CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2025-49201 A weak authentication vulnerability in Fortinet FortiPAM 1.5.0, FortiPAM 1.4.0 through 1.4.2, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions... | 8.1 | HIGH | — | 0 |
| CVE-2025-54822 An improper authorization vulnerability [CWE-285] vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.11, FortiProxy 7.4.0 through 7.4.8, Fort... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-10406 The BlindMatrix e-Commerce WordPress plugin before 3.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users, s... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-2529 Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from (malicious) external parties in an unfil... | 2.9 | LOW | — | 0 |
| CVE-2025-25298 Strapi is an open source headless CMS. The @strapi/core package before version 5.10.3 does not enforce a maximum password length when using bcryptjs for password hashing. Bcryptjs ignores any bytes be... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-61922 PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout fe... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-61923 PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the backoffice is missing validation on input resulting in a directory t... | 4.1 | MEDIUM | — | 0 |
| CVE-2025-61924 PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking from backoffice due to wron... | 3.8 | LOW | — | 0 |
| CVE-2025-64056 File upload vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store arbitrary files on the filesystem. | 4.3 | MEDIUM | — | 0 |
| CVE-2017-20206 The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the `wpmudev_appointments` cookie. This ... | 9.8 | CRITICAL | — | 0 |
| CVE-2017-20207 The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the `pager ` parameter. This allows un... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-54957 An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evo_priv.c from the... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-53692 In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline Syzbot found the following issue: loop0: detected capacity... | N/A | NONE | — | 0 |
| CVE-2016-15048 AMTT Hotel Broadband Operation System (HiBOS) contains an unauthenticated command injection vulnerability in the /manager/radius/server_ping.php endpoint. The application constructs a shell command th... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-34758 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | — | 0 |
| CVE-2025-34759 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | — | 0 |
| CVE-2025-34760 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | — | 0 |
| CVE-2025-11965 In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorize... | 7.5 | HIGH | — | 0 |
| CVE-2025-62612 FastGPT is an AI Agent building platform. Prior to version 4.11.1, in the workflow file reading node, the network link is not security-verified, posing a risk of SSRF attacks. This issue has been patc... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-61413 A stored cross-site scripting (XSS) vulnerability in the /manager/pages component of Piranha CMS v12.0 allows attackers to execute arbitrary web scripts or HTML via creating a page and injecting a cra... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-11621 Vault and Vault Enterprise’s (“Vault”) AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard... | 8.1 | HIGH | — | 0 |
| CVE-2025-12044 Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|http... | 7.5 | HIGH | — | 0 |
| CVE-2025-62236 The Frontier Airlines website has a publicly available endpoint that validates if an email addresses is associated with an account. An unauthenticated, remote attacker could determine valid email addr... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-59500 Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network. | 7.7 | HIGH | — | 0 |
| CVE-2025-34761 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | — | 0 |
| CVE-2025-10145 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-7073. Reason: This candidate is a reservation duplicate of CVE-2023-7073. Notes: All CVE users should reference CVE... | N/A | NONE | — | 0 |
| CVE-2025-11374 Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-11375 Consul and Consul Enterprise’s (“Consul”) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixe... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-64131 Jenkins SAML Plugin 4.583.vc68232f7018a_ and earlier does not implement a replay cache, allowing attackers able to obtain information about the SAML authentication flow between a user's web browser an... | 7.5 | HIGH | — | 0 |
| CVE-2025-34762 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | — | 0 |
| CVE-2025-34763 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | — | 0 |
| CVE-2025-34764 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | — | 0 |
| CVE-2025-56558 The Dyson MQTT server (2022 and possibly later) allows publications and subscriptions by a client that has the correct values of AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN, and device... | 3.0 | LOW | — | 0 |
| CVE-2025-11200 MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not re... | 9.8 | CRITICAL | — | 0 |
| CVE-2008-6944 Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, t... | N/A | NONE | — | 0 |
| CVE-2008-6945 Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mv... | N/A | NONE | — | 0 |
| CVE-2025-63608 A SQL injection vulnerability exists in CSZ-CMS <=1.3.0 in the Form Builder view functionality. The vulnerability is located in the field parameter of the form viewing feature, allowing authenticated ... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-46603 Dell CloudBoost Virtual Appliance, versions 19.13.0.0 and prior, contains an Improper Restriction of Excessive Authentication Attempts vulnerability. An unauthenticated attacker with remote access cou... | 7.0 | HIGH | — | 0 |
| CVE-2025-62726 n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. Wh... | 8.8 | HIGH | — | 0 |
| CVE-2025-64096 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight Syst... | N/A | NONE | — | 0 |
| CVE-2025-52180 Cross-site scripting (XSS) vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/j... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-11191 The RealPress WordPress plugin before 1.1.0 registers the REST routes without proper permission checks, allowing the creation of pages and sending of emails from the site. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-58147 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Some Viridian hypercalls can specify a mask of vCPU IDs as an input, i... | 7.5 | HIGH | — | 0 |
| CVE-2025-58148 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Some Viridian hypercalls can specify a mask of vCPU IDs as an input, i... | 7.5 | HIGH | — | 0 |
| CVE-2025-11093 An arbitrary code execution vulnerability exists in multiple WSO2 products due to insufficient restrictions in the GraalJS and NashornJS Script Mediator engines. Authenticated users with elevated priv... | 8.4 | HIGH | — | 0 |
| CVE-2025-58149 When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory... | 7.5 | HIGH | — | 0 |
| CVE-2025-35021 By failing to authenticate three times to an unconfigured Abilis CPX device via SSH, an attacker can login to a restricted shell on the fourth attempt, and from there, relay connections. | 6.5 | MEDIUM | — | 0 |
| CVE-2008-6946 Cross-site scripting (XSS) vulnerability in manageproject.php in Collabtive 0.4.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via the project Name, which is not proper... | N/A | NONE | — | 0 |
| CVE-2025-20748 In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privi... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-61304 OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted ip address. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.