CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2025-52919 In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-47298 An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including the... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-6328 A vulnerability was found in D-Link DIR-815 1.01. It has been declared as critical. This vulnerability affects the function sub_403794 of the file hedwig.cgi. The manipulation leads to stack-based buf... | 8.8 | HIGH | — | 0 |
| CVE-2025-4981 Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to wr... | 9.9 | CRITICAL | — | 0 |
| CVE-2025-6334 A vulnerability has been found in D-Link DIR-867 1.0 and classified as critical. This vulnerability affects the function strncpy of the component Query String Handler. The manipulation leads to stack-... | 8.8 | HIGH | — | 0 |
| CVE-2025-4102 The Beaver Builder Plugin (Starter Version) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_enabled_icons' function in all versions up to,... | 7.2 | HIGH | — | 0 |
| CVE-2025-6336 A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formTmultiAP of the component HTTP POST Re... | 8.8 | HIGH | — | 0 |
| CVE-2024-53298 Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit thi... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-32753 Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains an improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability. A low privileged attacker with... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-32876 An issue was discovered on COROS PACE 3 devices through 3.0808.0. The BLE implementation of the COROS smartwatch does not support LE Secure Connections and instead enforces BLE Legacy Pairing. In BLE ... | 6.8 | MEDIUM | — | 0 |
| CVE-2025-32877 An issue was discovered on COROS PACE 3 devices through 3.0808.0. It identifies itself as a device without input or output capabilities, which results in the use of the Just Works pairing method. This... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-32878 An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. This function is mainly for downloading firmware files. Before downloading fi... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-32879 An issue was discovered on COROS PACE 3 devices through 3.0808.0. It starts advertising if no device is connected via Bluetooth. This allows an attacker to connect with the device via BLE if no other ... | 8.8 | HIGH | — | 0 |
| CVE-2025-32880 An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. With WLAN access, the COROS Pace 3 downloads firmware files via HTTP. However... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-48705 An issue was discovered in COROS PACE 3 through 3.0808.0. Due to a NULL pointer dereference vulnerability, sending a crafted BLE message forces the device to reboot. | 7.5 | HIGH | — | 0 |
| CVE-2025-48706 An issue was discovered in COROS PACE 3 through 3.0808.0. Due to an out-of-bounds read vulnerability, sending a crafted BLE message forces the device to reboot. | 9.1 | CRITICAL | — | 0 |
| CVE-2025-3227 Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing ... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-3228 Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly retrieve requestorInfo from playbooks handler for guest users which allow... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-46179 A SQL Injection vulnerability was discovered in the askquery.php file of CloudClassroom-PHP Project v1.0. The squeryx parameter accepts unsanitized input, which is passed directly into backend SQL que... | 9.8 | CRITICAL | — | 0 |
| CVE-2013-1019 Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. | N/A | NONE | — | 0 |
| CVE-2025-44203 In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoin... | 7.5 | HIGH | — | 0 |
| CVE-2025-45890 Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter | 9.8 | CRITICAL | — | 0 |
| CVE-2025-44635 There are multiple unauthorized remote command execution vulnerabilities in the H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W, NR1200W series routers before ERG2AW-MNW100-R1117; H3C ER3100G2, ER3200... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-6361 A vulnerability classified as critical was found in code-projects Simple Pizza Ordering System 1.0. This vulnerability affects unknown code of the file /adds.php. The manipulation of the argument user... | 7.3 | HIGH | — | 0 |
| CVE-2025-6362 A vulnerability, which was classified as critical, has been found in code-projects Simple Pizza Ordering System 1.0. This issue affects some unknown processing of the file /editpro.php. The manipulati... | 7.3 | HIGH | — | 0 |
| CVE-2025-6363 A vulnerability, which was classified as critical, was found in code-projects Simple Pizza Ordering System 1.0. Affected is an unknown function of the file /adding-exec.php. The manipulation of the ar... | 7.3 | HIGH | — | 0 |
| CVE-2025-6364 A vulnerability has been found in code-projects Simple Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /adduser-exec.php. T... | 7.3 | HIGH | — | 0 |
| CVE-2025-6367 A vulnerability was found in D-Link DIR-619L 2.06B01. It has been declared as critical. This vulnerability affects unknown code of the file /goform/formSetDomainFilter. The manipulation of the argumen... | 8.8 | HIGH | — | 0 |
| CVE-2025-6368 A vulnerability was found in D-Link DIR-619L 2.06B01. It has been rated as critical. This issue affects the function formSetEmail of the file /goform/formSetEmail. The manipulation of the argument cur... | 8.8 | HIGH | — | 0 |
| CVE-2025-6369 A vulnerability classified as critical has been found in D-Link DIR-619L 2.06B01. Affected is the function formdumpeasysetup of the file /goform/formdumpeasysetup. The manipulation of the argument cur... | 8.8 | HIGH | — | 0 |
| CVE-2025-6370 A vulnerability classified as critical was found in D-Link DIR-619L 2.06B01. Affected by this vulnerability is the function formWlanGuestSetup of the file /goform/formWlanGuestSetup. The manipulation ... | 8.8 | HIGH | — | 0 |
| CVE-2025-6371 A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.06B01. Affected by this issue is the function formSetEnableWizard of the file /goform/formSetEnableWizard. The ma... | 8.8 | HIGH | — | 0 |
| CVE-2025-6372 A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.06B01. This affects the function formSetWizard1 of the file /goform/formSetWizard1. The manipulation of the argument c... | 8.8 | HIGH | — | 0 |
| CVE-2025-6373 A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. This vulnerability affects the function formSetWizard1 of the file /goform/formWlSiteSurvey. The manipulation of t... | 8.8 | HIGH | — | 0 |
| CVE-2025-5475 Sony XAV-AX8500 Bluetooth Packet Handling Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX85... | 7.5 | HIGH | — | 0 |
| CVE-2025-5476 Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Aut... | 8.8 | HIGH | — | 0 |
| CVE-2025-5477 Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony... | 7.5 | HIGH | — | 0 |
| CVE-2025-5478 Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of... | N/A | NONE | — | 0 |
| CVE-2025-5479 Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected inst... | N/A | NONE | — | 0 |
| CVE-2025-5820 Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentic... | 8.8 | HIGH | — | 0 |
| CVE-2025-6374 A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. This issue affects the function formSetACLFilter of the file /goform/formSetACLFilter. The manipulation of the argument... | 8.8 | HIGH | — | 0 |
| CVE-2025-6393 A vulnerability was found in TOTOLINK A702R, A3002R, A3002RU and EX1200T 3.0.0-B20230809.1615/4.0.0-B20230531.1404/4.0.0-B20230721.1521/4.1.2cu.5232_B20210713. It has been classified as critical. Affe... | 8.8 | HIGH | — | 0 |
| CVE-2025-6399 A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component HTTP POST Request H... | 8.8 | HIGH | — | 0 |
| CVE-2025-6400 A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formPortFw of the component HTTP P... | 8.8 | HIGH | — | 0 |
| CVE-2025-5143 The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tableon_popup_iframe_button shortcode in all versions up to, and inclu... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-6402 A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formIpv6Setup of the component HTTP POST R... | 8.8 | HIGH | — | 0 |
| CVE-2025-5289 The 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ and 'mode' parameters in all versions up t... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-3221 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources. | 7.5 | HIGH | — | 0 |
| CVE-2025-3629 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to improper ownership management. | 4.3 | MEDIUM | — | 0 |
| CVE-2025-50699 PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in odms/admin/view-user-queries.php. | 6.1 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.