| CVE-2026-24316 SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerab... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-24317 SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated attacker could exploit this vulnerability by persuading a victim to place a mali... | 5.0 | MEDIUM | — | 0 |
| CVE-2026-27684 SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields. The applica... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-27685 SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content that, upon deserialization, could result in a high impact on the confidentialit... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-27686 Due to a Missing Authorization Check in SAP Business Warehouse (Service API), an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation ... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-27687 Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges could access sensitive data belonging to another company. This vulnerability has a ... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-27688 Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function mod... | 5.0 | MEDIUM | — | 0 |
| CVE-2026-27689 Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function... | 7.7 | HIGH | — | 0 |
| CVE-2026-28267 Multiple i-フィルター products are configured with improper file access permission settings. Files may be created or overwritten in the system directory or backup directory by a non-administrative user. | N/A | NONE | — | 0 |
| CVE-2026-28281 InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF tokens, which allows attackers grant moderator privileges to users, execute scheduled... | 7.1 | HIGH | — | 0 |
| CVE-2026-28512 Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. From 2.0.0 to before 2.4.0, a flaw in callback URL validation allowed crafted redirect_uri values ... | 7.1 | HIGH | — | 0 |
| CVE-2026-28513 Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.4.0, the OIDC token endpoint rejects an authorization code only when both the client ID... | 8.5 | HIGH | — | 0 |
| CVE-2026-29773 Kubewarden is a policy engine for Kubernetes. Kubewarden cluster operators can grant permissions to users to deploy namespaced AdmissionPolicies and AdmissionPolicyGroups in their Namespaces. One of K... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2364 If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability i... | 7.3 | HIGH | — | 0 |
| CVE-2026-30862 Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulnerability exists in the Table Widget (TableWidgetV2). The root cause is a lack of... | 9.0 | CRITICAL | — | 0 |
| CVE-2026-30918 facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , a reflected XSS occurs when an application receives data from an untrusted source and uses it in its HTTP... | 7.6 | HIGH | — | 0 |
| CVE-2026-30919 facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , stored XSS (also known as persistent or second-order XSS) occurs when an application receives data from a... | 7.6 | HIGH | — | 0 |
| CVE-2026-30920 OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled state and installation_id values and updates Project.g... | 8.6 | HIGH | — | 0 |
| CVE-2026-30921 OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed... | 9.9 | CRITICAL | — | 0 |
| CVE-2026-30925 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.0-alpha.14 and 8.6.11, a malicious client can subscribe to a LiveQuery with a craft... | 7.5 | HIGH | — | 0 |
| CVE-2025-41711 An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-30927 Admidio is an open-source user management solution. Prior to 5.0.6, in modules/events/events_function.php, the event participation logic allows any user who can participate in an event to register OTH... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4977 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | — | 0 |
| CVE-2025-11739 CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stre... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.