CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2025-15524 The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax_get_gallery_info() function in all versions up to, and includi... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1231 The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `js` Global Settings parameter in all versions up to, and incl... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1893 The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btn_label' parameter in the 'orbisius_random_name_generator' shortcode in all versions up ... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-26036 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26037 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26038 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26039 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26040 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26041 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26042 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-0724 The WPlyr Media Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_wplyr_accent_color' parameter in all versions up to, and including, 1.3.0 due to insufficient input sa... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-0815 The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and ... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-1215 The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.15. This is due to missing nonce validation when saving plugin configur... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1560 The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocks_Blocks' class. ... | 8.8 | HIGH | — | 0 |
| CVE-2026-1786 The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dg_tw_options' function in all versions up to, and including... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1804 The WDES Responsive Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wdes-popup-title' shortcode in all versions up to, and including, 1.3.6 due to insufficien... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1809 The HTML Tag Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.1 due to insufficient input sanitization a... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1827 The Flask Micro code-editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's codeflask shortcode in all versions up to, and including, 1.0.0 due to insufficient input... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1833 The WaMate Confirm – Order Confirmation plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a u... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-70314 webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1853 The BuddyHolis ListSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listsearch' shortcode in all versions up to, and including, 1.1 due to insufficient input ... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1885 The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sswpid' attribute of the 'sswp-slide' shortcode in all versions up to, and including, 1.1. This is due to in... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-15096 The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly va... | 8.8 | HIGH | — | 0 |
| CVE-2026-2295 The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_post_grid_load_more' func... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-10174 Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. PanCafe Pro allows Flooding.This issue affects PanCafe Pro: from < 3.3.2 through 23092025. | 8.3 | HIGH | — | 0 |
| CVE-2025-12073 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenti... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-12575 GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticate... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-14560 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authentic... | 7.3 | HIGH | — | 0 |
| CVE-2025-14592 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authentic... | 3.7 | LOW | — | 0 |
| CVE-2025-14594 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenti... | 3.5 | LOW | — | 0 |
| CVE-2025-7659 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal token... | 8.0 | HIGH | — | 0 |
| CVE-2025-8099 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthen... | 7.5 | HIGH | — | 0 |
| CVE-2026-0595 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authentic... | 7.3 | HIGH | — | 0 |
| CVE-2026-1456 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1458 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenti... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-56807 An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access, they can then exploit the vulnerability to obtain secret data. We ha... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-56808 A command injection vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerabi... | 7.8 | HIGH | — | 0 |
| CVE-2025-30266 A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (Do... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-30269 A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secre... | 8.1 | HIGH | — | 0 |
| CVE-2025-30276 An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have... | 8.8 | HIGH | — | 0 |
| CVE-2025-48723 A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We h... | 8.1 | HIGH | — | 0 |
| CVE-2025-48724 A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We h... | 8.1 | HIGH | — | 0 |
| CVE-2025-48725 A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory ... | 8.1 | HIGH | — | 0 |
| CVE-2025-52868 A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We h... | 8.1 | HIGH | — | 0 |
| CVE-2025-52869 A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We h... | 8.1 | HIGH | — | 0 |
| CVE-2025-52870 A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We h... | 8.1 | HIGH | — | 0 |
| CVE-2025-53598 A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (Do... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-54146 A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (Do... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-54147 A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (Do... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-54148 A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (Do... | 6.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.