CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-26254 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26255 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26256 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26257 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-15520 The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-0872 Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.This issue affects SafeNet Agent for Windows Logon: ... | N/A | NONE | — | 0 |
| CVE-2026-22892 Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker wit... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-20038 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-20066 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-20078 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-70121 An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request m... | 7.5 | HIGH | — | 0 |
| CVE-2025-70122 A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request. The issue occurs in th... | 7.5 | HIGH | — | 0 |
| CVE-2025-70123 An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setu... | 7.5 | HIGH | — | 0 |
| CVE-2026-26226 beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting (XSS) when rendering attacker-controlled Mermaid diagrams. User-controlled valu... | N/A | NONE | — | 0 |
| CVE-2026-26268 Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent (ie prompt injection) could write to impro... | 8.0 | HIGH | — | 0 |
| CVE-2025-69770 A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a crafted zip file. | 10.0 | CRITICAL | — | 0 |
| CVE-2026-21870 BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (MAC) layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffe... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-20007 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2026-26208 ADB Explorer is a fluent UI for ADB on Windows. Prior to Beta 0.9.26020, ADB Explorer is vulnerable to Insecure Deserialization leading to Remote Code Execution. The application attempts to deserializ... | 7.8 | HIGH | — | 0 |
| CVE-2026-26264 BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0rc4 and 1.4.3rc2, a malformed WriteProperty request can trigger a length underflow in the BACnet stack... | 8.1 | HIGH | — | 0 |
| CVE-2026-26269 Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim bu... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-45291 Rejected reason: reserved but not needed | N/A | NONE | — | 0 |
| CVE-2024-34154 Rejected reason: reserved but not needed | N/A | NONE | — | 0 |
| CVE-2024-34157 Rejected reason: reserved but not needed | N/A | NONE | — | 0 |
| CVE-2025-47915 Rejected reason: reserved but not needed | N/A | NONE | — | 0 |
| CVE-2025-58182 Rejected reason: reserved but not needed | N/A | NONE | — | 0 |
| CVE-2025-58184 Rejected reason: reserved but not needed | N/A | NONE | — | 0 |
| CVE-2025-68124 Rejected reason: reserved but not needed | N/A | NONE | — | 0 |
| CVE-2025-68125 Rejected reason: reserved but not needed | N/A | NONE | — | 0 |
| CVE-2025-68126 Rejected reason: reserved but not needed | N/A | NONE | — | 0 |
| CVE-2025-68127 Rejected reason: reserved but not needed | N/A | NONE | — | 0 |
| CVE-2025-68128 Rejected reason: reserved but not needed | N/A | NONE | — | 0 |
| CVE-2025-15157 The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check... | 8.8 | HIGH | — | 0 |
| CVE-2026-1844 The PixelYourSite PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pysTrafficSource' parameter and the 'pys_landing_page' parameter in all versions up to, and including, ... | 7.2 | HIGH | — | 0 |
| CVE-2026-26273 Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authentication vulnerability exists in Known 1.6.2 and earlier. The application leaks the password reset token within a hidden ... | N/A | NONE | — | 0 |
| CVE-2025-13681 The BFG Tools – Extension Zipper plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.0.7. This is due to insufficient input validation on the user-supplied `fi... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-13973 The StickEasy Protected Contact Form plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.0.2. The plugin stores spam detection logs at a pred... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1912 The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in the 'ctdoi' shortcode in all versions up to, and including, 0.3.2 due to insufficient ... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1983 The SEATT: Simple Event Attendance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing nonce validation on the event de... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2027 The AMP Enhancer – Compatibility Layer for Official AMP Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AMP Custom CSS setting in all versions up to, and including, 1.0.49 du... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-1932 The Appointment Booking Calendar Plugin – Bookr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update-appointment REST API endpoint in... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-14873 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. This is due to the 'ca... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-15483 The Link Hopper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hop_name’ parameter in all versions up to, and including, 2.5 due to insufficient input sanitization and outp... | 4.4 | MEDIUM | — | 0 |
| CVE-2025-6792 The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/guppylite/v2/channel-authorize rest endpoint in ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-0557 The WP Data Access plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpda_app' shortcode in all versions up to, and including, 5.5.63 due to insufficient input saniti... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-0559 The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stm_lms_courses_grid_display' shortcode in a... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-0693 The Allow HTML in Category Descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via category descriptions in all versions up to, and including, 1.2.4. This is due to the plug... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-0727 The Accordion and Accordion Slider plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.5. This is due to the plugin not properly verifying that a user ... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-1901 The QuestionPro Surveys plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'questionpro' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitizati... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1903 The Ravelry Designs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'layout' attribute of the 'sb_ravelry_designs' shortcode in all versions up to, and including, 1.0.... | 6.4 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.