CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-3422 U-Office Force developed by e-Excellence has a Insecure Deserialization vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server by sending maliciously crafted ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-20429 In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User i... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-20443 In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interacti... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-20444 In display, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User i... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-20445 In MDDP, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not ne... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-2584 A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending specially... | N/A | NONE | — | 0 |
| CVE-2025-30042 The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verificat... | 7.8 | HIGH | — | 0 |
| CVE-2025-50190 Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assoc_handle parameter with the /index.php script. This issue has been patch... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-50191 Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched i... | 7.2 | HIGH | — | 0 |
| CVE-2025-50192 Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injection in found in /main/webservices/registration.soap.php. This issue has been patched in version 1.11.... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-52482 Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious ... | 8.3 | HIGH | — | 0 |
| CVE-2025-58107 In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, e-m... | 7.5 | HIGH | — | 0 |
| CVE-2026-23600 A remote authentication bypass vulnerability exists in HPE AutoPass License Server (APLS). | N/A | NONE | — | 0 |
| CVE-2026-26884 Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/view_appointment.php. | 2.7 | LOW | — | 0 |
| CVE-2026-28403 Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server (`ws://127.0.0.1:<httpPort+1>`) accepts connections from any origin without validating the HTTP... | 7.6 | HIGH | — | 0 |
| CVE-2026-28412 Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-47371 Transient DOS when an LTE RLC packet with invalid TB is received by UE. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-47373 Memory Corruption when accessing buffers with invalid length during TA invocation. | 7.8 | HIGH | — | 0 |
| CVE-2025-47375 Memory corruption while handling different IOCTL calls from the user-space simultaneously. | 7.8 | HIGH | — | 0 |
| CVE-2025-47376 Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls. | 7.8 | HIGH | — | 0 |
| CVE-2025-47377 Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls. | 7.8 | HIGH | — | 0 |
| CVE-2025-47378 Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain. | 7.1 | HIGH | — | 0 |
| CVE-2026-0654 Improper input handling in the administration web interface on TP-Link Deco BE25 v1.0 allows crafted input to be executed as part of an OS command. An authenticated adjacent attacker may execute arbi... | 8.0 | HIGH | — | 0 |
| CVE-2026-0655 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TP-Link Deco BE25 v1.0 (web modules) allows authenticated adjacent attacker to read arbitrary files or c... | 8.0 | HIGH | — | 0 |
| CVE-2026-26704 sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_category.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-26705 sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_product.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-26706 sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_receipt.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-26707 sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_supplier.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-48577 In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privile... | 7.4 | HIGH | — | 0 |
| CVE-2025-48641 In multiple functions of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User intera... | 7.0 | HIGH | — | 0 |
| CVE-2025-48642 In jump_to_payload of payload.rs, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges n... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-48644 In multiple locations, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. Use... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-48645 In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privi... | 7.8 | HIGH | — | 0 |
| CVE-2025-48646 In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed... | 7.8 | HIGH | — | 0 |
| CVE-2026-0025 In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution ... | 8.4 | HIGH | — | 0 |
| CVE-2026-0026 In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any system permission due to a logic error in the code. This could lead to local escalation of privilege ... | 7.8 | HIGH | — | 0 |
| CVE-2026-0027 In smmu_detach_dev of arm-smmu-v3.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User int... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-0028 In __pkvm_host_share_guest of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privilege... | 8.4 | HIGH | — | 0 |
| CVE-2026-0029 In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. Us... | 8.4 | HIGH | — | 0 |
| CVE-2026-0030 In __host_check_page_state_range of mem_protect.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional executi... | 8.4 | HIGH | — | 0 |
| CVE-2026-26712 code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket-admin.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-3338 Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of A... | 7.5 | HIGH | — | 0 |
| CVE-2026-0754 An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if ... | N/A | NONE | — | 0 |
| CVE-2026-26886 Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /admin/services/manage_service.php. | 2.7 | LOW | — | 0 |
| CVE-2025-62815 An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of npu_proto_drv.ast.thread_ref in set_cpu_affinity() causes a denial of service... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-66363 An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages. | 7.5 | HIGH | — | 0 |
| CVE-2025-66680 An issue in the WiseDelfile64.sys component of WiseCleaner Wise Force Deleter 7.3.2 and earlier allows attackers to delete arbitrary files via a crafted request. | 7.1 | HIGH | — | 0 |
| CVE-2025-62816 An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. Unvalidated VS4L_VERTEXIOC_BOOTUP input leads to a denial of service. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-62817 An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of session->ncp_hdr_buf in __pilot_parsing_ncp() causes a denial of ... | 7.5 | HIGH | — | 0 |
| CVE-2026-26883 Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/classes/Master.php?f=delete_appointment. | 2.7 | LOW | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.