CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2024-54957 Nagios XI 2024R1.2.2 is vulnerable to an open redirect flaw on the Tools page, exploitable by users with read-only permissions. This vulnerability allows an attacker to craft a malicious link that red... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-22952 elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-55160 GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the OrderBy parameter at /system/operLog/list. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-38290 In XIQ-SE before 24.2.11, a server misconfiguration may allow user enumeration when specific conditions are met. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-54173 IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled. | 4.7 | MEDIUM | — | 0 |
| CVE-2025-0823 IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request con... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-0975 IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters. | 8.8 | HIGH | — | 0 |
| CVE-2025-23225 IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-1744 Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before <5.9.9. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-25461 A Stored Cross-Site Scripting (XSS) vulnerability exists in SeedDMS 6.0.29. A user or rogue admin with the "Add Category" permission can inject a malicious XSS payload into the category name field. Wh... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-25476 A stored cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows a malicious user with elevated privileges to execute arbitrary Javascript code by specifying a malicious XSS payload as a noti... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-25478 The account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads to the disclosure of the web application s source code, exposi... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-25724 list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is... | 4.0 | MEDIUM | — | 0 |
| CVE-2025-1819 A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44. Affected is the function TendaTelnet of the file /goform/telnet. The manipulation of the argument lan_ip le... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-27583 Incorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify use... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-27584 A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via ... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-27585 A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via ... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-53382 Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can... | 4.9 | MEDIUM | — | 0 |
| CVE-2024-24778 Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know. This issue affects Apache StreamPipes: through 0.95.1. U... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-53386 Stage.js through 0.8.10 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowe... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-1854 A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/del_member.php. The manipulation of th... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-1855 A vulnerability was found in PHPGurukul Online Shopping Portal 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /product-details.php. The m... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-1856 A vulnerability was found in Codezips Gym Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /dashboard/admin/gen_invoice.php. The m... | 7.3 | HIGH | — | 0 |
| CVE-2025-1857 A vulnerability classified as critical has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file /check_availability.php. The manipulation of the... | 7.3 | HIGH | — | 0 |
| CVE-2025-1858 A vulnerability classified as critical was found in Codezips Online Shopping Website 1.0. This vulnerability affects unknown code of the file /success.php. The manipulation of the argument id leads to... | 7.3 | HIGH | — | 0 |
| CVE-2025-1864 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before <5.9.9. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-27094 Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-reset certain field configurations, leading ... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-27099 Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the tracker names used in the semantic timeframe deletion ... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-53387 A DOM Clobbering vulnerability in umeditor v1.2.3 allows attackers to execute arbitrary code via supplying a crafted HTML element. | 8.8 | HIGH | — | 0 |
| CVE-2024-53388 A DOM Clobbering vulnerability in mavo v0.3.2 allows attackers to execute arbitrary code via supplying a crafted HTML element. | 8.8 | HIGH | — | 0 |
| CVE-2024-57240 A Cross-Site Scripting (XSS) vulnerability in the Rendering Engine component in Apryse WebViewer v11.1 and earlier allows attackers to execute arbitrary code via a crafted PDF file. | 5.4 | MEDIUM | — | 0 |
| CVE-2025-0285 Various Paragon Software products contain an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which ... | 7.8 | HIGH | — | 0 |
| CVE-2025-0286 Various Paragon Software products contain an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which ca... | 8.4 | HIGH | — | 0 |
| CVE-2025-0287 Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker... | 5.1 | MEDIUM | — | 0 |
| CVE-2025-0288 Various Paragon Software products contain an arbitrary kernel memory vulnerability within biontdrv.sys, facilitated by the memmove function, which does not validate or sanitize user controlled input, ... | 7.8 | HIGH | — | 0 |
| CVE-2025-0289 Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware,... | 7.8 | HIGH | — | 0 |
| CVE-2023-49031 Directory Traversal (Local File Inclusion) vulnerability in Tikit (now Advanced) eMarketing platform 6.8.3.0 allows a remote attacker to read arbitrary files and obtain sensitive information via a cra... | 5.1 | MEDIUM | — | 0 |
| CVE-2025-26849 There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, and earlier and later versions. This key can be used to decrypt inventory files that contain sensitive information such as firewall... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-26320 t0mer BroadlinkManager v5.9.1 was discovered to contain an OS command injection vulnerability via the IP Address parameter at /device/ping. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-26182 An issue in xxyopen novel plus v.4.4.0 and before allows a remote attacker to execute arbitrary code via the PageController.java file | 6.5 | MEDIUM | — | 0 |
| CVE-2025-26136 A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-26319 FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-27411 REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3. | 5.4 | MEDIUM | — | 0 |
| CVE-2025-27412 REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting (XSS) on the page of AddOns. This vulnerability is fixed in... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-20206 A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device ... | 7.1 | HIGH | — | 0 |
| CVE-2025-20918 Out-of-bounds read in applying extra data of base content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-27622 Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read pe... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-27623 Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission to... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-27624 A cross-site request forgery (CSRF) vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets (e.g.... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-27625 In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (`\`) characters are considered safe, allowing attackers to perform phishing attacks by having users go to a Je... | 4.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.