CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2014-5399 SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2014-5407 Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) distur... | N/A | NONE | — | 0 |
| CVE-2014-5411 Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script o... | N/A | NONE | — | 0 |
| CVE-2014-5412 Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. | N/A | NONE | — | 0 |
| CVE-2014-5413 Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a crypt... | N/A | NONE | — | 0 |
| CVE-2014-5410 The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 1766-Lxxxxx A FRN controllers 7 and earlier and 1400 1766-Lxxxxx B FRN controllers before 15.001 allows remote attackers to cause ... | N/A | NONE | — | 0 |
| CVE-2014-5408 Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HT... | N/A | NONE | — | 0 |
| CVE-2014-5417 Cross-site scripting (XSS) vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified... | N/A | NONE | — | 0 |
| CVE-2014-5418 GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause... | N/A | NONE | — | 0 |
| CVE-2014-5419 GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key ac... | N/A | NONE | — | 0 |
| CVE-2026-40164 jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed (0x432A9843) for all JSON object hash table ope... | 7.5 | HIGH | — | 0 |
| CVE-2026-34257 Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the pag... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-34261 Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-34262 Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer | 5.0 | MEDIUM | — | 0 |
| CVE-2026-34264 During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-39418 MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, sandbox network protection can be bypassed by using socket.sendto() with the MSG_FASTOPEN flag. This allows authentica... | 5.0 | MEDIUM | — | 0 |
| CVE-2026-39420 MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism allows an authenticated user with tool execution privileges to escape the L... | 6.3 | MEDIUM | — | 0 |
| CVE-2014-5409 The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier fo... | N/A | NONE | — | 0 |
| CVE-2014-5400 The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file. | N/A | NONE | — | 0 |
| CVE-2014-5403 Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the netwo... | N/A | NONE | — | 0 |
| CVE-2014-5405 Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowle... | N/A | NONE | — | 0 |
| CVE-2015-1318 The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container). | N/A | NONE | — | 0 |
| CVE-2014-5406 The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote ... | N/A | NONE | — | 0 |
| CVE-2023-43626 Improper access control in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 7.5 | HIGH | — | 0 |
| CVE-2025-26555 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thorsten Ott Debug-Bar-Extender debug-bar-extender allows Reflected XSS.This issue affects Debug-B... | N/A | NONE | — | 0 |
| CVE-2025-26556 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zzmaster WP AntiDDOS wpantiddos allows Reflected XSS.This issue affects WP AntiDDOS: from n/a thro... | N/A | NONE | — | 0 |
| CVE-2025-26875 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce different-shipping-and-bill... | N/A | NONE | — | 0 |
| CVE-2025-26886 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PublishPress PublishPress Authors publishpress-authors allows SQL Injection.This issue affects Pub... | N/A | NONE | — | 0 |
| CVE-2025-26895 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in maennchen1.de m1.DownloadList m1downloadlist allows DOM-Based XSS.This issue affects m1.DownloadLi... | N/A | NONE | — | 0 |
| CVE-2025-26899 Cross-Site Request Forgery (CSRF) vulnerability in Recapture Cart Recovery and Email Marketing Recapture for WooCommerce recapture-for-woocommerce allows Cross Site Request Forgery.This issue affects ... | N/A | NONE | — | 0 |
| CVE-2025-26921 Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object Injection.This issue affects Booking and Rental Ma... | N/A | NONE | — | 0 |
| CVE-2025-26924 Improper Control of Generation of Code ('Code Injection') vulnerability in colabrio Ohio Extra ohio-extra allows Code Injection.This issue affects Ohio Extra: from n/a through <= 3.4.7. | N/A | NONE | — | 0 |
| CVE-2025-26961 Missing Authorization vulnerability in FRESHFACE Fresh Framework fresh-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Fresh Framework: from n/a through <=... | N/A | NONE | — | 0 |
| CVE-2025-26978 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in fs-code FS Poster fs-poster.This issue affects FS Poster: from n/a through <= 6.5.8. | N/A | NONE | — | 0 |
| CVE-2025-27281 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cookforweb All In Menu all-in-menu allows Blind SQL Injection.This issue affects All In Menu: from... | N/A | NONE | — | 0 |
| CVE-2025-30521 Cross-Site Request Forgery (CSRF) vulnerability in giangmd93 GP Back To Top gp-back-to-top allows Cross Site Request Forgery.This issue affects GP Back To Top: from n/a through <= 3.0. | N/A | NONE | — | 0 |
| CVE-2025-30522 Cross-Site Request Forgery (CSRF) vulnerability in Damian Orzol Contact Form 7 Material Design cf7-material-design allows Stored XSS.This issue affects Contact Form 7 Material Design: from n/a through... | N/A | NONE | — | 0 |
| CVE-2015-6867 The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914. | N/A | NONE | — | 0 |
| CVE-2023-43753 Improper conditions check in some Intel(R) Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access. | 5.3 | MEDIUM | — | 0 |
| CVE-2015-7928 eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended worksta... | N/A | NONE | — | 0 |
| CVE-2026-39422 MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability through the application name or icon fields when creating an app... | N/A | NONE | — | 0 |
| CVE-2026-39423 MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Injection vulnerability in the Markdown rendering engine that allows any user capable of interacting with ... | N/A | NONE | — | 0 |
| CVE-2026-39424 MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administra... | N/A | NONE | — | 0 |
| CVE-2026-34225 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and below contain a Blind Server Side Request Forgery in the functionality that allows... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-39419 MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame... | 3.1 | LOW | — | 0 |
| CVE-2026-39425 MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability that allows authenticated users to inject arbitrary HTML and Jav... | N/A | NONE | — | 0 |
| CVE-2016-7420 Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow co... | N/A | NONE | — | 0 |
| CVE-2026-39426 MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability where the frontend's MdRenderer.vue component parses custom <ifr... | N/A | NONE | — | 0 |
| CVE-2019-6285 The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML f... | N/A | NONE | — | 0 |
| CVE-2026-34984 External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in runtime/template/... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.