CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-5556 A security vulnerability has been detected in badlogic pi-mono up to 0.58.4. This vulnerability affects the function discoverAndLoadExtensions of the file packages/coding-agent/src/core/extensions/loa... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-6636 A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affected is the function Bun.serve of the file buildCache.js of the component API. Performing a manipulatio... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-6648 A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Internal Message Module. Performing a manipulation results in cross site scriptin... | 3.5 | LOW | — | 0 |
| CVE-2026-5557 A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affects some unknown processing of the file packages/mom/src/slack.ts of the component pi-mom Slack Bot. The manipulation resu... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5558 A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function of the file /pending-orders.php of the component Parameter Handler. This manipu... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5840 A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown function of the file /admin/check_availability.php. Performing a manipulation of the argument Username... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-5985 A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /crud.php. The manipulation of the argument user_Id results... | 7.3 | HIGH | — | 0 |
| CVE-2025-59023 Crafted delegations or IP fragments can poison cached delegations in Recursor. | 8.2 | HIGH | — | 0 |
| CVE-2025-59024 Crafted delegations or IP fragments can poison cached delegations in Recursor. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-0398 Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24027 Crafted zones can lead to increased incoming network traffic. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-32092 Insecure inherited permissions for some Intel(R) Graphics Software before version 25.30.1702.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary wi... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-4309 Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-4619 Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-4620 OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-4621 Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network. | 5.6 | MEDIUM | — | 0 |
| CVE-2026-4622 OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-33755 Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP `Contact/qu... | 8.8 | HIGH | — | 0 |
| CVE-2026-33906 Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file wit... | 7.2 | HIGH | — | 0 |
| CVE-2026-33907 Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing Authentication Response and Authentication Failure NAS message missing IEs. An attacker able to send... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-34451 Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in th... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-34452 The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the async local filesystem memory tool in the Anthropic Python SDK v... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-34533 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior (UB) in CIccCalculatorFunc::... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-34534 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow (HBO) in CIccMpeSpectral... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-34535 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a segmentation fault (SEGV) in CIccTagArray::Cl... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-34536 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack overflow (SO) in SIccCalcOp::ArgsUsed()... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-34540 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow (HBO) in icMemDump() whe... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-34541 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior (UB) via a null-pointer memb... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-34542 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack-buffer-overflow (SBO) in CIccCalculator... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-34546 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted TIFF input can trigger Undefined Behavior (UB) due to division by zero ... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-34547 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, an Undefined Behavior (UB) condition in IccUtil.cpp can be triggered by a crafted... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-34548 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) condition in the XML conversion tooling path ... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-34555 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a stack-buffer-overflow (SBO) in CIccTagFixedNum<>::GetValues() and a re... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-34556 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow (HBO) in icAnsiToUtf8() in the XML conversion pat... | 6.2 | MEDIUM | — | 0 |
| CVE-2016-20057 NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that allows local attackers to escalate privileges by exploiting the service binary p... | 7.8 | HIGH | — | 0 |
| CVE-2026-35478 InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1.2.7, any authenticated InvenTree user can create a valid API token attributed to any other user in the system — includi... | 8.3 | HIGH | — | 0 |
| CVE-2026-32218 Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-32219 Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2026-40322 SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to "loose", and the resulting SVG is injected into the ... | 9.0 | CRITICAL | — | 0 |
| CVE-2026-21719 An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command. | N/A | NONE | — | 0 |
| CVE-2026-40458 PAC4J is vulnerable to Cross-Site Request Forgery (CSRF). A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site reque... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-40459 PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP q... | 8.8 | HIGH | — | 0 |
| CVE-2026-39418 MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, sandbox network protection can be bypassed by using socket.sendto() with the MSG_FASTOPEN flag. This allows authentica... | 5.0 | MEDIUM | — | 0 |
| CVE-2026-39420 MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism allows an authenticated user with tool execution privileges to escape the L... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-39422 MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability through the application name or icon fields when creating an app... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-39423 MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Injection vulnerability in the Markdown rendering engine that allows any user capable of interacting with ... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-40901 DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerTr... | 8.8 | HIGH | — | 0 |
| CVE-2026-39424 MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administra... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-39419 MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame... | 3.1 | LOW | — | 0 |
| CVE-2026-39425 MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability that allows authenticated users to inject arbitrary HTML and Jav... | 5.4 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.