CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2025-57320 json-schema-editor-visual is a package that provides jsonschema editor. A Prototype Pollution vulnerability in the setData and deleteData function of json-schema-editor-visual versions thru 1.1.1 allo... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-57324 parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse version 5.3.0 and before allows attacker... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-59827 Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, the /api/admin/assign-badge endpoint lacks proper access control, allowing any authenticated user to assign high-privilege badges (e.... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-10449 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saysis Computer Systems Trade Ltd. Co. Saysis Web Portal allows Path Traversal.This issue affects Saysis... | 8.6 | HIGH | — | 0 |
| CVE-2025-59833 Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET /api/problems/:id returns challenge hints in plaintext within the question object, regardl... | 7.5 | HIGH | — | 0 |
| CVE-2025-10894 Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected version... | 9.6 | CRITICAL | — | 0 |
| CVE-2025-54520 Improper Protection Against Voltage and Clock Glitches in FPGA devices, could allow an attacker with physical access to undervolt the platform resulting in a loss of confidentiality. | N/A | NONE | — | 0 |
| CVE-2025-21056 Improper input validation in Retail Mode prior to version 5.59.4 allows self attackers to execute privileged commands on their own devices. | 6.6 | MEDIUM | — | 0 |
| CVE-2025-10438 Path Traversal: 'dir/../../filename' vulnerability in Yordam Information Technology Consulting Education and Electrical Systems Industry Trade Inc. Yordam Katalog allows Path Traversal.This issue affe... | 8.6 | HIGH | — | 0 |
| CVE-2025-10941 A vulnerability was determined in Topaz SERVCore Teller 2.14.0-RC2/2.14.1. Affected by this issue is some unknown functionality of the file SERVCoreTeller_2.0.40D.msi of the component Installer. Execu... | 7.8 | HIGH | — | 0 |
| CVE-2025-10943 A security flaw has been discovered in MikeCen WeChat-Face-Recognition up to 6e3f72bf8547d80b59e330f1137e4aa505f492c1. This vulnerability affects the function valid of the file wx.php. The manipulatio... | 3.5 | LOW | — | 0 |
| CVE-2025-10957 This vulnerability exists in the Syrotech SY-GPON-2010-WADONT router due to improper access control in its FTP service. A remote attacker could exploit this vulnerability by establishing an FTP connec... | N/A | NONE | — | 0 |
| CVE-2025-40698 SQL injection vulnerability in Prevengos v2.44 by Nedatec Consulting. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parame... | N/A | NONE | — | 0 |
| CVE-2025-60032 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-10944 A weakness has been identified in yi-ge get-header-ip up to 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15. This issue affects the function ip of the file ip.php. This manipulation of the argument callback ... | 3.5 | LOW | — | 0 |
| CVE-2025-10945 A security vulnerability has been detected in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. Impacted is an unknown function of the file d.php. Such manipulation of the argument hm lea... | 3.5 | LOW | — | 0 |
| CVE-2025-10946 A vulnerability was detected in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. The affected element is an unknown function of the file dy.php. Performing manipulation of the argument h... | 3.5 | LOW | — | 0 |
| CVE-2025-10467 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information S... | 8.9 | HIGH | — | 0 |
| CVE-2025-10948 A vulnerability has been found in MikroTik RouterOS 7. This affects the function parse_json_element of the file /rest/ip/address/print of the component libjson.so. The manipulation leads to buffer ove... | 8.8 | HIGH | — | 0 |
| CVE-2025-26278 A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | 7.5 | HIGH | — | 0 |
| CVE-2025-60033 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-25070 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ed atrero Album Reviewer albumreviewer allows Stored XSS.This issue affects Album Reviewer: from n... | N/A | NONE | — | 0 |
| CVE-2025-25083 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dave Lavoie EP4 More Embeds ep4-more-embeds allows Stored XSS.This issue affects EP4 More Embeds: ... | N/A | NONE | — | 0 |
| CVE-2025-25084 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antrouss UniTimetable unitimetable allows Stored XSS.This issue affects UniTimetable: from n/a thr... | N/A | NONE | — | 0 |
| CVE-2025-27261 Ericsson Indoor Connect 8855 contains an SQL injection vulnerability which if exploited can result in unauthorized disclosure or modification of data. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-57317 apidoc-core is the core parser library to generate apidoc result following the apidoc-spec. A Prototype Pollution vulnerability in the preProcess function of apidoc-core versions thru 0.15.0 allows at... | 7.5 | HIGH | — | 0 |
| CVE-2025-59422 Dify is an open-source LLM app development platform. In version 1.8.1, a broken access control vulnerability on the /console/api/apps/<APP_ID>chat-messages?conversation_id=<CONVERSATION_ID>&limit=10 e... | 3.1 | LOW | — | 0 |
| CVE-2025-59426 Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.130.1, the project's OIDC redirect handling logic constructs the host and protocol of the final redirect URL base... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-59831 git-commiters is a Node.js function module providing committers stats for their git repository. Prior to version 0.1.2, there is a command injection vulnerability in git-commiters. This vulnerability ... | 8.8 | HIGH | — | 0 |
| CVE-2025-59834 ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-59839 The EmbedVideo Extension is a MediaWiki extension which adds a parser function called #ev and various parser tags for embedding video clips from various video sharing services. In versions 4.0.0 and p... | 8.6 | HIGH | — | 0 |
| CVE-2020-36851 Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets (SSRF). Because the proxy forwards r... | N/A | NONE | — | 0 |
| CVE-2025-10949 A vulnerability was found in Changsha Developer Technology iView Editor up to 1.1.1. This impacts an unknown function of the component Markdown Handler. The manipulation results in cross site scriptin... | 2.4 | LOW | — | 0 |
| CVE-2025-10950 A vulnerability was determined in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected is the function log_handler of the file ml_logger/server.py of the component Ping Handler. T... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-10951 A vulnerability was identified in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this vulnerability is the function log_handler of the file ml_logger/server.py. Such mani... | 7.3 | HIGH | — | 0 |
| CVE-2025-27262 Ericsson Indoor Connect 8855 contains a command injection vulnerability which if exploited can result in an escalation of privileges. | 7.8 | HIGH | — | 0 |
| CVE-2025-40836 Ericsson Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can allow an attacker to execute commands with escalated privileges. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-40837 Ericsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than intended. | 8.8 | HIGH | — | 0 |
| CVE-2025-40838 Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information. | 7.5 | HIGH | — | 0 |
| CVE-2025-46148 In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-46149 In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-46150 In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-46152 In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-46153 PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d,... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-55551 An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation. | 7.5 | HIGH | — | 0 |
| CVE-2023-34298 Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secur... | N/A | NONE | — | 0 |
| CVE-2023-34299 Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of A... | N/A | NONE | — | 0 |
| CVE-2023-34300 Ashlar-Vellum Cobalt XE File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations o... | N/A | NONE | — | 0 |
| CVE-2023-34301 Ashlar-Vellum Cobalt CO File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations o... | N/A | NONE | — | 0 |
| CVE-2023-51551 Foxit PDF Reader AcroForm Signature Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Read... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.