CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-7343 Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM... | 7.5 | HIGH | — | 0 |
| CVE-2026-7344 Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a cra... | 8.8 | HIGH | — | 0 |
| CVE-2026-7345 Insufficient validation of untrusted input in Feedback in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox esca... | 8.3 | HIGH | — | 0 |
| CVE-2026-7349 Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium sec... | 7.5 | HIGH | — | 0 |
| CVE-2026-7350 Use after free in WebMIDI in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (... | 8.3 | HIGH | — | 0 |
| CVE-2025-20890 Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggerin... | 7.0 | HIGH | — | 0 |
| CVE-2024-13472 The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.9.4. This is due to the software allowing users to ex... | 7.3 | HIGH | — | 0 |
| CVE-2024-12037 The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin'... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-12415 The The AI Infographic Maker plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.9.0. This is due to the software allowing users to execute an a... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-13662 The eHive Objects Image Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ehive_objects_image_grid' shortcode in all versions up to, and including, 2.4.1 due to ... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-24827 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378. | N/A | NONE | — | 0 |
| CVE-2025-24828 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378. | N/A | NONE | — | 0 |
| CVE-2025-24829 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378. | N/A | NONE | — | 0 |
| CVE-2025-24749 Cross-Site Request Forgery (CSRF) vulnerability in Overt Software Solutions LTD EZPZ SAML SP Single Sign On (SSO) allows Cross Site Request Forgery. This issue affects EZPZ SAML SP Single Sign On (SSO... | 7.1 | HIGH | — | 0 |
| CVE-2025-23001 A Host header injection vulnerability exists in CTFd 3.7.5, due to the application failing to properly validate or sanitize the Host header. An attacker can manipulate the Host header in HTTP requests... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-0934 A vulnerability was found in code-projects Job Recruitment 1.0. It has been classified as problematic. This affects an unknown part of the file /parse/_call_job_search_ajax.php. The manipulation of th... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-24891 Dumb Drop is a file upload application. Users with permission to upload to the service are able to exploit a path traversal vulnerability to overwrite arbitrary system files. As the container runs as ... | 9.6 | CRITICAL | — | 0 |
| CVE-2024-13651 The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_deactivate() function in all ver... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-51534 Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauth... | 7.1 | HIGH | — | 0 |
| CVE-2024-53296 Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially explo... | 2.7 | LOW | — | 0 |
| CVE-2024-53295 Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vul... | 7.8 | HIGH | — | 0 |
| CVE-2024-11829 The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Widget's searchabl... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-13341 The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to SQL Injection via the 'data-id' parameter in all versions up to, and including, 4.1.11 due to ins... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-0939 The MagicForm plugin for WordPress is vulnerable to access and modification of data due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 1.6.2. This mak... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-12825 The Custom Related Posts plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on three AJAX actions in all versions up to, and including, ... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-13371 The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized arbitrary emails sending due to a missing capability check on the ... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-13372 The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 vi... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-13425 The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 vi... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-13428 The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 vi... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-13429 The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 vi... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-0943 A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file deldoc.php. The manipulation of the arg... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-13612 The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'better_messages_live_c... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-0944 A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file customerview.php. The manipulation of t... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-0945 A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file typedelete.php. The manipulation of the argument id l... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-0946 A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file templatedelete.php. The manipul... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-0131 NVIDIA GPU kernel driver for Windows and Linux contains a vulnerability where a potential user-mode attacker could read a buffer with an incorrect length. A successful exploit of this vulnerability m... | 4.4 | MEDIUM | — | 0 |
| CVE-2025-0974 A vulnerability was determined in MaxD Lightning Module 4.43/4.44 on OpenCart. This issue affects some unknown processing. Executing a manipulation of the argument li_op/md can lead to deserialization... | 5.0 | MEDIUM | — | 0 |
| CVE-2024-20141 In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional ... | 6.6 | MEDIUM | — | 0 |
| CVE-2024-20142 In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional ... | 6.6 | MEDIUM | — | 0 |
| CVE-2025-20638 In DA, there is a possible read of uninitialized heap data due to uninitialized data. This could lead to local information disclosure, if an attacker has physical access to the device, with no additio... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-20639 In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional exe... | 6.6 | MEDIUM | — | 0 |
| CVE-2025-20640 In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execu... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-20641 In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional exe... | 6.6 | MEDIUM | — | 0 |
| CVE-2025-20642 In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional exe... | 6.6 | MEDIUM | — | 0 |
| CVE-2025-20643 In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has... | 3.9 | LOW | — | 0 |
| CVE-2024-57966 libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive. | 5.0 | MEDIUM | — | 0 |
| CVE-2026-7351 Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium sec... | 3.1 | LOW | — | 0 |
| CVE-2024-43333 Incorrect Privilege Assignment vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Privilege Escalation. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7... | 7.5 | HIGH | — | 0 |
| CVE-2026-7352 Use after free in Media in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM... | 8.3 | HIGH | — | 0 |
| CVE-2026-7356 Use after free in Navigation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.