CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2023-45825 ydb-go-sdk is a pure Go native and database/sql driver for the YDB platform. Since ydb-go-sdk v3.48.6 if you use a custom credentials object (implementation of interface Credentials it may leak into l... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-45826 Leantime is an open source project management system. A 'userId' variable in `app/domain/files/repositories/class.files.php` is not parameterized. An authenticated attacker can send a carefully crafte... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-45992 A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF att... | 9.6 | CRITICAL | — | 0 |
| CVE-2022-42150 TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape. | 10.0 | CRITICAL | — | 0 |
| CVE-2023-27791 An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate privileges via insecure PRNG. | 8.1 | HIGH | — | 0 |
| CVE-2023-30633 An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Regi... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-38584 In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authe... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-40145 In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device. | 8.8 | HIGH | — | 0 |
| CVE-2023-43492 In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authen... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-45376 In the module "Carousels Pack - Instagram, Products, Brands, Supplier" (hicarouselspack) for PrestaShop up to version 1.5.0 from HiPresta for PrestaShop, a guest can perform SQL injection via HiCpProd... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-27792 An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attacker to escalate privileges via lack of permissions applied to sub directories. | 7.8 | HIGH | — | 0 |
| CVE-2023-45821 Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security r... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-45822 Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security r... | 3.7 | LOW | — | 0 |
| CVE-2023-45823 Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security r... | 7.5 | HIGH | — | 0 |
| CVE-2023-43341 Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-43342 Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Languages Menu component. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-43344 Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Meta description parameter in the Pages Men... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-43359 Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Cont... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-43875 Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbna... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-44690 Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py | 7.5 | HIGH | — | 0 |
| CVE-2023-45279 Yamcs 5.8.6 allows XSS (issue 1 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious Java... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-45280 Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary Java... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-41897 Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to... | 8.8 | HIGH | — | 0 |
| CVE-2023-45815 ArchiveBox is an open source self-hosted web archiving system. Any users who are using the `wget` extractor and view the content it outputs. The impact is potentially severe if you are logged in to th... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-45818 TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet pas... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-45819 TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notificatio... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-41895 Home assistant is an open source home automation. The Home Assistant login page allows users to use their local Home Assistant credentials and log in to another website that specifies the `redirect_ur... | 8.8 | HIGH | — | 0 |
| CVE-2023-41898 Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of att... | 8.6 | HIGH | — | 0 |
| CVE-2023-41899 Home assistant is an open source home automation. In affected versions the `hassio.addon_stdin` is vulnerable to a partial Server-Side Request Forgery where an attacker capable of calling this service... | 6.6 | MEDIUM | — | 0 |
| CVE-2023-43340 Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspass... | 5.2 | MEDIUM | — | 0 |
| CVE-2023-43345 Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Content - Name parameter in the Pages Menu compon... | 8.6 | HIGH | — | 0 |
| CVE-2023-44385 The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery. Attackers may send malicious links/QRs to victims that, when visited, will make t... | 8.6 | HIGH | — | 0 |
| CVE-2023-39731 The leakage of the client secret in Kaibutsunosato v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 5.3 | MEDIUM | — | 0 |
| CVE-2023-41893 Home assistant is an open source home automation. The audit team’s analyses confirmed that the `redirect_uri` and `client_id` are alterable when logging in. Consequently, the code parameter utilized t... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-41894 Home assistant is an open source home automation. The assessment verified that webhooks available in the webhook component are triggerable via the `*.ui.nabu.casa` URL without authentication, even whe... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-46115 Tauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which cou... | 8.4 | HIGH | — | 0 |
| CVE-2023-45394 Stored Cross-Site Scripting (XSS) vulnerability in the Company field in the "Request a Quote" Section of Small CRM v3.0 allows an attacker to store and execute malicious javascript code in the Admin p... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-45471 The QAD Search Server is vulnerable to Stored Cross-Site Scripting (XSS) in versions up to, and including, 1.0.0.315 due to insufficient checks on indexes. This makes it possible for unauthenticated a... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-6516 A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to he... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-34052 VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could resul... | 7.8 | HIGH | — | 0 |
| CVE-2023-46277 please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.) | 7.8 | HIGH | — | 0 |
| CVE-2013-3224 The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive inf... | N/A | NONE | — | 0 |
| CVE-2023-40361 SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to the underlying DOMOS system. Every user... | 7.8 | HIGH | — | 0 |
| CVE-2023-27256 Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers. | 5.8 | MEDIUM | — | 0 |
| CVE-2023-5668 The WhatsApp Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'whatsapp' shortcode in all versions up to, and including, 1.0.1 due to insufficient input ... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-10951 A vulnerability was identified in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this vulnerability is the function log_handler of the file ml_logger/server.py. Such mani... | 7.3 | HIGH | — | 0 |
| CVE-2020-36706 The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-40838 Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information. | 7.5 | HIGH | — | 0 |
| CVE-2025-10958 A flaw has been found in Wavlink NU516U1 M16U1_V240425. Impacted is the function sub_403010 of the file /cgi-bin/wireless.cgi of the component AddMac Page. This manipulation of the argument macAddr ca... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-10959 A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. The affected element is the function sub_401778 of the file /cgi-bin/firewall.cgi. Such manipulation of the argument dmz_flag leads to ... | 6.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.