CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2025-61301 Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 (commit 52e4b43, on 2025-05-17) allows attackers who can submit samples to cause incomplete or missing behavioral analysi... | 7.5 | HIGH | — | 0 |
| CVE-2025-61303 Hatching Triage Sandbox Windows 10 build 2004 (2025-08-14) and Windows 10 LTSC 2021(2025-08-14) contains a vulnerability in its Windows behavioral analysis engine that allows a submitted malware sampl... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-62656 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki GlobalBlocking extension allows Stored XSS.This issue af... | N/A | NONE | — | 0 |
| CVE-2025-62657 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki PageForms extension allows Stored XSS.This issue affects... | N/A | NONE | — | 0 |
| CVE-2025-62658 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki WatchAnalytics extension allows SQL Injection.This issue affect... | N/A | NONE | — | 0 |
| CVE-2025-11536 The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 8.2.5 via the wp_ajax_import_elementor_template acti... | 5.0 | MEDIUM | — | 0 |
| CVE-2025-62677 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-62678 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-62679 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-62680 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-62681 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-62682 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-62683 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-62684 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-62695 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Stored XSS.This issue affe... | N/A | NONE | — | 0 |
| CVE-2025-62696 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in The Wikimedia Foundation Mediawiki Foundation - Springboard Extension allows Command Injection.This... | N/A | NONE | — | 0 |
| CVE-2025-60933 Multiple stored cross-site scripting (XSS) vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML v... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-62699 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - Translate Extension allows Footprinting. Translate extension appears to use jobs to mak... | N/A | NONE | — | 0 |
| CVE-2025-62694 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - WikiLove Extension allows Stored XSS.This issue affect... | N/A | NONE | — | 0 |
| CVE-2025-62701 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Wikistories allows Stored XSS.This issue affects Media... | N/A | NONE | — | 0 |
| CVE-2025-62702 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - PageTriage Extension allows Stored XSS.This issue affe... | N/A | NONE | — | 0 |
| CVE-2025-10916 The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary ... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-11949 EasyFlow .NET and EasyFlow AiNet, developed by Digiwin, has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to obtain database administrator credentials via a specifi... | 7.5 | HIGH | — | 0 |
| CVE-2025-12004 Incorrect Permission Assignment for Critical Resource vulnerability in The Wikimedia Foundation Mediawiki - Lockdown Extension allows Privilege Abuse. Fixed in Mediawiki Core Action APIThis issue affe... | N/A | NONE | — | 0 |
| CVE-2025-10612 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in giSoft Information Technologies City Guide allows Reflected XSS.This issue affects City Gui... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-11151 Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and Tr... | 8.2 | HIGH | — | 0 |
| CVE-2025-56450 Log2Space Subscriber Management Software 1.1 is vulnerable to unauthenticated SQL injection via the `lead_id` parameter in the `/l2s/api/selfcareLeadHistory` endpoint. A remote attacker can exploit th... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-60511 Moodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Insecure Direct Object Reference (IDOR) vulnerability due to insufficient validation of the blockId parameter in /blocks/openai_chat/... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-62518 astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle addition... | 8.1 | HIGH | — | 0 |
| CVE-2025-11757 The CloudEdge Cloud does not sanitize the MQTT topic input, which could allow an attacker to leverage the MQTT wildcard to receive all the messages that should be delivered to other users by subscribi... | N/A | NONE | — | 0 |
| CVE-2025-60507 Cross site scripting vulnerability in Moodle GeniAI plugin (local_geniai) 2.3.6. An authenticated user with Teacher role can upload a PDF containing embedded JavaScript. The assistant outputs a direct... | 8.9 | HIGH | — | 0 |
| CVE-2025-61457 code16 Sharp v9.6.6 is vulnerable to Cross Site Scripting (XSS) src/Form/Fields/SharpFormUploadField.php. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-7007 Sciener server does not validate connection requests from the GatewayG2, allowing an impersonation attack that provides the attacker the unlockKey field. | 8.2 | HIGH | — | 0 |
| CVE-2007-2447 The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the... | N/A | NONE | — | 0 |
| CVE-2025-30510 An attacker can upload an arbitrary file instead of a plant image. | 9.8 | CRITICAL | — | 0 |
| CVE-2009-2260 stardict 3.0.1, when Enable Net Dict is configured, sends the contents of the clipboard to a dictionary server, which allows remote attackers to obtain sensitive information by sniffing the network. | N/A | NONE | — | 0 |
| CVE-2010-4756 The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not m... | N/A | NONE | — | 0 |
| CVE-2025-30512 Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely (e.g., on/off). | 6.5 | MEDIUM | — | 0 |
| CVE-2019-1388 An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability... | 7.8 | HIGH | KEV | 0 |
| CVE-2012-1987 Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with ... | N/A | NONE | — | 0 |
| CVE-2012-5887 The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with e... | N/A | NONE | — | 0 |
| CVE-2018-5430 The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with M... | 8.8 | HIGH | KEV | 0 |
| CVE-2024-21781 Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to enable information disclosure or denial of service via local access. | 7.2 | HIGH | — | 0 |
| CVE-2016-7037 The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attack... | N/A | NONE | — | 0 |
| CVE-2024-21829 Improper input validation in UEFI firmware error handler for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 7.5 | HIGH | — | 0 |
| CVE-2016-7406 Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument. | N/A | NONE | — | 0 |
| CVE-2025-30523 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marcel-NL Super Simple Subscriptions super-simple-subscriptions allows SQL Injection.This issue af... | N/A | NONE | — | 0 |
| CVE-2025-30525 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ProfitShare.ro WP Profitshare wp-profitshare allows SQL Injection.This issue affects WP Profitshar... | N/A | NONE | — | 0 |
| CVE-2025-30526 Cross-Site Request Forgery (CSRF) vulnerability in lucksy Typekit plugin for WordPress typekit allows Cross Site Request Forgery.This issue affects Typekit plugin for WordPress: from n/a through <= 1.... | N/A | NONE | — | 0 |
| CVE-2025-30527 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codetoolbox My Bootstrap Menu my-bootstrap-menu allows Stored XSS.This issue affects My Bootstrap ... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.