CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2024-22330 IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 5.9 | MEDIUM | — | 0 |
| CVE-2024-58114 Resource allocation control failure vulnerability in the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. | 4.0 | MEDIUM | — | 0 |
| CVE-2025-4964 The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the ‘table_name’ parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the ... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-48902 Vulnerability of uncontrolled system resource applications in the setting module Impact: Successful exploitation of this vulnerability may affect availability. | 6.6 | MEDIUM | — | 0 |
| CVE-2025-48903 Permission bypass vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect availability. | 7.8 | HIGH | — | 0 |
| CVE-2025-48904 Vulnerability that cards can call unauthorized APIs in the FRS process Impact: Successful exploitation of this vulnerability may affect availability. | 4.4 | MEDIUM | — | 0 |
| CVE-2025-48905 Wasm exception capture vulnerability in the arkweb v8 module Impact: Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types. | 8.1 | HIGH | — | 0 |
| CVE-2025-48906 Authentication bypass vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect availability. | 8.8 | HIGH | — | 0 |
| CVE-2025-48907 Deserialization vulnerability in the IPC module Impact: Successful exploitation of this vulnerability may affect availability. | 6.2 | MEDIUM | — | 0 |
| CVE-2025-48908 Ability Auto Startup service vulnerability in the foundation process Impact: Successful exploitation of this vulnerability may affect availability. | 6.7 | MEDIUM | — | 0 |
| CVE-2025-48909 Bypass vulnerability in the device management channel Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 7.1 | HIGH | — | 0 |
| CVE-2025-48910 Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerability may affect availability. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-50693 PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Insecure Direct Object Reference (IDOR) in odms/request-details.php. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-4966 The WP Online Users Stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation within the hk_dataset_re... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-5703 The StageShow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘anchor’ parameter in all versions up to, and including, 10.0.3 due to insufficient input sanitization and outpu... | 6.4 | MEDIUM | — | 0 |
| CVE-2008-6596 SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute arbitrary SQL commands via the hash parameter. NOTE: the provenance of this information is unknown... | N/A | NONE | — | 0 |
| CVE-2024-9993 The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_event_details_... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-50695 PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in /admin/view-booking-detail.php and /admin/invoice-generating.php. | 6.1 | MEDIUM | — | 0 |
| CVE-2024-9994 The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_pricing_item_t... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-5528 The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.7... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-5568 The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output es... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-5865 A vulnerability was found in RT-Thread 5.1.0. It has been rated as critical. Affected by this issue is the function sys_select of the file rt-thread/components/lwp/lwp_syscall.c of the component Param... | 8.0 | HIGH | — | 0 |
| CVE-2025-5866 A vulnerability classified as critical has been found in RT-Thread 5.1.0. This affects the function sys_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument... | 8.0 | HIGH | — | 0 |
| CVE-2025-5867 A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the arg... | 8.0 | HIGH | — | 0 |
| CVE-2025-5868 A vulnerability, which was classified as critical, has been found in RT-Thread 5.1.0. This issue affects the function sys_thread_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The man... | 8.0 | HIGH | — | 0 |
| CVE-2025-5869 A vulnerability, which was classified as critical, was found in RT-Thread 5.1.0. Affected is the function sys_recvfrom of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argum... | 8.0 | HIGH | — | 0 |
| CVE-2025-45055 Silverpeas 6.4.2 contains a stored cross-site scripting (XSS) vulnerability in the event management module. An authenticated user can upload a malicious SVG file as an event attachment, which, when vi... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-46178 Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a... | 6.1 | MEDIUM | — | 0 |
| CVE-2008-6597 Cross-site scripting (XSS) vulnerability in upload/install/index.php in PHCDownload 1.1 allows remote attackers to inject arbitrary web script or HTML via the step parameter. NOTE: the provenance of ... | N/A | NONE | — | 0 |
| CVE-2008-6598 Multiple race conditions in WANPIPE before 3.3.6 have unknown impact and attack vectors related to "bri restart logic." | N/A | NONE | — | 0 |
| CVE-2025-29627 An issue in KeeperChat IOS Application v.5.8.8 allows a physically proximate attacker to escalate privileges via the Biometric Authentication Module | 6.8 | MEDIUM | — | 0 |
| CVE-2025-46041 A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add)... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-49136 listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the `env` and `expandenv` template functions which is enabled by defau... | 9.0 | CRITICAL | — | 0 |
| CVE-2025-5896 A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manip... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-5897 A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-36580 Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with re... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-3076 The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_text’ parameter in all versions up to, and including, 3.29.0 due to insufficient inp... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-4840 The inprosysmedia-likes-dislikes-post WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticate... | 7.5 | HIGH | — | 0 |
| CVE-2025-4954 The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users (author and above) to upload arbitrary files such as PHP on the serv... | 8.8 | HIGH | — | 0 |
| CVE-2025-27817 A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the br... | 7.5 | HIGH | — | 0 |
| CVE-2025-27818 A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify connecto... | 8.8 | HIGH | — | 0 |
| CVE-2025-27819 In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apac... | 7.5 | HIGH | — | 0 |
| CVE-2025-43581 Substance3D - Sampler versions 5.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of th... | 7.8 | HIGH | — | 0 |
| CVE-2025-2918 The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 3.3.3 due to insufficient inp... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-4577 The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and includi... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-4774 The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-22455 A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials. | 8.8 | HIGH | — | 0 |
| CVE-2025-22463 A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password. | 7.3 | HIGH | — | 0 |
| CVE-2025-5353 A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials. | 8.8 | HIGH | — | 0 |
| CVE-2025-43588 Substance3D - Sampler versions 5.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of th... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.