CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2025-34819 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | — | 0 |
| CVE-2025-56085 OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in ... | 8.8 | HIGH | — | 0 |
| CVE-2025-56086 OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in ... | 8.8 | HIGH | — | 0 |
| CVE-2025-56087 OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the run_tcpdump in file /usr/lib/lua/luci/controller/admin... | 8.8 | HIGH | — | 0 |
| CVE-2025-66918 edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting (XSS) in admin/add-session.php via the "title" parameter. | 8.8 | HIGH | — | 0 |
| CVE-2025-14534 A vulnerability was determined in UTT 进取 512W up to 3.1.7.7-171114. This impacts the function strcpy of the file /goform/formNatStaticMap of the component Endpoint. Executing manipulation of the argum... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-56096 OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the restart_modules in file /usr/lib/lua/luci/controller/a... | 8.8 | HIGH | — | 0 |
| CVE-2025-56107 OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the submit_wifi in file /usr/lib/lua/luci/controller/admin... | 8.8 | HIGH | — | 0 |
| CVE-2025-56111 OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the network_set_wan_conf in file /usr/lib/lua/luci/controll... | 8.8 | HIGH | — | 0 |
| CVE-2025-56114 OS Command Injection vulnerability in Ruijie M18 EW_3.0(1)B11P226_M18_10223116 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_... | 8.8 | HIGH | — | 0 |
| CVE-2025-56117 OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nb... | 8.8 | HIGH | — | 0 |
| CVE-2025-56118 OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local... | 8.8 | HIGH | — | 0 |
| CVE-2025-34820 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | — | 0 |
| CVE-2025-34821 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | — | 0 |
| CVE-2023-53916 Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as ... | 4.6 | MEDIUM | — | 0 |
| CVE-2023-53917 Affiliate Me version 5.0.1 contains a SQL injection vulnerability in the admin.php endpoint that allows authenticated administrators to manipulate database queries. Attackers can exploit the 'id' para... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-53918 PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the episode title field accessible through the episodes upload interface (episodes_upload.php). Malicious JavaScript payl... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-53919 PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface (theme_freebox.php). Malicious JavaScript ... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-53920 PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the podcast title field accessible through the podcast details interface (podcast_details.php). Malicious JavaScript payl... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-53921 SitemagicCMS 4.4.3 contains a remote code execution vulnerability that allows attackers to upload malicious PHP files to the files/images directory. Attackers can upload a .phar file with system comma... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-47325 Information disclosure while processing system calls with invalid parameters. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-53922 TinyWebGallery v2.5 contains a remote code execution vulnerability in the admin upload functionality that allows unauthenticated attackers to upload malicious PHP files. Attackers can upload .phar fil... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-53925 UliCMS 2023.1 contains a stored cross-site scripting vulnerability that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the file... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-53926 PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads throug... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-53927 PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sec... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-53928 PHPFusion 9.10.30 contains a stored cross-site scripting vulnerability in the file manager that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload SVG files ... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-53929 phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile names. Attackers can modify their user profile name with a payloa... | 8.8 | HIGH | — | 0 |
| CVE-2025-47350 Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application. | 7.8 | HIGH | — | 0 |
| CVE-2025-34850 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | — | 0 |
| CVE-2023-53930 ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can ac... | 7.5 | HIGH | — | 0 |
| CVE-2023-53931 Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-53932 Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through blog entry creation. Attackers can craft entries with JavaScr... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-53933 Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command ... | 8.8 | HIGH | — | 0 |
| CVE-2025-14836 A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/user_save.php of the component User Data Storage Module. This manipulation causes clear... | 2.7 | LOW | — | 0 |
| CVE-2025-14837 A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of t... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-68460 Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer. | 7.2 | HIGH | — | 0 |
| CVE-2025-47372 Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication. | 9.0 | CRITICAL | — | 0 |
| CVE-2025-14874 A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser. | 7.5 | HIGH | — | 0 |
| CVE-2025-64997 Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-40891 A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially ... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-40892 A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a mali... | 8.9 | HIGH | — | 0 |
| CVE-2025-40893 A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network ... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-40898 A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading... | 8.1 | HIGH | — | 0 |
| CVE-2025-65000 SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk <= 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-14744 Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnera... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-14860 Use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 146.0.1. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-14861 Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.... | 8.8 | HIGH | — | 0 |
| CVE-2025-1029 Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.This issue affects SoliClub: from 5.2.4 before 5.3.7. | 7.5 | HIGH | — | 0 |
| CVE-2025-1030 Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information.This issue affects SoliClub: from 5.2.4... | 7.5 | HIGH | — | 0 |
| CVE-2025-1031 Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse.This issue affects SoliClub: from 5.2.4 before 5.3.7. | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.