CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2024-53544 NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 was discovered to contain a SQL injection vulnerability via the getCookieNames method in the smarttimeplus/MySQLConnection endpoint. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-56897 Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be made to make unauthorized modifications to th... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-26803 The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-26201 Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attackers to bypass authentication and escalate privileges. | 9.1 | CRITICAL | — | 0 |
| CVE-2024-54820 XOne Web Monitor v02.10.2024.530 framework 1.0.4.9 was discovered to contain a SQL injection vulnerability in the login page. This vulnerability allows attackers to extract all usernames and passwords... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-57026 TawkTo Widget Version <= 1.3.7 is vulnerable to Cross Site Scripting (XSS) due to processing user input in a way that allows JavaScript execution. | 6.1 | MEDIUM | — | 0 |
| CVE-2025-27112 Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication chec... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-27133 WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was discovered in the WeGIA application prior to version 3.2.15 at the `adicionar_tipo_exame.php` endpoint. This vulne... | 8.8 | HIGH | — | 0 |
| CVE-2024-56525 In Public Knowledge Project (PKP) OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-27364 In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. This allows remot... | 10.0 | CRITICAL | — | 0 |
| CVE-2025-27137 Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track allows users with the `SYSTEM_CONFIGURATION` perm... | 4.4 | MEDIUM | — | 0 |
| CVE-2024-57608 An issue in Via Browser 6.1.0 allows a a remote attacker to execute arbitrary code via the mark.via.Shell component. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-25513 Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-27140 WeGIA is a Web manager for charitable institutions. An OS Command Injection vulnerability was discovered in versions prior to 3.2.15 of the WeGIA application, `importar_dump.php` endpoint. This vulner... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-27141 Metabase Enterprise Edition is the enterprise version of Metabase business intelligence and data analytics software. Starting in version 1.47.0 and prior to versions 1.50.36, 1.51.14, 1.52.11, and 1.5... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-27143 Better Auth is an authentication and authorization library for TypeScript. Prior to version 1.1.21, the application is vulnerable to an open redirect due to improper validation of the callbackURL para... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-27144 Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token... | N/A | NONE | — | 0 |
| CVE-2025-1640 A vulnerability was found in Benner ModernaNet up to 1.1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /Home/JS_CarregaCombo?formName=DADOS_PESSOAIS_PL... | 7.3 | HIGH | — | 0 |
| CVE-2025-1641 A vulnerability was found in Benner ModernaNet up to 1.1.0. It has been classified as critical. This affects an unknown part of the file /AGE0000700/GetHorariosDoDia?idespec=0&idproced=1103&data=2025-... | 7.3 | HIGH | — | 0 |
| CVE-2025-1642 A vulnerability was found in Benner ModernaNet up to 1.1.0. It has been declared as critical. This vulnerability affects unknown code of the file /AGE0000700/GetImageMedico?fooId=1. The manipulation o... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-1643 A vulnerability was found in Benner ModernaNet up to 1.1.0. It has been rated as problematic. This issue affects some unknown processing of the file /DadosPessoais/SG_AlterarSenha. The manipulation le... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-1644 A vulnerability classified as problematic has been found in Benner ModernaNet up to 1.2.0. Affected is an unknown function of the file /DadosPessoais/SG_Gravar. The manipulation of the argument idItAg... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-1645 A vulnerability classified as critical was found in Benner Connecta 1.0.5330. Affected by this vulnerability is an unknown functionality of the file /Usuarios/Usuario/EditarLogado/. The manipulation o... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-1646 A vulnerability, which was classified as critical, has been found in Lumsoft ERP 8. Affected by this issue is some unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx of the component AS... | 7.3 | HIGH | — | 0 |
| CVE-2025-1063 The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.4 via the rtcl_taxono... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-1128 The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file typ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-1648 The Yawave plugin for WordPress is vulnerable to SQL Injection via the 'lbid' parameter in all versions up to, and including, 2.9.1 due to insufficient escaping on the user supplied parameter and lack... | 7.5 | HIGH | — | 0 |
| CVE-2024-13494 The WordPress File Upload plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.25.2. This is due to missing or incorrect nonce validation on the 'wf... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-1674 A lack of input validation allows for out of bounds reads caused by malicious or malformed packets. | 8.2 | HIGH | — | 0 |
| CVE-2025-1675 The function dns_copy_qname in dns_pack.c performs performs a memcpy operation with an untrusted field and does not check if the source buffer is large enough to contain the copied data. | 8.2 | HIGH | — | 0 |
| CVE-2024-13693 The Enfold theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check in avia-export-class.php in all versions up to, and including, 6.0.9. This makes it possib... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-13695 The Enfold theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.9 via the 'attachment_id' parameter. This makes it possible for authenticated atta... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-1262 The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . This makes it possible for unauthenticated attackers to bypass the Built-in ... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-12424 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-24592. Reason: This candidate is a reservation duplicate of CVE-2025-24592. Notes: All CVE users should reference C... | N/A | NONE | — | 0 |
| CVE-2024-34034 An issue was discovered in FlexRIC 2.0.0. It crashes during a Subscription Request denial-of-service (DoS) attack, triggered by an assertion error. An attacker must send a high number of E42 Subscript... | 5.7 | MEDIUM | — | 0 |
| CVE-2024-34035 An issue was discovered in O-RAN Near Realtime RIC H-Release. To trigger the crashing of the e2mgr, an adversary must flood the system with a significant quantity of E2 Subscription Requests originati... | 5.7 | MEDIUM | — | 0 |
| CVE-2026-6844 A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable F... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-6845 A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially cr... | 5.0 | MEDIUM | — | 0 |
| CVE-2026-6846 A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker co... | 7.8 | HIGH | — | 0 |
| CVE-1999-0565 A Sendmail alias allows input to be piped to a program. | N/A | NONE | — | 0 |
| CVE-2026-4190 A vulnerability was detected in JawherKl node-api-postgres up to 2.5. This impacts the function User.getAll of the file models/user.js. The manipulation of the argument sort results in sql injection. ... | 7.3 | HIGH | — | 0 |
| CVE-2026-4191 A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path.extname of the file index.js of the component Profile Picture Handler. This manipulation causes unrestricte... | 7.3 | HIGH | — | 0 |
| CVE-2026-6848 A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be ... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-4192 A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command injec... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-33257 An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-26948 Missing Authorization vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-5020 A vulnerability was detected in Totolink A3600R 4.1.2cu.5182_B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The man... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-26966 Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino PrivateContent private-content.This issue affects PrivateContent: from n/a through <= 8.11.5. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-11955 A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argumen... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-21626 GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive information from the `status.php` endpoint. Versio... | 5.8 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.