CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-20420 In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-20421 In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-20422 In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1751 A vulnerability has been discovered in GitLab CE/EE affecting all versions starting with 16.8 before 18.5.0 that could have allowed unauthorized edits to merge request approval rules under certain con... | 3.1 | LOW | — | 0 |
| CVE-2024-2356 A Local File Inclusion (LFI) vulnerability exists in the '/reinstall_extension' endpoint of the parisneo/lollms-webui application, specifically within the `name` parameter of the `@router.post("/reins... | N/A | NONE | — | 0 |
| CVE-2024-4147 In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to delete prompts created in other organizations through ID manipulation. The vulnerability... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-5386 In lunary-ai/lunary version 1.2.2, an account hijacking vulnerability exists due to a password reset token leak. A user with a 'viewer' role can exploit this vulnerability to hijack another user's acc... | 8.8 | HIGH | — | 0 |
| CVE-2024-5986 A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the `/3/Parse` endpoint to inject attacker-con... | N/A | NONE | — | 0 |
| CVE-2025-6208 The `SimpleDirectoryReader` component in `llama_index.core` version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-sp... | N/A | NONE | — | 0 |
| CVE-2025-14914 IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading ... | 7.6 | HIGH | — | 0 |
| CVE-2025-15395 IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-47358 Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently. | 7.8 | HIGH | — | 0 |
| CVE-2025-47359 Memory Corruption when multiple threads simultaneously access a memory free API. | 7.8 | HIGH | — | 0 |
| CVE-2025-47363 Memory corruption when calculating oversized partition sizes without proper checks. | 6.8 | MEDIUM | — | 0 |
| CVE-2025-47364 Memory corruption while calculating offset from partition start point. | 6.8 | MEDIUM | — | 0 |
| CVE-2025-47366 Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input. | 7.1 | HIGH | — | 0 |
| CVE-2025-47397 Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors. | 7.8 | HIGH | — | 0 |
| CVE-2026-22226 A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an atta... | 7.2 | HIGH | — | 0 |
| CVE-2026-22227 A command injection vulnerability may be exploited after the admin's authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could al... | 7.2 | HIGH | — | 0 |
| CVE-2025-12772 Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch ... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-1777 The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permiss... | 7.2 | HIGH | — | 0 |
| CVE-2026-1778 Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for r... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-24040 jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS method in the jspdf Node.js build utilizes a shared module-scoped variable (text) to store JavaScript content. When used in... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-24043 jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-24133 jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24471 continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the local server to sign an arbitrary event upon user interaction. Up... | N/A | NONE | — | 0 |
| CVE-2026-25144 Talishar is a fan-made Flesh and Blood project. A Stored XSS exists in the chat in-game system. The playerID parameter in SubmitChat.php and is saved without sanitization and executed whenever a user ... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-61648 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-61651 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-61650 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Ser... | N/A | NONE | — | 0 |
| CVE-2025-58379 Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local authenticated attacker to reveal command line passwords using commands that may expose higher privilege sensitive informatio... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-58382 A vulnerability in the secure configuration of authentication and management services in Brocade Fabric OS before Fabric OS 9.2.1c2 could allow an authenticated, remote attacker with administrative ... | 7.2 | HIGH | — | 0 |
| CVE-2025-58383 A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execu... | 7.2 | HIGH | — | 0 |
| CVE-2025-11261 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resourc... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-0950 The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.19.17. This is due to the plugi... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24694 The installer for Roland Cloud Manager ver.3.1.19 and prior insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the applicati... | N/A | NONE | — | 0 |
| CVE-2026-0617 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer profile fields in all versions up to, and includi... | 7.2 | HIGH | — | 0 |
| CVE-2026-1058 The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field values in all versions up to, and including, 1.15.35. This is due to insufficient output escaping when... | 7.1 | HIGH | — | 0 |
| CVE-2026-1065 The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.35. This is due to the plugin's default file upload allowlist inclu... | 7.2 | HIGH | — | 0 |
| CVE-2026-1210 The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_elementor_data' meta field in all versions up to, and including, 3.20.7 due to insufficient i... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1375 The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object References (IDOR) in all versions up to, and including, 3.9.5. This is due to missing ... | 8.1 | HIGH | — | 0 |
| CVE-2026-1591 Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, ... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-1592 Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary Jav... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-1730 The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'OS_DataHub_Maps_Admin::add_file_and_ext' function in all versions up to, ... | 8.8 | HIGH | — | 0 |
| CVE-2025-8456 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kod8 Software Technologies Trade Ltd. Co. Kod8 Individual and SME Website allows Reflected ... | 7.6 | HIGH | — | 0 |
| CVE-2025-8461 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Seres Software syWEB allows Reflected XSS.This issue affects syWEB: through 03022026. NOT... | 7.6 | HIGH | — | 0 |
| CVE-2025-41065 Stored Cross-Site Scripting (XSS) vulnerability type in LUNA software v7.5.5.6. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by inyecting a malicious payloa... | N/A | NONE | — | 0 |
| CVE-2025-59902 HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters... | N/A | NONE | — | 0 |
| CVE-2026-1664 Summary An Insecure Direct Object Reference has been found to exist in `createHeaderBasedEmailResolver()` function within the Cloudflare Agents SDK. The issue occurs because the `Message-ID` and `Ref... | N/A | NONE | — | 0 |
| CVE-2025-6397 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ankara Hosting Website Design Website Software allows Reflected XSS.This issue affects Webs... | 8.6 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.