CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2024-27348 RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version... | 9.8 | CRITICAL | KEV | 0 |
| CVE-1999-0577 A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories. | N/A | NONE | — | 0 |
| CVE-2024-6670 In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-38226 Microsoft Publisher Security Feature Bypass Vulnerability | 7.3 | HIGH | KEV | 0 |
| CVE-2017-1000253 Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability wa... | 7.8 | HIGH | KEV | 0 |
| CVE-2016-3714 The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code v... | 8.4 | HIGH | KEV | 0 |
| CVE-2025-25129 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Callback Request allows Reflected XSS. This issue affects Callback Request: from n/a thro... | 7.1 | HIGH | — | 0 |
| CVE-2024-7262 Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows libra... | 7.8 | HIGH | KEV | 0 |
| CVE-2021-20124 A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerabilit... | 7.5 | HIGH | KEV | 0 |
| CVE-2021-20123 A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vul... | 7.5 | HIGH | KEV | 0 |
| CVE-2024-39717 The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-... | 7.2 | HIGH | KEV | 0 |
| CVE-1999-0402 wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself. | N/A | NONE | — | 0 |
| CVE-2021-31196 Microsoft Exchange Server Remote Code Execution Vulnerability | 7.2 | HIGH | KEV | 0 |
| CVE-2012-4122 The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669. | N/A | NONE | — | 0 |
| CVE-2012-4141 Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and ... | N/A | NONE | — | 0 |
| CVE-2013-2808 Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management s... | N/A | NONE | — | 0 |
| CVE-2013-3610 qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request. | N/A | NONE | — | 0 |
| CVE-2013-3627 FrameworkService.exe in McAfee Framework Service in McAfee Managed Agent (MA) before 4.5.0.1927 and 4.6 before 4.6.0.3258 allows remote attackers to cause a denial of service (service crash) via a mal... | N/A | NONE | — | 0 |
| CVE-2025-14733 An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-45779 An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted o... | 6.0 | MEDIUM | — | 0 |
| CVE-2024-45780 A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's po... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-1801 A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue poten... | 8.1 | HIGH | — | 0 |
| CVE-2024-41770 IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information. | 7.5 | HIGH | — | 0 |
| CVE-2024-41771 IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information. | 7.5 | HIGH | — | 0 |
| CVE-2024-43169 IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code. | 8.8 | HIGH | — | 0 |
| CVE-2024-55570 /api/user/users in the web GUI for the Cubro EXA48200 network packet broker (build 20231025055018) fixed in V5.0R14.5P4-V3.3R1 allows remote authenticated users of the application to increase their pr... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-27498 aes-gcm is a pure Rust implementation of the AES-GCM. In decrypt_in_place_detached, the decrypted ciphertext (which is the correct ciphertext) is exposed even if the tag is incorrect. This is because ... | N/A | NONE | — | 0 |
| CVE-2025-0555 A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls ... | 7.7 | HIGH | — | 0 |
| CVE-2025-24023 Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when... | 3.7 | LOW | — | 0 |
| CVE-2025-25185 GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft li... | 7.5 | HIGH | — | 0 |
| CVE-2025-27419 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Denial of Service (DoS) vulnerability exists in WeGIA. This vulnerability allows any unauthenticated u... | 7.5 | HIGH | — | 0 |
| CVE-2013-3951 sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users ... | N/A | NONE | — | 0 |
| CVE-2024-45782 A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properl... | 7.8 | HIGH | — | 0 |
| CVE-2025-0678 A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, how... | 7.8 | HIGH | — | 0 |
| CVE-2025-25301 Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoint takes a URL query parameter that allows an image to be fetched, processed and returned. An attacker m... | 7.5 | HIGH | — | 0 |
| CVE-2025-25302 Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to t... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-25303 The MouseTooltipTranslator Chrome extension allows mouseover translation of any language at once. The MouseTooltipTranslator browser extension is vulnerable to SSRF attacks. The pdf.mjs script uses th... | N/A | NONE | — | 0 |
| CVE-2025-27421 Abacus is a highly scalable and stateless counting API. A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events (SSE) implementation. The issue occurs whe... | 7.5 | HIGH | — | 0 |
| CVE-2025-27422 FACTION is a PenTesting Report Generation and Collaboration Framework. Authentication is bypassed when an attacker registers a new user with admin privileges. This is possible at any time without any ... | 7.5 | HIGH | — | 0 |
| CVE-2025-20021 in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. | 3.3 | LOW | — | 0 |
| CVE-2025-1877 A vulnerability, which was classified as critical, was found in D-Link DAP-1562 1.10. This affects the function pure_auth_check of the component HTTP POST Request Handler. The manipulation of the argu... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-1878 A vulnerability has been found in i-Drive i11 and i12 up to 20250227 and classified as problematic. This vulnerability affects unknown code of the component WiFi. The manipulation leads to use of defa... | 3.1 | LOW | — | 0 |
| CVE-2025-25967 Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as account deletion or ... | 8.8 | HIGH | — | 0 |
| CVE-2025-27499 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the processa_edicao_socio.php endpoi... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-27500 OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint(/api/upload) on the admin panel can be accessed without any form of authentication. This endpo... | 8.2 | HIGH | — | 0 |
| CVE-2025-1890 A vulnerability has been found in shishuocms 1.1 and classified as critical. This vulnerability affects the function handleRequest of the file src/main/java/com/shishuo/cms/action/manage/ManageUpLoadA... | 6.3 | MEDIUM | — | 0 |
| CVE-2013-0641 Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in ... | 7.8 | HIGH | KEV | 0 |
| CVE-2011-1889 The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2026-4319 A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/add-item.php. Such manipulation of the arg... | 7.3 | HIGH | — | 0 |
| CVE-2026-4355 A vulnerability was detected in Portabilis i-Educar 2.11. This impacts an unknown function of the file /intranet/educar_servidor_curso_lst.php of the component Endpoint. Performing a manipulation of t... | 3.5 | LOW | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.